Penetration Testing Using Android - Android Software/Hacking General [Developers Only]

I ran across this link to a penetration testing tool (well, actually a debian 'chroot') for Android called DebDroid:
http://www.pentestit.com/2011/02/18/debdroid-run-network-sniffing-debian-system-android/
The text on the site reads:
Debroid helps you run a Debian system with a lot of utilities that help you sniff packets. In addition to various other tools and libraries, it contains tools such as:
* openssh
* libpcap
* libpcap-dev
* ettercap
* wireshark
* carwhisperer
* btscan
* NMAP
* ntbscan
These come pre-installed with the Debian image. To install, simply download the image from the links provided and follow these steps:
1. Unzip the .zip and .7z files and copy all the contents to /sdcard/debian/
2. Run your preferred terminal emulator and run bash with su.
3. Install debroid with – sh ./sdcard/debian/debian.sh
4. Boot into debian with the following command – debroid and voila!
----------------
Has anyone tried this or other Android penetration testing tools? Please share your thoughts.

I just realized DebDroid is mentioned in another thread:
http://forum.xda-developers.com/showthread.php?t=950083
mail_e60 said:
I ran across this link to a penetration testing tool (well, actually a debian 'chroot') for Android called DebDroid:
http://www.pentestit.com/2011/02/18/debdroid-run-network-sniffing-debian-system-android/
The text on the site reads:
Debroid helps you run a Debian system with a lot of utilities that help you sniff packets. In addition to various other tools and libraries, it contains tools such as:
* openssh
* libpcap
* libpcap-dev
* ettercap
* wireshark
* carwhisperer
* btscan
* NMAP
* ntbscan
These come pre-installed with the Debian image. To install, simply download the image from the links provided and follow these steps:
1. Unzip the .zip and .7z files and copy all the contents to /sdcard/debian/
2. Run your preferred terminal emulator and run bash with su.
3. Install debroid with – sh ./sdcard/debian/debian.sh
4. Boot into debian with the following command – debroid and voila!
----------------
Has anyone tried this or other Android penetration testing tools? Please share your thoughts.
Click to expand...
Click to collapse

Related

[Q][Froyo][ndk]Subversion Building and Installation of Shared Libs

Disclaimer: This post is unstructured and may be missing crucial info because of that. Please point out the glaring errors and omissions.
Background:
Phone: Huawei Ideos U8150 (Aircel India branding)
OS: Stock 2.2 original firmware (Build number: U8150V100R001C234B832SP02)
Root: Z4Root temporary root (superuser and su installed by z4root)
Relavant Apps: SL4A+Perl for android, Vim for android, Connectbot, dropbear ssh client
I use vim and perl as my primary work tools and have them working beautifully on my Ideos. However, I am unable to access my source code as it is in a subversion repository with only svn+ssh access. So first, I got ssh on my phone (dropbear client 0.49) and then, searched for a subversion build for Froyo.
Finding nothing by way of a command line client for subversion, I decided to build it on my own with the NDK. This is where I've run into trouble. It has a lot of issues building it and once I do, it fails to run on the phone. Has someone tried to do this and successfully managed it? If so, I'd really appreciate the binaries and info on how to install
If not, I'd like to pool our knowledge for getting a successful build/run.
My process:
1) minimal Ubuntu lucid lynx
2) install ant1.8, make, and sun jdk 1.6 using apt-get (no X)
3) get the SDK in $HOME and use the Commandline interface to get everything (no package selection possible, just oneshot all selection)
4) get the NDK into $HOME
5) get svn source tar
6) get svn dependencies tar (svn site itself)
7) untar them together
8) Follow this and this to get the configure script running.
My configure is (using froyo: android-8 platform)
Code:
PATH="$PATH:$NDK/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/"
./configure --prefix=/usr/local/android-arm/sysroot/usr \
--build=i686-pc-linux-gnu --host=arm-linux-androideabi \
CFLAGS="-mandroid -nostdlib" \
CPPFLAGS="-I$NDK/platforms/android-8/arch-arm/usr/include" \
LDFLAGS="-Wl,-rpath-link=$NDK/platforms/android-8/arch-arm/usr/lib/ \
-L$NDK/platforms/android-8/arch-arm/usr/lib/" \
LIBS="-lc -lcrypt" --without-ssl --without-neon --without-serf --disable-dso
9) Get configure to run successfully.
9.1)Fix failures because cross-compile checks not possible: yes to /dev/null, yes to setpgrp void, no to PROCESS SHARED locks, no to TCP_NODELAY with TCP_CORK
9.2) Fix all config.sub to accept androideabi as a valid os (add relevant section into OS switch-case),
10) run make
11) Fix make issues (make APR_HAVE_IOVEC = 1 in apr.h, remove conditional so that fdatasync is defined as fsync in sqlite3.c)
12) fix link issues with libcrypt by creating the libcrypt from here and adding it to $NDK/platforms/android-8/arch-arm/usr/lib/
13) Run make install to create deployment tree.
14) tar gzip it and push on phone. (including libcrypt)
Open issues/steps with unknown solutions:
15) How to install shared libs (libcrypt)?
16) how to build static?
17) How to make this post better?
Could the mods please shift this thread to the android dev forum?

Ubuntu / Backtrack on Android [Complete Solution]

This guide had been on the Thunderbolt forum for quite some time and I decided it was time to share with the rest of the community
Having reviewed almost every other option I can safely and honestly say this is the most simplified, thorough, and customizable install available since its original launch. I will gladly retract this statement when it becomes false, but until then...
Installing Ubuntu onto Thunderbolt/Droid/Droid2/Etc:
Create a folder on the sdcard named ext2ubuntu, which is /sdcard/ext2ubuntu when listed in terminal or adb
Required files for Ubuntu install:
Ubuntu.sh http://db.tt/KgDNlMtb
Custom Packages for AutoConfig:
Coming soon
You will also want to download either an ubuntu image or archive. The major difference is that the image must be the same size as your ubuntu installation, so they are larger downloads, or need to be resized before you use them.
Ubuntu Prebuilt tar and img downloads:
(img: Extract only ubuntu.img and place in /sdcard/ext2ubuntu)
(tar: Rename, if desired, and put archive in /sdcard/ext2ubuntu)
10.04: http://android-cruft.googlecode.com/files/lucid-on-android-0.1.tar
(This image DOES need to be resized, see next post)
10.10 img: http://www.megaupload.com/?d=56AT71WD
(This image file does NOT need to be resized)
11.04 tar: http://db.tt/fuzoy8Te
Backtrack img: http://bit.ly/kJweA9
Borrowed from http://forum.xda-developers.com/showthread.php?t=1146255
(This image file does NOT need to be resized)
How to build your own Ubuntu Image:
http://androlinux.com/android-ubuntu-development/how-to-build-chroot-arm-ubuntu-images-for-android/
Notice:
The ubuntu mount folder is symlinked to /system/sd-ext allowing access to it there also.
First off you should have a running ubuntu install on your computer or at least a live cd running to create the ext2 partition.
Use gparted to add a 4gb (or whatever size you want) ext2 partition to your sdcard. I did this while the phone was mounted in disk drive mode, so you dont need to take the card out.
Ubuntu: Get gparted in synaptics or in terminal enter:
Code:
sudo apt-get install gparted
Widows: *Paragon Partition Manager*
If you do not need to partition, skip this step.
Use adb to run /sdcard/ext2ubuntu/ubuntu.sh
Code:
adb shell
su
sh /sdcard/ext2ubuntu/ubuntu.sh
Or from terminal (only supported on some ROMs)
Code:
su
bash /sdcard/ext2ubuntu/ubuntu.sh
All required scripts will download and install themselves automatically. Currently only ubuntu.sh and the chosen ubuntu image need to be placed in /sdcard/ext2ubuntu for proper install. Scripts include an autoupdate feature that will also keep them current.
Follow the instructions and select the appropriate options for your system configuration and download choices.
You can now open terminal and type "bootubuntu" to test install
A new Sdcard Direct option was added allowing user to replace the installed scripts with a unified "ubuntu" command that runs the scripts directly from the sdcard. This option was offered due to the frequency of updates to allow the user to simply replace the files in /sdcard/ext2ubuntu with newer versions that would run without any further steps.
If you get a localhost prompt, you are in but still need a couple things to move past command line.
Here is where we part from borrowed and modified instructions that recommend lxde and ice and all the dinky handheld ubuntu shells, and move to the Thunderbolt method.
Update vs Restore scripts: Update will base what scripts are put in system on the ones currently there, while restore determines what scripts are currently available on the sdcard.
For automatic installation of ubuntu applications, you will want to enter these commands next:
Code:
su
backubuntu
4
Choose your options
To view your ubuntu desktop, you will want a vnc viewer for android. I use real vnc, but android-vnc-viewer is free and has all the same features (i just liked the layout of realvnc)
The address for ubuntu is 127.0.0.1
The port is 5901
The password is the tightvncserver one you set.
i recommend making a folder named android in "your mounted ubuntu folder"/home/ for your personal files since /root is your local folder, but causes permission issues.
From your new ubuntu you can use synaptics and download eclipse there, but it can also be downloaded from the localhost prompt using "apt-get install eclipse" I also recommend downloading the android-sdk. To run the sdk from the localhost prompt, simply cd to the android-sdk directory and issue the command:
Code:
tools/android update sdk -u -s
and if you want to specify the downloads performed add
Code:
-t [specific items such as platform, platform-tool]
If you need help with any commands you can add
Code:
-h
to your existing command
The htc kitchen can be downloaded from ubuntu using the same instructions found: http://forum.xda-developers.com/showthread.php?t=633246
After it is installed, you have the option to launch this kitchen either from inside your ubuntu install, or from the localhost prompt, which avoids having to run vnc to use it.
A compiler toolchain is available http://www.codesourcery.com/sgpp/lite/arm by choosing download the latest release. I use gnu/linux even though it seems to be eabi included in the android source, but I have never used it to be sure. I have been told this one is a lot easier to use anyway.
I recommend backing up the ext2 once everything is done. This can be done by (entering "exit" at the localhost prompt and then) entering "backubuntu" in terminal.
backubuntu can also update newly downloaded scripts without having to use root explorer or worry about permissions. Just put any new versions in your sdcard/ubuntu folder and select the update option.
This replaces the ubuntu2.img with your backup so you dont have to "apt-get" everything over again. This will also save your tightvnc password so make sure you remember it.
Sent from my ADR6400L using Tapatalk
Screenshots:
https://picasaweb.google.com/110545...authkey=Gv1sRgCLDd48n2oMWzpAE&feat=directlink
References:
Personal insanity and the inability to accept whats already available
http://code.google.com/p/android-cruft/wiki/LucidWithAndroid
http://androlinux.com/android-ubuntu-development/how-to-install-ubuntu-on-android/
http://nexusonehacks.net/nexus-one-hacks/how-to-install-ubuntu-on-your-android/
http://forum.cyanogenmod.com/topic/15702-ubuntu-on-your-g2-anyone/
http://forum.xda-developers.com/showthread.php?t=633246
http://www.codesourcery.com/sgpp/lite/arm
http://forum.xda-developers.com/showthread.php?t=987740
http://androidclone.com/forums/showthread.php?tid=23
Sent from my ADR6400L using Tapatalk

[Solved] DEODEXED xUltimate-v2.3.3 JAVA Error !

i doing DEODEXED My STOCK ROOTED ROM DDKH4 With xUltimate 2.3.3
But The Step 3rd Giving Me error above
Code:
Starting AccountAndSyncSettings.odex
*****************************************
* Deodexing... *
'java' is not recognized as an internal or external command,
operable program or batch file.
Press any key to continue . . .
when installed jdk-6u29-windows-x64,jdk-7u2-windows-x64
then what is the problem ...............
BMY TEST RESULTS ARE ABOVE (xUltimate-v2.3.3)
Code:
-Windows x86-
*************************
* adb = PASS! *
* *
* odex = PASS! *
* *
* zip = PASS! *
* *
* busybox = PASS! *
* *
* java = FAIL! *
* *
* temp = PASS! *
* *
* deodex = SKIP! *
* *
* redex = SKIP! *
*************************
-Done Testing-
Press any key to continue . . .
sorry for my bad english
solved
Congrats. Keep going
dh33r4j said:
Congrats. Keep going
Click to expand...
Click to collapse
Thanks but again i get new error so can u help me some
If you are getting that error, it means that eitherJava is not installed, or is not in your path.
If Java is not installed, go to java.com to install the most recent version of the JRE.
If you're sure you have already installed Java ensure the Java executable is in your system's path. You can do this by first finding the directory it is installed in. For example, mine is installed in C:\Program Files\Java\jre6. The executables are located in the bin directory.
In order to set your path (Assuming Windows Vista), go to Start -> Control Panel -> System, then click on the 'Advanced System Settings' link on the left, then the 'Environment Variables' button. In the lower section (Labeled 'System Variables'), scroll through and find the item labeled 'Path' and double click it. In the field labeled 'Variable value' go to the end and add a semicolon (, and then the path your installation of Java is located. Using the example I gave above, I would have added ;C:\Program Files\Java\jre6\bin to the end of the line.
The procedure for 64-bit Windows Vista or Windows 7 is the same, except the text you will add to the Path variable is ";C:\Program Files (x86)\Java\jre6\bin". Notice there is still a semi-colon at the beginning of the line.
Once you have done this, you will need to close and reopen the command prompt if it is already open, and you should be able to run java without getting this error message.
help
Starting AccountAndSyncSettings.odex
*****************************************
* Deodexing... *
'java' is not recognized as an internal or external command,
operable program or batch file.
Press any key to continue . . .
how did you solved this problem????
please help i have installed jdk-7u2-windows-x64
me too
abhinav quietly brilliant said:
Starting AccountAndSyncSettings.odex
*****************************************
* Deodexing... *
'java' is not recognized as an internal or external command,
operable program or batch file.
Press any key to continue . . .
how did you solved this problem????
please help i have installed jdk-7u2-windows-x64
Click to expand...
Click to collapse
I have the same problem. I executed java -version from the xUltimate directory and got java version 1.7.0_05, so I know there is no problem actually executing java, but for some reason the xUltimate can't find java.
skeptonomicon said:
I have the same problem. I executed java -version from the xUltimate directory and got java version 1.7.0_05, so I know there is no problem actually executing java, but for some reason the xUltimate can't find java.
Click to expand...
Click to collapse
You got to able to run java -version from any directory, not just the xUltimate dir. If that's not happening and if java is already installed you need to add path to the jre/jdk bin folder in the system path environment variable. Please have a look at the posts above, I think someone already explained in detail.
Sent from my GT-I9103 using xda app-developers app
Figured it out
parajsinghal said:
You got to able to run java -version from any directory, not just the xUltimate dir. If that's not happening and if java is already installed you need to add path to the jre/jdk bin folder in the system path environment variable. Please have a look at the posts above, I think someone already explained in detail.
Sent from my GT-I9103 using xda app-developers app
Click to expand...
Click to collapse
Thanks for trying to help. I had already verified, and I reverified, that I can execute java from every directory. Your post did get me thinking, so I checked the path variable and determined that it was running the java.exe in the C:/windows/system32 directory. I also had a directory C:\Program Files\Java\jdk1.7.0_07\bin with java in it.
The problem I was seeing is caused some MS shenanigans with how they map the disk drives. The java.exe is not really located in the Windows/system32 folder but it does appear to be when using file explorer. They have some kind of redirection that maps the java from the program files/java/jdk1.7.0_07/bin directory into the windows\system32 directory, only this works for some programs and not for others. For instance I can see Windows/system32/java.exe in File explorer, and can see and execute it from the command line, but winMerge can't see it. I am guessing that xUltimate also can't see it.
Bottom line here is that if you have the missing java problem, it is not enough to be able to execute java from the command line, you need to make sure your path links to the executable in the java directory. Hope this helps anyone else coming across this problem
in my case...
how to solve thise...?
-Windows x86-
*************************
* adb = PASS! *
* *
* odex = PASS! *
* *
* zip = PASS! *
* *
* busybox = PASS! *
* *
* java = PASS! *
* *
* temp = PASS! *
* *
* deodex = FAIL! *
* *
* redex = SKIP! *
*************************
-Done Testing-[/CODE]
Press any key to continue . . .
deleted

[TOOL][LOG] Easy-to-share log and report for developers and users

Hello XDA comunity!
I want to share you a very useful tool that I have created, its name is: "kielyd".
What's keilyd?
Keilyd is a BASH daemon that constantly dumps the system's logs, warnings and other useful info in a easy-to-share "ZIP" with the main purpose to create a very informative and useful bug report.
keilyd is expansible and configurable. It's very easy to add new features because BASH interacts directly with the Linux/BSD commands in the Android System.
How does it works?
Keilyd is launched at device boot, with the "init.d support" and as root (see requeriments below). After launched, keilyd relaunches itself in a "daemon mode", that runs in the background, then, it dumps several information in the /sdcard and compress it in a single zip, so, the user can send that zip (in fact, are 2 zip's or more if you use the "snapshot" feature) to the developer of their ROM, to a forum or send it to a 3rd party developer and report a bug with all the system logs included.
Keilyd stores 2 zips: the first one is the current log (the "very last file") and the second one is the last log before keilyd were launched again.
If you won't enable de daemon, you can create a single zip when you use the "snapshot" feature, if you take two or more snapshots in the same minute, the ZIP will be the same, otherwise, one script per different minute will be created. The Snapshot feature can create as much zips as needed.
What info is collected?
That's a good question!
The info that is collected is (this applies ONLY for a vanilla copy of keilyd):
Kernel log (aka "dmesg") and other kernel info
Logcat (aka "logcat")
List of process running and memory statics
A copy of all tweaks in init.d (including keilyd itself)
A copy of build.prop and sysctl.conf
A copy of /proc/config.gz (if exists)
Some cpuinfo
Mounted filesystems and usage
How does this "daemon" can help me?
Developer:
Have you had the need to get some system log from a user?
Probably the answer is "yes", but, the user may have no idea how to do that, so, you have to give them a "step-by-step" guide of "how to get a system log in the terminal".
This simplifies the process, so, the user can report a bug with logs with no terminal (if the daemon is enabled) or with a single command that looks like
Code:
keilyd --snap
User:
Well, the complement of the developer... You can share "golden" information just by sending 2 zips files to the dev. Minimal Android knowledge is the only prerequisite if the daemon is working as spected.
This daemon is not a demon, but it can be very bad if not implemented as spected. Please, ensure that ALL THE COMMANDS ARE KNOWN and that THERE IS NO PORPRIETARY interference.
Why BASH?
A good idea is to create a daemon in C/C++ and share it as a "binary", BUT, as we are recolecting information from the device, the user must have to be concient of what are the script recollecting, if the user can't read bash, it can ask to a 3rd developer. You can feel safer because it's under the GPLv3 licence!
In addition, BASH run in (almost) any UNIX based OS, including but not limited to Apple OS X, GNU/Linux, Android, iPhone OS, etc...
This prevent a "blind trust" from the user, and give them facility of enable-disable the script, add features and so on.
Requeriments
- A rooted device
- Busybox (or run-parts)
- init.d support
- BASH 4.3.x ONLY SUPPORTED by the moment.
- Terminal emulator/HIDE]
How can I include it in my ROM?
Take a look of my repo in GitHub, it contains the last version of keilyd and the implementation during compilation in the Makefile.
If you are a ROM modder, download the latest version from above, include init.d and bash support in you ROM.
Or you can create a CWM/TWRP/Philz... flashable zip (it would be great!)
Users: how to use
When something goes weird, open the terminal emulator and write:
Code:
keilyd --snap
and send to the developer all zips in
Code:
/sdcard/keilyd/out
type
Code:
keilyd --help
and a helpful message will be printed.
If something goes wrong and you need to reboot the device (or the device reboots itself), just send both zips to the developer or the forum where you are asking help (This feature only works if the daemon is enabled).
Developers: how to use
You can add/remove things in order to fit your needs, the only thing that we ask you is that you write the whole script in BASH, without "blobs" that may private the user from know what is exacly logged and stored.
If some user sends you the zip, you will notice that the files are plain-text, and you can view it in any text editor.
TODO:
List all apps installed (system and user)
Secure "user-modificable" settings (Allmost DONE)
A graphical interface (an app) to manage the daemon
A flashable ZIP
Aports and sugestions are WELLCOME, please, coment in the box below
Install redistributable package:
If the avobe requeriments are meet...
1. Open this GItHub URL
Click in the "Download ZIP" icon in the right.
2. Put the zip in your phone
3. Unzip it.
4. If you want to use the script... A; otherwise, B.
A.
a. Open the terminal emulator.
b. cd to the folder that contains
Code:
install.sh
c. As root, type "
Code:
sh install.sh
" in the terminal.
B.
a. Open ES File Explorer
b. Enable root explorer and mount /system as rw
c. Copy
Code:
daemon/18keily
to
Code:
/etc/init.d
d. Tap and hold the
Code:
18keily
file and open the poperties
e. Change te permisions to
Code:
rwx r-x r-x
f. Copy the
Code:
redistrib/bash
file to
Code:
/system/xbin/bash
g. Change the permisions as above.
h. Symlink /etc/init.d/18keily to /system/xbin/keilyd
i. Reboot
NOTE:
Keilyd can be used in 2 ways:
1. As a daemon that does it job without human interaction, that constatantely and automaticaly creates 2 zips in the output directory.
2. As a Script that only needs to be called with the '--snap' parameter, but it requieres human interaction and does not constantely repeat the process.
Use the first one if you are a beta tester, or if you know that you ROM can hang sudently. Recomended for Unstable ROM'S.
Use the Last One if your ROM is stable or official, but you want to do a bug report.
You can allways use the second option if you use the first one.
By default, the daemon is disabled. You can enable if you change the "ENABLED" variable to "Y". I personally recommend values for "MINS" between 5 and 15.
BUGS REPORTS in the GITHUB REPOSITORY
Reserved
Hi there,
This looks like what I need, did you close the repo? Can you share a link to the script? I have a few devices, and I want to have some forensic information for troubleshooting (I.E. log all the warnings, errors and critical logs, + a snapshot every n minutes about the system usage). Right now I have to go where the device is, connect it with ADB and query the logs (most of the time, the logs were overwrited)... Thanks in advance.

Parrot Security OS auto chroot for android, Nethunter alternative - NOT TESTED YET -

NOT WORKING. I WANTED TO PORT TOO FAST. PLEASE CLOSE THIS THREAD. I'LL REOPEN IT WHEN EVERYTHING WILL WORK FINE
PAO or Parrot On Android is an Android penetration testing platform for any android devices.
Supported architectures: armhf, arm, amd64 and i386
Issues:
No known issues yet
I builded the rootfs using the following commands (We built for armhf architecture in this exemple):
qemu-debootstrap --arch armhf stable ./parrot-armhf http://ftp.parrotsec.org/parrot/
tar cJvf parrot-armhf.tar.xz ./parrot-armhf
To install, just extract the zip file (link at the end of this message) to any folder (for e.g. /sdcard/install_PAO). Then, in a terminal app, execute the install.sh as root and answer the questions. The script will automatically download and install the right chroot for you
To run Parrot, just type in a terminal 'chrootparrot' (as root)
To remove chroot, please make sure your chroot isn't running and type 'removeparrot' in a terminal (as root)
NOTE: This is only the base Parrot Securiry OS system. It doesn't come with a lot of tools. To install Parrot Security OS tools, just type 'apt update && apt install parrot-tools'
Link: https://drive.google.com/open?id=1NOJVItcM6NkbTQj3i72mda1m-5DA9cAT
PS: check out https://ssd.eff.org/en and spread this url to your bookmarks
Could you elaborate a lil bit.... Iam not able to run it via vnc

Categories

Resources