Showing posts with label Tutorial. Show all posts
Showing posts with label Tutorial. Show all posts

Wednesday, April 29, 2015

Cost-benefit is all well and good, but does it work? Does the technology yield results?

It really doesn't look like it. Here's the thing. If you're willing to take a few fairly simple precautions, you can and will be able to avoid NSA, GHCQ, or cranked-out Russian teenager surveillance for sensitive communications. People who really need to hide from the U.S. Government, generally already do. It is possible to avoid the BitLocker key escrow/ password reset backdoor by powering on your machine on an offline connection and disabling that section of the backup software. Off-The-Record messaging, which uses a different key for every chat session and thus any intercepted key is only useful for a single conversation, has been widely available for a very long time and can be applied to any messaging protocol. The most dangerous people are already capable of avoiding mass surveillance. What it comes down to is a choice. Do we want these products, which are not going anywhere, to be protecting innocent people as well as they do soldiers, journalists, victims and criminals, or do we want to leave innocents exposed by leaving known problems in critical infrastructure in order to mostly fail to track criminals?

Cost-benefit is all well and good, but does it work? Does the technology yield results?

2:50 PM , , , ,

Sunday, April 26, 2015

4 Basic System Management - Rooting

This section is mostly for people who have to use "Modified Stock" ROM's instead of Free and Open Source ROM's, and only if the Modified Stock ROM doesn't come with the phone owner in control of the administrative account. It is mostly included to discuss the issues surrounding rooting and because it is required for those who wish to de-bloat a Stock system without compiling Android from source code for their device. Rooting also allows you to use certain applications to block applications from sending information using elevated permissions and a firewall.

What Is Rooting for the Purposes of our Discussion?

For the purposes of this set of instructions, Rooting is a necessary step in the process of assuring you are in complete control of the what the programs on your device do at all times. It is the process of obtaining full, administrative privilege over your devices settings, and contents. This is necessary because many of Android's features are used to transmit data back to various parties concerned with the operation of your device, like the manufacturer or Google. Even if the information is never misused by those parties, it can easily be eavesdropped upon from many locations in the network by unscrupulous characters and as such should be disabled on any phone used for sensitive communication.

Why you should understand rooting

Why rooting is a security risk and why you should do it anyway: Every root guide you will read will disclaim the security risks of rooting to you, but not every security guide will disclaim what those risks actually are. Sometimes, that's because the risks are so low, relatively speaking, that the people adapting the root exploits are not aware of them. There are only 2 risks really associated with rooting your device.

  1. When you root your device, you must take full responsibility for the contents of your device. When you install an app which uses root to it's advantage, it will be capable of asking you for root privileges in order to take advantage of system-wide permissions. If those apps are malicious, then they will ask you for those same permissions and there is very little way to tell. Rooting gives you control, but with power comes the ability to make mistakes. Without rooting, one must accept the mistakes left behind by the manufacturer.
  2. Root apps are just root exploits without malicious mechanisms. In order to root your phone, you'll have to execute an exploit(A "Hack" in the common parlance) which gives you the ability to change system-wide settings on your phone. Those same exploits can be embedded in malicious apps which will attempt to root your phone and give control not to you, but to some remote agent. Only use root apps which are widely reviewed and reputable, such as TowelRoot, and only if you cannot install a pre-rooted ROM.

Stuck with a Stock ROM? You should still root if you can. Do it this way

It is also possible to root your device without trusting an app by executing the so-called "Master Key" exploit from your computer with your phone plugged in. In order to do this, you'll need to use a GNU+Linux computer with the Android Debug Bridge and Android Asset Packaging Tool installed.

  1. First, download the mkbreak generic exploit for the Master Key from the source code repository as github. mkbreak by Saurik
  2. Unzip the file and open a terminal in the mkbreak-master directory.
  3. Run the command ./doit.sh and follow the text instructions displayed in the terminal.
Appendix 4
  • Upkeep:
  • Notes:

Rooting: Doable Privacy Instructions for Android Part Five

12:51 PM , , ,

Thursday, April 23, 2015

3 Basic System Management - App Store

  1. The Problem with the Play Store many people advocate the use of the Google Play Store for a few of it's advantages. The Google Play Store lets app developers sign their apps using their own cryptographic signatures, for one, which many app stores do not. It also sometimes receives updates before other app stores do. However, those pale in comparison with it's disadvantages. The first and foremost disadvantage is the seemingly total lack of meaningful auditing of the apps that are included in the Play Store. On a single search for a more-or-less benign term like "Chess Game" it is possible to find half a dozen instances of apps that ask for inappropriate or excessive permissions in order to track users. These anti-features are not explicitly listed and they are frequently deliberately surreptitious. There are other real problems with the Play Store and Google's services in general as well, including backdoors which allow Google to install and remove applications from your device without your consent or knowledge. If you installed a Free and Open-Source ROM for your device, you've already rid yourself of the Play Store and now you can move on to something better.
  2. The Safe Alternative: F-Droid is an app store which was created partly to deal with the problems surrounding Google Play by the Free Software Community. It is much more selective about the apps it will include, meaningfully auditing the code for malicious inclusions and anti-features. Anti-Features which don't disqualify an app from being included in F-Droid must be explicitly listed in the app's description in order to allow the user the oppourtunity to make a conscious decision to use that app or not. Using F-Droid means you are much less likely to receive a malicious app or update from your app store. Installing F-Droid will require you go into your phone's settings and enable installing apps from "Untrusted" sources.

How to Install F-Droid

*First, Enable Installation from "Untrusted" Sources. * Out-of-the-box, your device "Trusts" applications which Google Play Services "Trusts," which we've already seen means your phone trusts the vast majority of malicious apps already. In this step, we're going to enable you to install apps which aren't trusted by Google Play Services but which provide their own trust mechanism through F-Droid. Security-Conscious users should carefully judge apps they install on their own merit, and not upon the trust that Google places in them.

  1. Open your device's "Settings" app from the App Menu.
  2. Tap the "Applications" menu in the "Settings" app
  3. Tap "Enable Installation from Unknown Sources"
  4. When warned, click OK.

Next, Download and Install F-Droid from the Web Site

  1. Open the "Browser" app from the App Menu
  2. Navigate to https://www.f-droid.org
  3. Click the big blue button that says "Download F-Droid." It should only take a few seconds.
  4. In your Downloads menu click "f-droid.apk" and install the app.
  5. Open F-Droid from the App Menu to to access the app.
Appendix 3
  • Upkeep: The focus of F-Droid is to put control of the device's features into the hands of the person who owns and uses the device. To that end, it will inform the user of when an update is available, but it will not install that update automatically. When using F-Droid to obtain security software, as you should, you should make sure to review and install updated versions of the apps as they become available.
  • Notes: You should still avoid installing anything unnecessary, even though F-Droid provides reasonable assurance apps are not created with malicious intent, code is hard to create and vulnerabilities are easy to implement by accident in even the best of circumstances. Judgment will always be key to serious security.
  • Developers/Aspiring Developers: F-Droid is a responsive, vibrant community for people who want to publish Free and Open Source apps for Android. If you're a developer, I encourage you to consider informing F-Droid of your Free Software application and asking them to consider including it. Usually, the process is only a matter of a few days and making F-Droid better makes the world a safer place for Android users.

Choosing your App Store: Doable Privacy Instructions for Android Part Four

12:49 PM , , ,

Sunday, April 19, 2015

2 Basic System Management - Device Encryption

Goal: Make it prohibitively difficult for an attacker who can physically access your device to read, copy, or alter the data on your device.

This part is comparatively easy and self-explanatory. Android and related Operating Systems have the ability to encrypt the disk which contains the system, software, user data, and similar sensitive information. Encryption accomplishes 2 tasks.

  • First encryption hides the contents of the storage device by scrambling the information on it in accordance with a private key. When you enter your password, you unlock that private key, which tells the system how to de-scramble the information on the storage device. This keeps people from reading your files.

  • Second: partly as a consequence of the first step and partly as a result of design and review in the encryption field, encryption also guarantees that your data hasn't been altered by someone who manipulated your disk from within a running Operating System on another device, and keeps code from being injected in that manner.

Configuring Device Encryption

The best time to encrypt your phone is when it is 1: Fully Charged, 2: Plugged in to a Power Source, and 3: Mostly Unused. This will result in the fastest, most reliable encryption process.

Enable Password

  1. Open your device's "Settings" app from the App Menu.
  2. Tap the "Security" menu in the "Settings" App.
  3. Tap either "PIN" or "Password" to set the password to unlock your device.

When your device goes to sleep, the password will be required to unlock the device.

Enable Encryption

  1. Go back to the "Settings" App.
  2. Tap the "Security" menu.
  3. Tap "Encrypt Phone" or "Encrypt Tablet" depending on your device.

Now when your device goes to sleep, it relinquishes the encryption keys until you re-enter the password you set previously.

Appendix 2
  • Upkeep: This pretty much "Just Works" and shouldn't change much, and if it does, it's because something way bigger than you happened. You should remember that without the password, encryption is one-way and cannot be reversed. Don't forget your password.
  • Notes: Ideally, you would set two passwords, one to turn the device on, and one to unlock it from sleep mode. This is because each time you enter the password, there is a chance that someone or something is watching which might observe you entering it. A secondary password would keep such an observer from being able to use the screen-unlock password to attack a powered-down device. Since this is not supported in the operating system, keep your disk encrypted but use a second layer of encryption and passwords for sensitive information like the Instant Messengers and Encrypted Notepads we will discuss later.
Appendix 2a, Encryption Vocabulary

Codes and Ciphers

  • Code: A "Code" is a way of representing information for a specific purpose. There are codes which are intended to be readable, like Morse Code or computer programming languages, and there are codes that are intended to be unreadable, so-called "Secret Codes" which can be created in many ways. This article mainly deals in when and where you.
  • Encryption: "Encryption" is the use of mathematics to obscure the content of a message except to it's intended recipient. That intended recipient has in his or her possession a "key," a unique piece of knowledge that is required to unlock the contents of a message. As a side-effect of the key's uniqueness, it can also verify that a message came from the recipient. This process is what is referred to as a digital signature.
  • Key-Pair: Encryption programs generate what are called "Key-Pairs", which are composed of a public and private(sometimes called secret) key. When you generate a key-pair you distribute the public key to people who you want to communicate with. This allows them to encrypt messages and send them to you, and to verify your signature on a message and thus that the message came from you. A private key can be used to sign a message or decrypt a message which was encrypted by the sender with the corresponding public key.
  • Ciphertext: "Ciphertext" is the encrypted text of a message. When you use a public key to encrypt a message, the output is the ciphertext. The private key can then be used to decrypt the message.
  • Cipher: A "Cipher" is the description of the algorithm used to generate the public and private keys and to encrypt and decrypt messages using those keys.
  • Steganography: "Steganography" is the process of concealing the presence of a message from people entrusted to transport it. Concealing information in an image, for instance, is a means of using steganography.
  • Somewhat like Steganography, it is advisable to conceal the intended meaning of any potentially dangerous terms even in ciphertext in case a private key is compromised. This is no different from slang. You have an ounce of T-shirts you wanna roll up and smoke.

Addressing and Transport

  • Client: A "Client" is a program that you run on your computer to connect to a communications network. Your web browser, ChatSecure, TextSecure, RedPhone, and AnTox are all client programs for connecting to communications networks.
  • Server: A "Server" is a program that runs on another computer that you connect to with a client. Facebook mostly runs on a Server which is accessed through the client, which is the web interface in your web browser
  • Address: An "Address" is a piece of information that represents the destination of a message. It is also a type of "Metadata," which is information about a message not necessarily related to the content itself. Your address can, but does not have to, give away your location when you send or receive messages. That is what Tor is for, and some forms of peer-to-peer communication offer this type of protection as well.
  • Peer-To-Peer: "Peer-To-Peer" refers to methods which require no intervention on the part of a central authority or service provider, such as Facebook or Google. AnTox and Tor Hidden Services are peer-to-peer networks which can be used for communication without central authorities.
  • "End to End: Peer-to-peer encryption is also referred to as "End-To-End" encryption, and refers to encryption schemes where only the concerned parties are involved in the encryption and decryption process. This means that even if information is stolen in transit, it's meaning cannot be revealed by downgrading the strength of the encryption while the eavesdropping occurred.

Device Encryption: Doable Privacy Instructions for Android Part Three

12:45 PM , , ,

Thursday, April 16, 2015

1 Getting Started: The Bare-Minimum you need to know about Computers

Goal: Remove as many pre-existing vulnerabilities as possible and take control of the device in question from the manufacturer who really controls it.

  1. Computer Hardware and Operating Systems The modern computer is possible as a consequence of the mathematical discovery of what has come to be known as "Turing Completeness," or that from a basic set of functions a machine can be built which can be programmed to perform any kind of calculation. However, Turing instructions are very simple and modern computers provide many ease-of-use layers between the person operating the keyboard and the actual hardware. The first of these are more-complex Instruction Sets used on modern chips, which are provably equivalent to Turing instructions(An engineering property also known as Turing-Completeness) but perform multiple Turing operations in a single step. This also allows your computer to run faster and more efficiently as well. The advantage of these systems is that they are fairly difficult to alter, even if they are vulnerable, it is likely that there would need to be a backdoor in the Operating System as well in order to trigger a vulnerability in the hardware, because an always-on vulnerability would visibly leak information as it was transmitted. The next layer of importance is the Operating System, which provides an interface for people to write the programs you use from day to day like your web browser or your word processor. The operating system does this by providing small, efficient programs which pass messages to each-other in order to process them in the correct order.

  2. Get Updates You should always install the latest security updates for you operating system in order to deal with potential Operating System bugs that can introduce vulnerability. For instance, A program manages the speaker, and when you play a sound a "Stream" of information is passed to that program which it then uses to instruct the speaker. An example of a potential exploit which could make a computer vulnerable would be if a specific stream of information overflowed the memory the speaker program has reserved, which would allow an attacker to put information into the memory area adjacent to the speaker program. If that memory area is scheduled to run a program, the attacker has taken control of that process on your computer. Many exploits follow this pattern of injecting malicious code into a program which has permission to run it. These kinds of vulnerabilities are usually honest mistakes that are patched after being discovered in accordance with your Operating System Update Policy.

  3. Stick to Free and Open Source Operating Software Wherever Possible There's a good chance that your device manufacturer has a sub-sufficient Operating System Update Policy. If at all possible, you should find a Free and Open Source ROM(The Android word for an Operating System) to put on your device. The reason for this is twofold, for one thing, by using a Free and Open Source ROM you can be reasonably guaranteed that your Operating System does not contain a deliberate backdoor or vulnerability because you can, at any time, review the instructions that make up the operating system. The most popular Free and/or Open Source ROM's are CyanogenMod, Replicant, OmniROM, and these are capable of receiving updates from the Operating System developers. If your device isn't officially supported by one of these ROM's, you can either find someone who has ported a Free and Open Source ROM to your device on a site like XDA-Developers, use that ROM, and actively contribute reports of your
    bugs, or financially support the independent development of Free-and-Open-Source support for your device, or take your chances with a "de-bloated Stock ROM" which may be better than using a Free and Open Source ROM which isn't being actively developed. The install procedure for your device may vary, but chances are that you'll find instructions at XDA-Developers.

Appendix 1
  • Upkeep: It's important to keep up with the community that develops software updates for your phone. If you have an officially supported CyanogenMod, Replicant, or OmniROM phone, it's easy, just check in to their respective websites at CyanogenMod, Replicant, OmniROM and make sure to follow any of the security update procedures they may announce. Most of the time, updates will require little more than a re-boot. If you use an unofficial ROM, you should bookmark the XDA-Developers thread where your ROM is released and discussed. Check back in every few days. If you want, you can create an account at XDA-Developers and subscribe to the thread to get e-mail updates and participate in the development as well. Also, developers are human. If you hear about an Android vulnerability and it concerns you, politely and intelligently asking about it in the thread will help call attention to it and make fixes and feedback more likely.
  • Notes: Firmware Blobs are pre-compiled proprietary binary software which is required to operate a specific component on your device, like a Wi-Fi chip or a Camera. Basically every single tablet, phone, or mobile device requires several of these blobs to operate. This is unfortunate because they can contain backdoors and I would strongly suggest that their use be avoided entirely if at all possible, but it is unlikely that this will be possible. It is also unlikely that all firmware blobs contain such backdoors and it's also unlikely that these backdoors would be triggered lightly, as when it became active it's transmissions would become visible. Demand cooperation with Free and Open Source driver and firmware developers from manufacturers whenever possible.

Obtaining Free Software: Doable Privacy Instructions for Android Part Two

12:42 PM , , ,

Wednesday, April 15, 2015

To do this project, all you'll need is a 3.5mm Floppy Disk and a cheap digital camera. A digital camera in a super cheap phone could easily be suitable, we'll get to why cheap is important in a second, but for right now I'm going to address that double take you're doing. A Floppy Diskette? Yes, a floppy Diskette. While not much use as a storage medium anymore, it does have the useful property of blocking most visible light while allowing most infrared light to pass through. But most companies have discontinued manufacturing of floppy diskettes, and they can be a little hard to come by. Any of the following links might die when supplies run out.

You will need to get ahold of the clearest packing tape you possibly can, the kind they use as a sort of ad-hoc way to laminate shipping labels. The clearer and thinner the better. This Shurtape PP-803 is some of the clearest and thinnest I've used, but I have no reason to think it is the best other than my anecdotal experience. This might be useful information to have on-hand.

You should also have a small pair of sharp scissors, and a pair of tweezers will help you keep from getting fingerprints on the filter you will be building.

Additionally, disclaiming the title, don't rely on me for real counter-surveillance tips. If you need that, you'd be much better off getting your information from the Electronic Frontier Foundation, The Guardian Project, The Tactical Technology Collective, or another similar organization who makes it their mission to protect people from the dangerous erosision of privacy we're experiencing. I write these articles because they're enjoyable and I hope they are informative, but I can't save your life with a blog. So, as always, grain of salt.

Why You Shouldn't Use Old Floppy Disks For This Project

The history of computing is important, and much of it is housed on fragile, obsolete media like ancient cellophane tapes and thin magnetic film slices. This data can be precious in unexpected ways, sometimes even valuable. If you must recycle an old floppy disk for this project, you should back up the information on it first as a disk image, then upload it to a server of your choice for safekeeping. Do not commit copyright infringement, don't share anything you're not allowed to by your terms of ownership, but don't let the information go to waste.

If you need a floppy drive to do your backups with, external drives are really cheap these days.

Out of the Pulpit, on to the Practical

So you wanna know something else neat about floppy disks? They block out almost all visible light, but they let almost all Infrared light through. They aren't perfect infrared filters, but they work great for detecting certain types of Infrared Security Cameras. How? Well it's actually pretty simple.

First, find a suitable phone and set it up.

The first thing you're going to need is a digital camera of some kind, with a low-end Infrared Filter which doesn't attempt to filter out any more than the average, ambient ultraviolet light given off by say, the sun. This means that cheaper, older cameras can be recycled and put to this use fairly easily, as well as cameras in cheap smartphones and even feature phones if they support increased exposure. In order to test your camera's IR filter, get a remote control with fresh batteries and go into a dark room. Press buttons on the remote while taking a picture with the camera. If you see a bright purple flash in the picture, congratulations! You have a phone with a suitable Infrared filter.

Now that you have your camera, turn the "Exposure" setting up as high as it will go. If you can change the default settings, you may just want to make maximum exposure the default setting. Now set it aside for later.

Second, get the required piece of the Floppy Diskette

Next, get one of your floppy diskettes and hold it flat by either side. Gently bend it until you hear the sound of the glue cracking in each of the corners of the diskette. Pull off the metal protective plate from the diskette and carefully remove the film material within. Carefully cut a slice of the material which is just large enough to cover the lens of the camera from a section which your fingers have not touched. Pick the slice up with your tweezers and place it on a clean sheet of paper and set it to the side.

Third, apply the Floppy Diskette to the Camera Lens

Put your camera flat on the table with the lense facing up. Pick up the slice of floppy diskette material and place it on the lense. Pull some tape off the roll, then use your scissors to cut a clean section, devoid of oil and dust as much as possible. Quickly use the tape to secure the floppy diskette material to the lens of the camera. Press it down firmly and then wipe the surface with a clean towlette.

And there you have it. Now the camera will, as near as makes no matter, only detect light from the Infrared spectrum. On to why that's important:

Why it works

Because security cameras that need to operate at night have to find a way to illuminate the field without introducing light pollution or informing uncareful persons of their presence. In order to do this, they use these big arrays of infrared LED's which illuminate an area with Infrared light, which they then use to produce the security image. We use this to our advantage by using it to detect the presence of the Infrared emitter by making it the most visible light source in our field of vision. Hold your camera up and look for purple-to-white areas of light. Those are Infrared emitters, usually indicative of IR photography nearby.

For more information on Infrared Hacking, visit my project blog for ig88ROM at ig88rom.github.io.

Infrared Detection for Beginners(On the Cheap)

1:01 PM , , , , ,

Monday, April 13, 2015

Android devices are inexpensive, highly capable computers which are easy to purchase discreetly, even though their out-of-the-box privacy leaves something to be desired. This makes them extremely useful to modify into more fully fledged single-purpose computers, and it is possible to use them as tiny servers or even as the basis for computing clusters. In order to do this, however, the most essential thing you need to know how to do is how to run applications at boot time, and some of the applications you might want to run as their native versions and not as Android APK's, for example an SSH server like Dropbear or OpenSSH or a networking stack like cjdns. Unfortunately, all the Android variants have slightly different ways of launching startup scripts. Here, hopefully, is how to find yours and use it to launch an ssh server, so you can take control of your phone via SSH instead of ADB in order to use our phones to do USB tethering without having to install ADB on the host computer.

Requirements:

  • A rooted Android device, newer ones work more reliably
    AND
  • A desktop or laptop PC running a copy of the Android SDK
    OR
  • A Terminal Emulator application
    AND
  • An app you want to run as an init script on your Android system, for example, Dropbear. For instructions compiling Dropbear for Android, see this excellent tutorial

You'll need to push dropbear into a folder in the PATH. To push "dropbear" to the Android device after compiling:

    adb shell 'mount -o remount,rw /system'
    adb shell 'chmod o+w /system/etc'
    adb push dropbear /system/bin/dropbear
    adb shell 'chmod o-w /system/etc'
    adb shell 'mount -o remount,ro /system'

This tutorial is written assuming you are executing all these functions on a PC with the Android SDK.

The Concept

Operating Systems of all types must contain a mechanism for starting essential programs when the system is booted. These programs are things like desktop environments and service daemons and on DOS and older versions of Windows for example, the programs that were launched at boot time were run by "C:/autoexec.bat". On the best Operating Systems, however, these applications are launched by the so-called "init system," which exposes an easy to use, regular interface for adding scripts to be run when the system is launched. Android uses a script-based init system, which makes our lives a little easier. In order to add your own programs or scripts to run at boot you will have to do one of two things.

  1. Add your custom scripts to the init system and, if necessary, the boot image.
  2. Hijack another init script by adding your own code and use it to launch your own script.

Stock ROM's

Stock ROM's are the hardest ones to run startup scripts on, because they tend to use many different ways of launching thier startup scripts. In order to track down clues as to your Android device's way of handling initialization, run the following command.

    adb shell 'ls -l /etc'

This will most likely indicate that /etc/ is a symbolic link to the /system/etc/ directory. Once this is clear, re-mount the /system partition as read-write and add write permissions to the /system/etc/ directory.

    adb shell 'mount -o remount,rw /system'
    adb shell 'chmod o+w /system/etc'

Now you have the ability to read and write the files in the /system/etc/ directory. Once you've done that, you need to locate the other init scripts that have already been set up. You will modify one of these files to also run your init script.

    adb shell 'find /etc -name "*rc"'
    adb shell 'find /etc -name "init*"'

These files search for candidates which might be init scripts. You might see the directory /system/etc/rc.d/, /system/etc/init.d, or /system/etc/init.rc, these are all possible places where you might be able to embed the launcher for your application. You'll need to pick one of those files and, at the end, add a line which starts your application.

    adb shell 'echo "dropbear -s -g" >> /path/to/initscript'

Finally, re-mount the system as remove write permissions from the /eystem/etc/ directory and make /system read-only.

    adb shell 'chmod o-w /system/etc'
    adb shell 'mount -o remount,ro /system'

Android Open Source Project

In order to add your startup script to a running AOSP ROM, you need to overwrite the init.sh file and add the new script to the /boot partition. In order to do this, you absolutely need a PC, preferably running GNU/Linux. The first step you need to undertake is to back up your /boot partition.

Find your partitions by examining /proc/mtd(Preferably. Sometimes it doesn't exist, but that's a whole article in and of itself.)

    adb shell 'cat /proc/mtd'

It will show something like this, which tells you alot of information about the device's partition table. Look for the line that says "boot" in the name column and make a note of the device in the "dev" column.

    dev:    size   erasesize  name
    mtd0: 00040000 00020000 "misc"
    mtd1: 00500000 00020000 "recovery"
    mtd2: 00280000 00020000 "boot"
    mtd3: 04380000 00020000 "system"
    mtd4: 04380000 00020000 "cache"
    mtd5: 04ac0000 00020000 "userdata"

Now that you know where the boot image is, (On GNU/Linux) run

    adb shell 'cat /dev/mtd/mtd2' > ./boot.img

to put the contents of the boot partition into an image file in the current directory.

Now, Download this script called "split_bootimg.pl" and use it to extract the ramdisk from boot.img

    wget https://gist.githubusercontent.com/jberkel/1087743/raw/5be96af0e1c1346678379b0c0f0330b71df51f25/split_bootimg.pl
    ./split_bootimg.pl boot.img

Now that you have the two files you need backed up, you need to unpack the img-ramdisk.gz file. to do this, you need to create a new directory, change into it, and unzip the boot.img file in the new directory. On GNU/Linux, run the following commands from the directory containing boot.img.

    mkdir boot && cd boot
    gunzip -c ../img-ramdisk.gz | cpio -i

Now you have access to the files in the ramdisk and can change and repack them. Find the file named "init.rc" and add your script to it's contents. Finally, re-pack the boot image and flash it to the boot partition of the device.

    mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel boot.img-kernel --ramdisk ramdisk-new.gz -o boot-new.img

Upon restarting, your device will now start the application when the phone is booted up.

CyanogenMod, OmniROM, and Replicant

CyanogenMod-Based Android ROM's are the easiest to modify, and even come with an accessible mechanism for setting scripts to run after the system is booted. CyanogenMod keeps a file called "20userinit" in it's /etc/init.d/ directory. This directory contains files that are executed sequentially when the system boots up, and you could easily add the script that launches your app here, but have a look at the contents of 20userinit.(Comments do not exist in original version, I added them to explain what the code is doing for people unfamiliar with shell scripting.)

View the contents of /etc/init.d/20userinit"

    adb shell "cat /etc/init.d/20userinit"

You will see:

    if [ -e /data/local/userinit.sh ];  # Test if there is a file at /data/local/userinit.sh
    then    # Only if the file exists, execute the following code
        log -p -i -t userinit "Executing /data/local/userinit.sh";  # Mark this event in the log
        busybox chmod +x /data/local/userinit.sh;   # Use busybox to make the script executable
        logwrapper /system/bin/sh /data/local/userinit.sh; # Add the output of the userinit.sh script to the log
        setprop cm.userinit.active 1;   # set the CyanogenMod Userinit Active property to true
    fi; # Close if statement

In a nutshell, /etc/init.d/20userinit will run the script /data/local/userinit.sh, if it exists, which can in turn be used to launch apps by providing their path and options. So in essence, CyanogenMod has left you a way to add your own scripts to run after you boot by adding them to this file. In order to write to this file, use the terminal to direct the output of the echo command. Remember that ">" starts over at the beginning of the file, and will overwrite any previous contents, and that ">>" appends the echoed string into the end of the file without overwriting the contents.

    adb shell 'echo "" > /data/local/userinit.sh'
    adb shell 'echo "" >> /data/local/userinit.sh'
    adb shell 'echo "" >> /data/local/userinit.sh'
    adb shell 'su -c "busybox chmod o+x /data/local/userinit.sh"'

Now reboot your device and try connecting to the SSH server. If the server didn't start, your /etc/init.d/20userinit.sh script may not be marked executable.

    adb shell 'su -c "busybox chmod o+x /etc/init.d/20userinit'

Citations: Boot Image Information Stack Overflow Thread

Android: How to run a script or system application at boot

4:26 AM , , ,

Sunday, April 12, 2015

A 2-part series on a project to build a poor-man's-pwnphone, with physical assembly in one part and software modification guidelines in another part.
Building a Crackphone
Modifying software to drive a Crackphone

Two Part Series on Creating a Wi-Fi Cracking phone

1:51 PM , ,

Doable Privacy Instructions for Android

This is intended to be an accessible guide to practicing hardening and security awareness for technical laypeople using the Android platform to communicate. While there will never be a set-it-and-forget-it solution, this guide attempts to be a starting point for people who want to learn more about a practical and accessible security procedure for their Android phone.

The Difference between End-User Security and Power-User Security

The Android operating system usually ships with security settings that are, from a certain set of assumptions, true. Unfortunately, many times those assumptions are based upon promises Google or your phone's various manufacturers cannot truly keep while providing all the functionality that the end-user desires from their device. While these assumptions can keep you safe in some circumstances, they also make you part of a large, appealing target and they do break down, often. So people who want to be relatively assured of the privacy of their communication on Android based Operating Systems should be in control of their devices in every way they possibly can.

Rule 0: If you don't need it, assume it's malware

The rest of this guide will focus on how to avoid allowing a malicious actor to take control of your phone, but the truth is that 99% of compromises are the result of somebody clicking on something fucking stupid and usually won't admit it. They install a malicious fucking "Scrabble" game or some dumb fucking shit and then they get mad at me when I remove it and do my best to clean up the damage it did. There's no point securing your device if you're going to download shit willy-nilly off Google's fucking Play Store.

Do not install apps unless you can trust them to not contain deliberately placed malicious code. Depending on who places the code, this is called either a "Trojan Horse" or a "Backdoor." Scenario A is that a malicious person creates an application which contains code which takes control of information on your device and uses it for malicious purposes. This can be anything from simple things like collecting personal data or geolocation data, or more complex things like injecting malicious code into the Android operating system. As a rule, IF YOU CAN DO WITHOUT AN APP, DON'T INSTALL IT. If you wish to avoid surveillance in a serious way, remove as much non-essential software as possible which may contain bugs which Trojan Horses You may say, "But it's just a little game? Can't I install that? It's harmless." That is exactly how Trojan Horses work. That is what the phrase "Trojan Horse" means. An innocuous looking object that conceals a hidden threat. Virus makers do not label their products. Don't fucking install it.* Scenario B involves a malicious person creating an application which bills itself as a secure application but secretly contains code that allows the app maker to remotely access it. That is called a Backdoor and that kind of vulnerability exists in most proprietary messaging systems, such as Skype and Facebook Messenger. This is of course game-over from a privacy perspective. Much of this guide will center on offering alternatives to messaging systems that contain backdoors or Trojan Horses, but the bottom line is that if you don't need an app, don't install it. At times, this will mean giving yourself potentially dangerous power over your phone that the Manufacturer does not want you to have. Having this power does not make you inherently insecure, it simply means that anyone who takes security seriously must be in control of his or her own security at all times.

*If you want to get games, you should do one of two things. First, and the preferable option, is to get another device which you use to run apps that can't be trusted alongside private communication information. This device will be your social/entertainment "Sandbox," separate from your private communications. I usually keep one Social/Entertainment Sandbox and the rest of my computers are hardened, fully-liberated GNU+Linux machines which refuse any insecure connections. The other option is to only install games from Free Software projects, preferably through the F-Droid app repository explained below. This is still a compromise and could these could still contain vulnerabilities, but due to the ever-present possibility of peer-review these would be unlikely to contain malware or backdoors.

Using Free Software: Doable Privacy Instructions for Android Part One

1:00 PM , , ,

On-The-Go USB cable

Android OTG adapter First, you need an On-The-Go USB cable. This is a USB cable that has a male Micro-USB end and a female standard USB end. This allows you to attach a peripheral USB device to your phone like, in this case, a USB Wireless Adapter. Save yourself some time, you can by one for 10 Cents U.S. from here but one with the ability to charge your phone or attach a backup battery is also available and it is also possible to have multiple USB ports and a charger port, too.

External Battery

One thing you should know is that attaching peripherals will reduce your battery life, but not by that much. You can compensate by disabling the onboard wireless or disabling your mobile network, but it shouldn't be necessary. If your On-The-Go cable is capable of charging from an external power supply, you could consider a backup battery, a solar panel or even a backup battery with a built-in flashlight depending on your style.

USB Wireless Card that Supports Monitor Mode

Next, you need a wireless card that supports Monitor Mode. You have some choices in which one you can use, but I recommend one of these 2 types because of their reliability. Qualcomm Atheros 9000 series(ath9k) : The Ath9k series of wireless cards actually includes several wireless cards that use very similar drivers. They are capable of working with 802.11b/g/n and are also capable of ad-hoc networking, and of course, monitor mode. There are no reasons not to use one of these cards, and one very good reason to use it, it may have lower power consumption than the Realtek 8187. You can purchase an Ath9k for 5 dollars from here and a version with a swappable high-power antenna is also available here
Realtek 8187 Series(rtl8187) : The rtl8187 has been used in many of these "Poor Man's Pwnie" projects because it's capable of most of the things that the Ath9k is and has longer range, but has greater power consumption.You can purchase an rtl8187 for 15 dollars from here and One with a higher power Antenna can be found here for about a dollar more

RTL-SDR Reciever

Many, many things can be possible with a Software-Defined Radio reciever Unfortunately, right now just what those things are and how they might be implemented on Android. This section will be updated shortly.

Infrared Leads

With an Infrared Emitter it is possible to signal devices that are controlled by Infrared sensors, such as Televisions and Stereos. This is often a matter of scanning a wide range of Infrared signals. You'll need to do a little hardware hacking, securing these Infrared emitters onto a 3.5mm audio jack in order to control them using audio signals.

Male-To-Male 3.5mm Leads

In order to use an Infrared Emitter, you'll need to secure it to a Male to Male 3.5mm Connector along the lines of the following guide from Hack-A-Day here. I know it says iPhone but it will work for any audio jack. A better version is here.

The Phone I use

I use a Samung Galaxy Centura for lots of reasons, but one important one is I'm the kind of masochist who will put himself through porting CyanogenMod to a 40 dollar burner phone. I've got it mostly working now, too LOL, but I'll actually have a release of IG88ROM at about the same time because one pretty much fulfulls all the dependencies of the other, thus, the Galaxy Centura is the first one that gets a tested release. I'll build for CyanogenMod supported devices and Devices I own after that, should be a fairly rapid process, relatively speaking.

Hard Cases

It also helps to have a rigid case for your phone of some kind, in order to secure peripherals in a way that is not damaging to the integrity of your device. A Hard and Rubberized case is also probably available as well and may suit your preferences. You can secure your OTG peripherals to your case using Velcro or hot glue or quick-drying cement or super-glue.

Other Things that Might Be Useful

A 3D Printing Pen could concievably be used for any number of potentially useful case modifications.
Steel-Reinforced Putty is useful for modeling small prototypes or even building functional temporary parts.
A Mini Bluetooth Keyboard will save you the trouble of trying to touchscreen commands in the Kali chroot.
A device mod that isn't necessarily penetration-testing oriented, but it might be kind of cool, might be to incorporate a self-destruct into your device by incorporating ribbons of magnesium.

Android Device Modifiers Toolkit

12:28 PM , , , ,

Thursday, April 9, 2015

you can show posts in the home slider if they have label Slider, yes capital S when you are writing a new post, you can use coma after that and put any other sections for example I will label this post as a tutorial aswell, and a post can be in the Slider and Featured labels at the same time and it will end up showing on both, always don't forget nice pics with your posts.

left you a kitty in here :D.

How to show a post on the home slider

2:38 PM
Subscribe to: Posts (Atom)

 
Cmotc © | Partner: Toxigon ©
CMotC © 2015 - Designed by Templateism.com