Hello all. I'm currently taking a computer security class and to make the long story short, at the end of the semester I will have to turn in a research paper and do a 30 minute presentation on it. The topic I chose for this is "Exploring the techniques used to gain access to personal information on Android devices; the methods hackers use and the type of data they are seeking." So if you could please post links to any articles that you come across that talk about security of android devices. Also, I could really use any magazine or book suggestions. Thanks!
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Sent from my ASUS Transformer Pad TF300T using XDA Premium HD app
You should write about the easiest method - allowing to isntall ab with lots of different permisions.
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet. Considering that it requires the user to sideload questionable apps or to download from unprotected app sites it's not the worst thing ever.
Anti-virus/Anti-malware apps still remain next to useless on Android devices. The other main exploits that are used such as spoofing, etc, are simply able to function on any device operating over an unsecured wifi network and aren't unique to Android. I really don't think you're going to find much in the way of peer-reviewed articles on this topic, but I'd recommend that you used the databases available to you through your school rather than just taking articles handed to you by others.
MissionImprobable said:
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet.
Click to expand...
Click to collapse
Not really the only flaw, there is a way to get android to install a rootkit which needs no extra priveleges to do what it wants on your android device. It isn't out in the wild but it can be, and has been, done to highlight an android vulnerability.
http://m.networkworld.com/news/2012...tkit&client=ms-opera-mini-android&channel=new
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
keynith said:
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Click to expand...
Click to collapse
With all due respect, have you ever *tried* to intercept SSL traffic for a non-browser-based Android app? It's hard as hell to do with a phone & fake AP under your direct rooted control, and damn near *impossible* to casually pull off against a random stranger's phone at Starbucks.
Android MITM is *hard*, and the #1 method of reliably doing it for penetration testing is to hack the app's decompiled SMALI to replace the certificate-validation logic with a dummy class that ignores cert errors.
Put another way, if somebody sniffs your password to something over wifi, it's because the idiot who wrote the app submitted your credentials without using SSL, and not because the access point was "open". Successful Android non-browser SSL MITM isn't "black hat", it's "black magic."
Also, WPA(2), WEP, etc might give some speedbump-like protection against totally random strangers who stumble upon an access point from the outside, but they won't do jack to protect you from the guy sipping a lattè next to you & running Wireshark while connected to the AP using the same key YOU are.
Wifi encryption is there to keep people from leeching free internet service, not to keep your traffic safe from other connected users. That's why ipsec & SSL exist.
There's exactly one safe way to use public wifi -- through a PPTP vpn tunnel (L2TP has a few known Android vulnerabilities).
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
adrian816 said:
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
Click to expand...
Click to collapse
Thanks a lot!!
#### Sent from my GN7 #### B0$N4 ####
Related
This was already mentioned by alansj here, but I though it was important enough to have it's own thread
Saurik has created a Debian image you can install onto your sd card. Once installed, you have the full power of debian on your phone. No more puny little busybox
Instructions and such are here.
Thanks Saurik!
I was actually looking into this earlier... let me know how it runs
cant download a few things
can not open ext2.ko......when i type insmod $kit/ext2.ko ...i get "insmod: can't open ' /sdcard/kit/ext2.ko'...some one please help me out
What graphical interface does this install, or is there one?
cbrunner said:
What graphical interface does this install, or is there one?
Click to expand...
Click to collapse
That was my question when I heard about this... I just went for it though because when I read through the instructions, I realized that everything is stored in the MicroSD card and in RAM (which is reset when the phone is rebooted)
It turns out that there is no GUI - just a good old text-based Debian install! I'm sure that someone will get one working... or maybe just port the entire BSD Subsystem along with apt so we can just forget the Market...
amgupt01 said:
That was my question when I heard about this... I just went for it though because when I read through the instructions, I realized that everything is stored in the MicroSD card and in RAM (which is reset when the phone is rebooted)
It turns out that there is no GUI - just a good old text-based Debian install! I'm sure that someone will get one working... or maybe just port the entire BSD Subsystem along with apt so we can just forget the Market...
Click to expand...
Click to collapse
This awesome article has answered tons of my questions and also seems to imply otherwise:
"This does not replace Android. This also gives you access to the full plethora of programs available in Debian and let's you continue using your phone as it was intended to be: as an Android device with all the capabilities thereof."
In addition, this IRC channel is where the author of that article idles.
cbrunner said:
This awesome article has answered tons of my questions and also seems to imply otherwise:
"This does not replace Android. This also gives you access to the full plethora of programs available in Debian and let's you continue using your phone as it was intended to be: as an Android device with all the capabilities thereof."
In addition, this IRC channel is where the author of that article idles.
Click to expand...
Click to collapse
Right. No gui, but you have a full working linux distro on your phone. You can apt-get just about any of the normal stuff.. You could probably even get a x-windows installation to working, although you would have to connect to it remotely - it would probably be "difficult" to get it to display a gui on the phone itself (although that would be sweet).
I've installed Saurik's image on my phone, it works great. Although if you do the "unionfs.sh" step, the wifi settings don't quite work right anymore. It won't let you enable or disable wifi.
But I was able to get an ssh server (with real user and password management) and even a samba server running on my phone quite easily with this . I've also got gcc installed, and will start playing around with developing directly on the phone (instead of having to cross compile).
Sorry for not being hip to the game, but what the heck is Debian?
donutman said:
Sorry for not being hip to the game, but what the heck is Debian?
Click to expand...
Click to collapse
Arguably the most influential distribution of Linux ever. Its package management system, apt, is awesome, and it is what Ubuntu and tons of other distros were started from.
Why would you not use Google before asking here?
can anyone help with my above mentioned problem
i want this baby to run
Is your phone connected to your computer? You lose access to the storage card when it is, I think (you can't cd to it when it's plugged in) and unplugging my phone allowed me to install the module.
/a
Installing Debian errors?
Here is what I get:
insmod $kit/ext2.ko
insmod: init_module '/sdcard/kit/ext2.ko' failed (Operation not permitted)
i've been through this, i'm not gonna explain what happens and why, but imo, the only way to get a real root is the following:
-Install telnet client to your device (from android market).
-Reboot your phone to be sure no telnet-daemons/shells are running.
-When you are on the desktop, just type "enter", "telnetd", "enter". (If you do it from the terminal app it will run under the uid of the terminal app which is not root).
-Then run the telnet client app, and connect to local host. (Or skip this step + the first one if you wanna connect from another pc)
I know it's weird, but when you run something from the terminal app it runs under the terminal app's uid, even if you run a new shell, you still are eg. "app_33", not root. and btw you will have to set the environment variables all from the same shell, that means you can't have a script cause it will run under another shell, with another uid. I'm so confused... maybe I'm wrong but android is not the most friendly environment.
aggtrfrad said:
i've been through this, i'm not gonna explain what happens and why, but imo, the only way to get a real root is the following:
-Install telnet client to your device (from android market).
-Reboot your phone to be sure no telnet-daemons/shells are running.
-When you are on the desktop, just type "enter", "telnetd", "enter". (If you do it from the terminal app it will run under the uid of the terminal app which is not root).
-Then run the telnet client app, and connect to local host. (Or skip this step + the first one if you wanna connect from another pc)
I know it's weird, but when you run something from the terminal app it runs under the terminal app's uid, even if you run a new shell, you still are eg. "app_33", not root. and btw you will have to set the environment variables all from the same shell, that means you can't have a script cause it will run under another shell, with another uid. I'm so confused... maybe I'm wrong but android is not the most friendly environment.
Click to expand...
Click to collapse
Haha I feel you. Now the thing is when I am at the home screen on my G1 i push "Enter" on the keyboard and then type "telnetd" and then push enter again it doesnt do anything. When I open up telnet client on my PC it wont connect with wifi on.
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
And when I "netstat" from inside Terminal Emulator there is no address with port "23"
ballaholyk84 said:
Haha I feel you. Now the thing is when I am at the home screen on my G1 i push "Enter" on the keyboard and then type "telnetd" and then push enter again it doesnt do anything. When I open up telnet client on my PC it wont connect with wifi on.
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
And when I "netstat" from inside Terminal Emulator there is no address with port "23"
Click to expand...
Click to collapse
Are you already running RC30?
SplasPood said:
Are you already running RC30?
Click to expand...
Click to collapse
Yes, I am running the Modified RC30 posted by JesusFreke
cbrunner said:
Why would you not use Google before asking here?
Click to expand...
Click to collapse
Because I wanted you to tell me baby. That is what a wife is suppose to do.
JesusFreke said:
Right. No gui, but you have a full working linux distro on your phone. You can apt-get just about any of the normal stuff.. You could probably even get a x-windows installation to working, although you would have to connect to it remotely - it would probably be "difficult" to get it to display a gui on the phone itself (although that would be sweet).
I've installed Saurik's image on my phone, it works great. Although if you do the "unionfs.sh" step, the wifi settings don't quite work right anymore. It won't let you enable or disable wifi.
But I was able to get an ssh server (with real user and password management) and even a samba server running on my phone quite easily with this . I've also got gcc installed, and will start playing around with developing directly on the phone (instead of having to cross compile).
Click to expand...
Click to collapse
What command did you use to get the SSH to install? Every time I do the one in the tut by saurik it errors and wont install all the way. I get an error after x11-common and it wont finish.
ballaholyk84 said:
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
Click to expand...
Click to collapse
localhost usually refers to the loopback interface which on most devices will be 127.0.0.1.
I'm getting the same thing here... I think there's something wrong with apt-get having to write to /tmp which does not exist (and is mounted read-only).
This is a program I wrote a while back that allows transparent tethering over USB without requiring root access. It works by simulating an unencrypted OpenVPN server and then internally running everything through a Java-based NAT. I get decent speeds off it, but your mileage may vary. It's a bit beta! Might explode! Wear eye protection!
It has a really basic website at http://lfx.org/azilink/, but to spare your eyes I'll just paste the instructions below:
Required files:
- ADB from the 1.1 SDK or from http://lfx.org/azilink/adb.zip
- OpenVPN 2.1 (not 2.0) from http://openvpn.net/index.php/downloads.html
- AziLink.apk from http://lfx.org/azilink/azilink.apk
- AziLink.ovpn from http://lfx.org/azilink/azilink.ovpn
Installation:
1) Install OpenVPN on the host. I use version 2.1_rc15, but any version should work. Apparently if you use version 2.0 you'll need to remove the NO_DELAY option from the AziLink.ovpn configuration file. You can find OpenVPN at:
http://openvpn.net/index.php/downloads.html
2) Enable USB debugging on the phone. From the home screen, this is under
Settings>Applications>Development>USB debugging.
3) Install the Android USB driver (if you don't already have one installed).
See http://code.google.com/android/intro/develop-and-debug.html#developingondevicehardware
4) Install the program. You can either use ADB to install by typing
"adb install azilink.apk" with the file in the current directory, or you can browse (on the phone!) to: http://lfx.org/azilink/azilink.apk
Either way you might need to allow installation from unknown sources
under Settings>Applications>Unknown Sources.
Configuration steps:
1) On the host, run "adb forward tcp:41927 tcp:41927" to set up port forwarding. Be sure to use adb from the Android 1.1 SDK! The version from 1.0 will lock up under heavy load. If you don't want to download the entire SDK, you can get a copy of ADB+drivers from http://lfx.org/azilink/adb.zip
2) On the phone, run AziLink and make sure "Service active" is checked.
3) Right click AziLink.ovpn on the host (not in the web browser!) and select "Start OpenVPN on this configuration file." You can find this file at: http://lfx.org/azilink/azilink.ovpn. If you're using Linux or, god forbid, MacOS, you'll also need to manually set the nameserver to 192.168.56.1 (the phone's NAT IP address).
Nice work around.
Wow, amazing work! I'll definitely have to mess around with this tomorrow...
OpenVPN 2.0.9
Thnx for the manual..!! Took me something to get it working, i'll find out, that it isn't working with OpenVPN version 2.0.9
OpenVPN 2.0.9 doesn't recognize the following rule in azilink.ovpn:
socket-flags TCP_NODELAY
And it worked with version 2.1rc15...
So no more Internet Sharing on Windows Mobile...
OpenVPN 2.0.9
Thnx for the manual..!! Took me sometime to get it working, i'll find out, that it isn't working with OpenVPN version 2.0.9
OpenVPN 2.0.9 doesn't recognize the following rule in azilink.ovpn:
socket-flags TCP_NODELAY
And it worked with version 2.1rc15...
So no more Internet Sharing on Windows Mobile...
help
Ok I'm a complete noob and I've played about with this but can't get it to work. How do I run adb? As in the very first step? Where do I type that. Do I need to install adb and how do I do it?
Thanks
Got it working
Man this is awesome.
I realised i needed to run the adb from cmd. see when i tried to open adb.exe it just kept closing.
thanks alot. this rocks
ps im writing this off my tethered pc
zecbmo said:
Ok I'm a complete noob and I've played about with this but can't get it to work. How do I run adb? As in the very first step? Where do I type that. Do I need to install adb and how do I do it?
Thanks
Click to expand...
Click to collapse
Nah, you can just unzip adb and run it directly from that folder. It's a command line program, so you'd need to run it from a command prompt (cmd.exe). I'm not sure whether adb needs to run as an administrator or not (I disable all that UAC garbage in Vista). If you have the proper driver installed, then the ADB command should return immediately without saying anything. If it says "waiting for device..." that means it wasn't able to find the Android debug driver.
I know this is all a bit hacky, but now that we've got root and wifi tethering I figured that there wouldn't be too much interest.
cheers
its working great like. im using this cus i havent rooted my phone yet. tethering was the only reason why i wanted to root it but this is a great alternative
Works Great. Thanks for the easy instructions.
Here is translation of post on Russian with images http://androidteam.ru/faq/azilink-tethering-with-android-usb.html
I have repacked all in one zip, and make some command files to make process a little easy.
another trick that may help on XP machines, probably other versions as well.
Create a shortcut to adb.exe on your windows desktop (mine is located in C:\and\tools)
Modify the 'target' (right-click,properties) of the shortcut to read C:\and\tools\adb.exe forward tcp:41927 tcp:41927 <I think this is the right code, I'm still using tetherbot on 1080>
That's it. Once everything's set up connecting is easy. one click on the computer, no cmds required
does this allow for media such as flash on web site to play on the laptop?
clevetbs said:
does this allow for media such as flash on web site to play on the laptop?
Click to expand...
Click to collapse
If you've got enough bandwidth. I'm not really sure what bitrate flash video runs at though.
Many thanks for this, aziwoqpd. I've not had the time to root, but have been looking for an easy way to tether. A usb connection is great, since the battery drains so quickly anyway it's nice to keep a charge going.
sonikamd - thanks for the suggestion, it's a great idea. Unfortunately my XP doesn't want to accept your syntax. I wish I could offer something else, but my skills (ha!) are nonexistant. I'm embarassed to say that I had to refresh my memory on how to maneuver around command lines...
Got any other suggestions?
Thanks again for all your work!
the AziLink.ovpn file wont download for me.
works fine for me, GREAT WORK!
Okay, so I'm trying this out on a mac. I've successfully built openvpn and have my tunneling device (/dev/tun0, /dev/tun1, etc.). I run the adb forward command and it starts the daemon successfully, I fire up azilink on the phone and it says it's waiting for the connection, I fire up openvpn and the phone changes to stating that it's connected. Openvpn does not exit out - it starts the tunnel - BUT in the logging it reports " ROUTE: problem writing to routing socket" twice (which oddly appears to be a non-fatal error to the application), and traffic is unable to flow. I'm guessing it's something about openvpn not correctly manipulating the darwin routing tables, but I've been unsuccessful thus far in figuring out the nature of the problem so I thought I'd check here.
I'm running the straight azilink openvpn config file, which means if I need any syntactical changes for darwin I haven't applied them. The openvpn documentation is not terribly good and I was unable to find any documentation of routing command differences for MacOS (if that's even the problem, of course).
Edit: I forgot to mention, I've been trying to ping known-good IPs by address to test the routing - after my first attempt at loading a web page failed I figured it best to remove name services from the possible list of problems. The bytes sent count was slowly incrementing (up to about 23K bytes in ten minutes of diagnosis), and the inbound count got up to about 900 bytes in the same period, so clearly *something* was getting through - unless those counters are counting all traffic into and out of the phone and just going over the cable - but I got no ping responses, no websites could load, and by all appearances from the terminal, no data was moving.
lindsayt said:
I'm running the straight azilink openvpn config file, which means if I need any syntactical changes for darwin I haven't applied them. The openvpn documentation is not terribly good and I was unable to find any documentation of routing command differences for MacOS (if that's even the problem, of course).
Edit: I forgot to mention, I've been trying to ping known-good IPs by address to test the routing - after my first attempt at loading a web page failed I figured it best to remove name services from the possible list of problems. The bytes sent count was slowly incrementing (up to about 23K bytes in ten minutes of diagnosis), and the inbound count got up to about 900 bytes in the same period, so clearly *something* was getting through - unless those counters are counting all traffic into and out of the phone and just going over the cable - but I got no ping responses, no websites could load, and by all appearances from the terminal, no data was moving.
Click to expand...
Click to collapse
The byte counters only include traffic that OpenVPN is forwarding, so something is making it over. Did you try changing the DNS server to either 192.168.56.1 or an external address like 4.2.2.2? OpenVPN on MacOS and Linux won't set the nameserver automatically.
Also, there's a bit of a problem with pinging. The app on the phone can't generate ICMP ping packets since it isn't running as root. When you send an ICMP ping, the phone translates it to a UDP ping, sends it, and translates the reply back to a ICMP ping. Unfortunately, probably about 50% of hosts don't reply to UDP pings. Some that I've tested with that do work are lfx.org and he.net.
I'll see if I can give it a quick test on a Mac sometime tomorrow.
EDIT: I managed to get it working, although T-Mobile's so-called "transparent" web proxy is barely working today so I was having trouble accessing websites without getting errors. SSH was working fine, though. Anyway, here's what I did:
1- Installed a MacOS port of OpenVPN called Tunnelblick (didn't have XCode handy to compile my own and it's got a pretty GUI)
2- Copied azilink.ovpn to /users/azi/library/openvpn or whatever it is
3- Click the Tunnelblick icon in the upper-right, go to details, click "set nameserver"
4- Remove the TCP_NODELAY line because it was complaining that my kernel didn't support it (and would cause my connection to timeout after about 30 seconds).
5- Clicked connect
If you want to see what traffic's going over openvpn, you can just run "sudo tcpdump -n -i tun0"
wow ... this works great ... tested using a german G1 under linux (arch 686), win vista (x64) & win xp (x86) ... pretty good speed and low latency (actually i can't notice any latency at all - no mather if using wlan or 3g)!
GREAT WORK!!!
Hello XDA Developers, I have a Debian subsystem of sorts on my phone which is created by an application called Lil' Debi. For those of you unfamiliar with it, it essentially creates a Debian install on an .iso that can be mounted onto the disk. Once mounted, a user can access a shell to interact with this Debian subsystem by running /debian/shell as root, which will chroot to its own directory system separate system accessible from the Android Terminal.
Within this Debian subsystem I have created a non-root user account for the purpose of running a few networking applications that if compromised for some reason, won't give the attacker root privileges to break everything on my phone. There's only one small problem with this setup: I can't access the internet from a non-root account.
Both my terminal emulator and Lil' Debi have full network access, even when not run as root. I am curious then, why a non-root user account should have an incapability of accessing the network. A sample of wget on my phone using Google's IP address (I use the IP address because it cannot do DNS lookup obviously) gives a Permission Denied error. At the current moment I am not sure whether this problem lies with Android or with Debian. Does the user need to be explicitly granted permissions to use the network through Debian, or is the application somehow only able to access the network if it's root?
Additional information: The ROM used is PAC ROM, so you can assume any settings changes that could be made from Cyanogenmod or Paranoid Android can be made if necessary. The phone itself is a Oneplus One. No I don't have invites, so don't bother asking.
Opinions on the matter?
Also, on an unrelated note, g++ will only run under root. If I launch it as a non-root user, it will tell me that execvp failed because cc1plus doesn't exist. Why?
Thread's fallen onto the third page, so I'm going to bump.
One day has passed, and no help offered. Bump again.
Another bump. I thought XDA was supposed to be the most knowledgeable forum on Android.
Daily bump until this problem is solved...
Still bumping...
I hope people aren't just looking at the number of replies and assuming it's resolved...
Bumping again. At least 100 people have seen this thread, and not a single one has anything to say.
Bump again. It's now been a week since I asked this question.
Bump.
DISCLAIMER:
It is extremely illegal to use this app against networks you don't own or don't have a permission to attack. I am not responsible for how you use it and any damage you may cause. Consider yourself warned.
Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 (and BCM4358 (although injection is not yet supported so no aireplay or mdk)) chipset will work with Nexmon. Also, devices that use BCM4330 can use bcmon.
The required tools are included in the app. To install them go to Settings and click "Install Tools". This will install everything in the directory you select. If you have already installed them, you don't have to do anything. You can also have them at any directory you want and set the directories in Settings, though this might cause the wireless tools not being found. The Nexmon driver and management utility is also included.
Root is also necessary, as these tools need root to work. If you don't grant root permissions to it, it hangs... for some reason... don't know why...
Features:
View a list of access points and stations (clients) around you (even hidden ones)
View the activity of a network (by measuring beacons and data packets) and its clients
Deauthenticate all the clients of a network
Deauthenticate a specific client from the network it's connected
MDK3 Beacon Flooding
MDK3 Authentication DoS for a specific network or to everyone
Try to get a WPA handshake or gather IVs to crack a WEP network
Statistics about access points (only encryption for now)
See the manufacturer of a device (AP or station) from a OUI database (pulled from IEEE)
See the signal power of devices and filter the ones that are closer to you
Leave the app running in the background, optionally with a notification
Copy commands or MAC addresses to clipboard, so you can run them in a terminal if something goes wrong
Include the tools
Reaver WPS cracking (pixie-dust attack using NetHunter chroot)
.cap files cracking with custom wordlist
Let the user create custom commands to be ran on an access point or a client with one click.
Installation:
Make sure:
you are on Android 5+
you are rooted. SuperSU is required. If you are on CM, install SuperSU
have installed busybox (opened and installed the tools)
have a firmware to support Monitor Mode on your wireless interface
Download the latest version here.
When you run Hijacker for the first time, you will be asked whether you want to set up the tools or go to home screen. If you have installed your firmware and all the tools, you can just go to the home screen. Otherwise, click set up to install the tools. You can change the directories in which they will be installed, but I recommend that you leave them unchanged. The app will check what directories are available and select the best for you. Keep in mind that on some devices, installing files in /system might trigger an Android security feature and your system partition will be restored when you reboot. After installing the tools and the firmware (only Nexmon) you will land on the home screen and airodump will start. If you don't see any networks, make sure you have enabled your WiFi and it's in monitor mode. If you have a problem, go to settings and click "Test Tools". If they all pass, you probably don't have monitor mode enabled. If something fails, click "Copy test command" and select the tool that fails. A sample command will be copied to your clipboard so you can open a terminal, run it, and see what's wrong.
Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, then you should be getting the results you want. But also keep in mind that these are AUDITING tools. This means that they are used to TEST the integrity of your network, so there is a chance (and you should hope for it) that the attacks don't work on a network. It's not the app's fault, it's actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.
Troubleshooting:
First of all, if the app happens to crash at a random time, run it again and close it properly. This is to make sure that there are not any tools still running in the background, as this can cause battery drain. If it crashes during startup or exiting, open a terminal, run `ps | busybox grep -e air -e mdk` and kill the processes you see.
Most of the problems arise from the binaries not being installed (correctly or at all). If that's the case, go to settings, click "install tools", choose directories for binaries and the lib (libfakeioctl.so) and click install. If the directory for your binaries is included in PATH, then you don't have to do anything else. If it's not, the you need to adjust the absolute paths of the binaries, right below the "install tools" option. This might also cause problems (especially with mdk) since these programs require the wireless tools to be installed, and they won't find them if you install them anywhere other than the paths included in your PATH variable. If you don't know what the PATH variable is, then you probably shouldn't be using any of these programs.
If you are certain that there is problem with the app itself and not the tools installation, open an issue here so I can fix it. Make sure to include precise steps to reproduce the problem and a logcat (having the logcat messages options enabled in settings). If the app happens to crash, a new activity should start which will generate a report in /sdcard and give you the option to email it to me directly. I suggest you do that, and if you are worried about what will be sent you can check it out yourself, it's just a txt file and it will be sent as an email attachment to me.
XDA:DevDB Information
Hijacker, App for all devices (see above for details)
Contributors
chrisk44
Source Code: https://github.com/chrisk44/Hijacker
Version Information
Status: Testing
Current Stable Version: v1-RC.4
Stable Release Date: 2016-12-23
Created 2016-11-14
Last Updated 2016-12-26
Reserved
thank you
works great on my nexus 5 and note 3
not working on s6 edge problem i dont know i already installed in my device correctly and also hijacker airdump shows networks for attacking but not do real attack
Is there an updated XDA tutorial yet on setting up adb COMPLETELY wirelessly as of Android 11?
Why do I ask?
Using adb is a critical developer/hacking/user tool
As of Android 11, adb has been fundamentally changed for Wi-Fi
As of Android 12, adb was further improved for Wi-Fi
The existing XDA Developers' tutorial doesn't contain that info
I figured it out on my own (see below)...
(Which meant a LOT of new questions popped up that had to be solved that could have been answered in a tutorial)
Unfortunately, almost everything out there that I can find about adb is (wrong / inaccurate / incomplete [choose one]) in terms of how to set up a wi-fi connection as of Android 11 & 12.
The problem is there are important questions to be solved that are MISSING from that old tutorial
(These problems revolve around connection completely from the PC side only)
Where I would think EVERYONE would have the SAME questions as I do about the new setup
(And for which an updated XDA Developers' adb tutorial would be very useful!)
Mostly these new Android 11+ Developer options Wireless debugging features eliminate the USB cable.
But that then instantly brings up the non-intuitively fundamental question of ESTABLISHING the connection solely from the PC...
(which - let's never forget - is how the older, well documented USB-cable-first-then-Wi-FI adb connection had always been done)
Hence my question of:
Is there an updated XDA tutorial yet on setting up adb COMPLETELY wirelessly as of Android 11+ & 12+?
DETAILS:
Spoiler: Short summary of steps which should be in a tutorial
Given how important adb is to Android software development and hacking, I searched for an XDA Developers writeup on how the newly added Android 11+ Developer options Wireless debugging works and which incorporates a few of the even more newly added Android 12+ Developer options Wireless debugging tiles (which are CRITICAL but it's not obvious to those who haven't done it why those new Android 12 tiles have to be used every day all day!) & Android 12's separate ability to randomize the phone's MAC address for every Wi-Fi connection for added privacy (not just for every Wi-Fi SSID as Android 11 did it) which itself has further implications for reserving IP addresses (usually erroneously referred to as "static IP addresses" in the router and on the phone) for those daily random-port connections using adb over Wi-Fi only. You can no longer connect "from" the PC until after you physically "look" (using live human eyeballs!) to locate either the random port assignment (for "adb connect") or a different random port assignment plus a random pin assignment (for the new Android 11+ encrypted "adb pair" command). Now you can connect via adb over Wi-FI from the PC. But bear in mind the catch! Frequently (upon reboot for example), the Android 12+ tile turns off, as does the Developer options:Wireless debugging toggle, as does the Wi-Fi connection (in my case for privacy, as I have Wi-Fi toggle off when I leave the range of the LAN - which then turns off Wireless-debugging in an unintended cascade) but more importantly, frequently the random port assignment changes as does the random pin assignment. So you have to perform the all-important human-eyeball LOOK frequently - which you would rather not need to do if you could help it
Whew! I said what "should" be in a tutorial so others don't have to figure all of that out on their own just to set up adb completely wirelessly (without first establishing a USB connection on the PC).
I figured it all out, of course, but that XDA Developers writeup didn't help (in fact it hurts)... because it contained completely outdated information (which is why I wrote that long paragraph above, to summarize what's completely missing).
Here's what needs to be done on the phone:
Enable Wi-Fi (mine is set up to NOT auto-reconnect, for privacy)
Establish a connection over Wi-Fi to an SSID on your LAN
Enable Developer options:Wireless debugging (Android 11+)
Enable Developer options:Wireless debugging Tile (Android 12+)
Enable random MAC address per SSID (Android 11) or per connection (Android 12+)
Enable the (so-called) static IP address of the phone
Physically eyeball the random Wireless debugging port assignment (&/or random port + random PIN)
Note all the questions are related to the fact everyone wants to eliminate that last step above!
On the PC:
Simply assure yourself that the phone is on the LAN (e.g., ping 192.168.0.2) (duh)
Remember - it's using a RANDOM MAC address so the router has to be configured for that
Then connect from the PC adb to the phone completely over Wi-Fi (encrypted or not)
Remember - there's no initial establishment via USB - which means you need to know random ports!
adb connect 192.168.0.2:12345 (or) adb pair 192.168.0.2:12345 123456
Remember - everyone's goal is to obtain those random ports 100% from the PC side of things
You may have to accept an encryption dialog on your phone if this is the first time using that PC
At this point, adb over Wi-Fi works the same as adb has always worked (over USB first, then over Wi-Fi).
Until, of course, Android randomly resets the port assignment - which it does frequently!
Then you're back to having to look at the phone for the random port assignment
Notice that most of the issues people are having (see reference list below) are related to the fact that the random port assignement, as far as we know, can ONLY be obtained from a visual inspection of the Android phone - but also notice that nobody used to need to do that in the olden days (when we connected via USB cable first!).
My observation is nobody wants to do that visual inspection of the phone every time, all day, every day, whenever Android re-randomizes the MAC address (which, for me, happens frequently but my phone is set up specifically for Wi-FI privacy).
In summary, this thread asks if there is an XDA Developers' writeup for connecting adb on the PC completely wirelessly to Android 11 and Android 12 and up.
The REASON I believe that XDA Developers' updated adb tutorial is needed by hackers/developers/users is:
a. The way adb works over Wi-Fi is COMPLETELY DIFFERENT as of Android 11 (this is why finding an updated tutorial is needed!)
b. I had to figure all this out on my own, so that means everyone else does too (unless I missed the XDA Developers' tutorial), and,
c. There are still a ton of open unanswered questions that everyone also has.
REFERENCES: (in no specific order, these are attempts to make it work the way everyone wants it to work!)
(PSA) Using the new Android 12 TILE for 'Developer options' 'Wireless debugging' to establish adb connection over Wi-Fi without USB
What's the difference between Windows/Android adb "connect" versus adb "pair" when mirroring Android 12 over Wi-Fi onto a Windows PC?
Android 12 Developer options adb "Wireless debugging" option keeps turning off
[adb,scrcpy,vysor] What ports does Android 12 randomly set when Wi-Fi connecting via Wireless debugging adb "pair" or "connect" commands?
[adb] What is the adb syntax to connect wirelessly to Android by unique serial number (instead of by Wi-Fi LAN IP address & random port assignment)?
Note that none of those threads would be needed if we could have found a comprehensive tutorial that was updated to Android 11 and 12 new connect-adb-over-Wi-Fi-without-USB functionality that answers those basic obvious questions to ask. (See illustrative screenshots below).
Is an updated XDA Developers' writeup extant for connecting adb on the PC completely wirelessly to Android?
I simply use ladb - it's an app that makes the whole process a breeze
See a big xda write up about it here ..
How to debloat your phone (and more) without connecting to a PC
LADB is an app that lets you run ADB shell commands from your phone, no root and no PC needed! Use it to debloat your phone and more!
www.xda-developers.com
CFKod said:
I simply use ladb
Click to expand...
Click to collapse
Thanks for that advice to use Local ADB which "leverages Android’s built-in support for ADB over WiFi to provide a GUI for sending shell commands straight from the Android device."
The great news is that was the first XDA Developers' tutorial that I've seen that showed cognizance of the new Android 11 features of setting up adb completely wirelessly (without need for USB first).
* GitHub: LADB (A local ADB shell for Android!)
The bad news is that, at least upon initial inspection, ladb doesn't do anything you can't do inside of Termux as far as I can tell (is that correct though - maybe the ladb apk can do more privileged actions?).
Spoiler: Example of doing in Termux what would often be done in adb
1. Install F-droid <https://f-droid.org/>
<https://f-droid.org/F-Droid.apk>
2. Install F-Droid Termux <https://f-droid.org/en/packages/com.termux/>
<https://f-droid.org/repo/com.termux_117.apk>
3. Add F-Droid Termux Widget <https://f-droid.org/en/packages/com.termux.widget/>
<https://f-droid.org/repo/com.termux.widget_12.apk>
4. Run the F-Droid Termux & create an alias we'll name "rad" for reset ad id.
$ rad
(This should report: No command rad found)
$ alias rad 'am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity'
$ rad
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
$ cat ~/.bashrc
cat /data/data/com.termux/files/home/.bashrc
No such file or directory
$ alias > ~/.bashrc
$ cat !$
alias rad='am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity'
$ unalias rad
$ rad
(This should report: No command rad found)
$ source ~/.bashrc
$ rad
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programatically close it later)
5. Run the F-Droid Termux and create two directories for the shortcut widget
$ mkdir -p $HOME/.shortcuts (we will put our shell script here)
$ mkdir -p $HOME/.shortcuts/tasks (we didn't use this directory yet)
6. Create a shell script to open up the reset ad id Activity.
$ cd $HOME/.shortcuts
$ nano ./rad.sh
Edit the result to look like this:
#!/data/data/com.termux/files/usr/bin/bash
am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity
$ chmod +x ./rad.sh
$ ./rad.sh
(nothing will happen)
7. Modify termux to be able to execute user shell scripts on Android.
$ pkg install termux-exec
8. Test your shell script.
$ ./rad.sh
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
9. Add the Termux Widget to your homescreen.
Long press your Android homescreen.
Select "Widgets" & then "Termux:Widget" & place it on your Android homescreen.
It will ask: Create widget and allow access? to which you press "Yes"
Then press the "rad.sh" entry showing up in that Termux Widget.
"Termux requires "Display over other apps" permission
to start terminal sessions from background on Android >=10."
"Grants it from Settings -> Apps -> Termux -> Advanced"
10. Grant Termux permission to display over other apps:
Android11:Settings > Apps > Your apps > Termux > Appear on top = (change off to on)
11. Now press the Termux Widget entry named "rad.sh"
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
12. Reboot the phone & ensure everything is persistent.
Tap the new homescreen icon after rebooting
& the "reset ad id" Activity should pop up.
But worse, the LocalADB instructions clearly say to do the same manual (aurgh!) steps we've been doing all along.
That is, even with LADB, they're still NOT obtaining the random port address programatically; they're getting it manually - just like I've been doing all along without LADB.
So ladb doesn't change anything... as far as I can tell (but maybe I'm wrong?).
"Copy the 6 digit “Wi-Fi pairing code” and paste it into the “pairing code” box in LADB. Copy the 5 digit port number from the IP address (the 5 numbers after the colon) and paste it into the “Port” box in LADB."
Click to expand...
Click to collapse
If I were to "guess" wildly - then that means what everyone wants is perhaps impossible to accomplish; but I'm still hoping that's not the case - but - the point is to find an updated XDA Developers' tutorial that shows an awareness of the stated problem set.
EDIT: I have an idea. I installed LADB on Android, and now I'm trying to see if I can query that LADB from the PC using adb commands where the goal is maybe the PC adb can query the Android ladb to figure out what the current random port assignment is???
GalaxyA325G said:
So ladb doesn't change anything... as far as I can tell (but maybe I'm wrong?).
If I were to "guess" wildly - then that means what everyone wants is perhaps impossible to accomplish; but I'm still hoping that's not the case - but - the point is to find an updated XDA Developers' tutorial that shows an awareness of the stated problem set.
EDIT: I have an idea. I installed LADB on Android, and now I'm trying to see if I can query that LADB from the PC using adb commands where the goal is maybe the PC adb can query the Android ladb to figure out what the current random port assignment is???
Click to expand...
Click to collapse
Yes .. everything you have said is correct
I wouldn't say it has any special privileges. It just guides you through the connection process.
You end up with a blank canvas in terminal - just as you would using termux
Not sure what the app costs, I purchased pre release so cost barely a thing
either way , it cuts out some of the faff and i'd certainly recommend for a less tech savvy person...
Then again.. why wouldn't anyone with no clue, use adb?
If I can assist in any way. Feel free to give me a shout on telegram
CFKod said:
Yes .. everything you have said is correct
Click to expand...
Click to collapse
I must again thank you for letting me know about local adb.
I installed ladb the instant you informed me about it.
Yesterday and today I started to test it out.
CFKod said:
It just guides you through the connection process.
Click to expand...
Click to collapse
I'm hoping maybe this ladb running on the Android device "might" give it something special that the PC doesn't have in terms of access to the information of the random port assignment on Android.
There are multiple levels of this problem set, the top level being the almost complete lack of XDA Developers' tutorials that have any cognizance of what's new in Android 11 and up with respect to adb wireless connections - where - again - I thank you for finding the one and only XDA Developers' tutorial that shows that awareness.
However, the more important level of this problem set is to find a way to connect adb wirelessly to Android WITHOUT manually grepping the random port with our eyeballs.
CFKod said:
You end up with a blank canvas in terminal - just as you would using termux
Click to expand...
Click to collapse
It may very well be that the Android developers made that impossible (e.g., for security reasons); but in the absence of any information or tutorial stating that as a fact, I'm not going to assume it's impossible (yet).
AFAICT, the way to solve the problem is to find a way to either:
a. Keep the port assignment static, or,
b. Set the port to a specific assignment (as we did with USB), or,
c. Determine the random port assignment programatically
It "may" be that local adb can help in that latter method... dunno yet... but I didn't even know ladb existed until you mentioned it so I'm starting from scratch without a tutorial (for this part of the problem set).
CFKod said:
I wouldn't say it has any special privileges.
Click to expand...
Click to collapse
Actually, after looking it up since yesterday, I think local adb DOES have more privileges than does Termux; so I was wrong in that assumption.
The ladb developer, @tytydraco said so himself on Dec 18, 2020 when he announced the existence of the ladb APK on XDA Developers.
tytydraco said:
for those of you who have used or encountered ADB in the past, you know that you usually need a PC to shell into your phone. While yes, apps such as Termux exist, they don't have elevated privileges as ADB does.
Click to expand...
Click to collapse
So we can safely assume ladb has "elevated privileges" which Termux doesn't have (which is a good thing as we may need them!).
CFKod said:
Then again.. why wouldn't anyone with no clue, use adb?
Click to expand...
Click to collapse
Well.... just as "mock location" GPS spoofing is a "Developer option" that has gone mainstream, I suspect we're at an inflection point where with screen mirroring of scrcpy and vysor, that adb usb/wireless debugging has gone mainstream too!
In summary, here's the status so far (which may change over time)...
a. Unfortunately, nobody knows of an updated XDA adb tutorial
b. But there is an updated XDA ladb tutorial
c. But even that ladb tutorial REQUIRES an eyeball grep of the random port assignment (aurgh!)
Note with the brand new Android 12 tile that it's not in the least difficult to do that eyeball grep of the current random port assignment (although you have to get up from your computer to find the phone in order to do so) - but the whole point of computers is they are supposed to do that stuff for you (are they not?).
While it may be designed that way by Google, I'm hoping I can figure out a programatic way to obtain that random port assignment from the PC, where the suggestion of perhaps implementing ladb as a middleman "might" solve that problem (if I can figure out the method).
Thanks for your help and advice, as everyone has the same adb random port assignment problem who wants to mirror their phone onto the PC completely wirelessly - and for which there is no known XDA tutorial to help them (yet).
BTW, I've noticed only recently since I started testing out ladb that the serial numbers are different where I wonder if anyone can explain why there is both a long and a short serial number when using adb completely wirelessly.
Note the question matters because "maybe" we can omit the random port if we can connect via the static serial numbers...
Adb source changes a lot, with the adb wifi stuff being added in, you could probably compile a modified adb binary to use via an apk like ladb that could use a static serial number connection method.
In source, there's a lot of testing binaries you can compile, iirc in maybe 11-dev branch there was some code commented out to allow for more insecure connections.
Hey I have noticed that shizuku also uses wireless adb...
I may have time to test it later.
Surge1223 said:
you could probably compile a modified adb binary to use via an apk like ladb that could use a static serial number connection method.
Click to expand...
Click to collapse
Thank you for that suggestion, because if it was easy to connect purely over Wi-Fi (sans USB) between adb on the PC and the Android 11+ phone (WITHOUT eyeballing the randomly assigned port address), it would have been documented already (since it's what EVERYONE wants to do).
So we're breaking new ground...
And, while I definitely harbor the optimism that there (almost always) is a way, I do agree that nobody on the Internet (that I can find) has found THAT way.
Still... as you suggested, ladb does have some extra "hooks" on the phone itself which may allow ladb to REPORT back to the PC over Wi-Fi what our EYEBALLS have to see for themselves today (of the random port address).
This report back to the PC (of the random port address) over Wi-FI has to be done in some OTHER protocol than adb itself, I suspect... as it's a chicken-and-the-egg scenario otherwise.
BTW, we "might" be able to use the Android serial number to good effect, but probably not as my tests using the Android serial number only work AFTER the adb connection has been prior established.
Code:
C:\> adb devices
*daemon not running; starting now at tcp:5555
*daemon started successfully
List of devices attached
C:\> adb devices
List of devices attached
C:\> adb devices
adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp. device
C:\> scrcpy -s adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp.
C:\> adb connect -s adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp.
C:\> adb connect -s 192.168.0.2
CFKod said:
Hey I have noticed that shizuku also uses wireless adb...
I may have time to test it later.
Click to expand...
Click to collapse
Thank you for that pointer to Shizuku which, like ladb, I had never heard of until you mentioned it as a possible solution.
What's nice is Shizuku has its own updated tutorial on XDA Developers which, at least, is aware of the new Android 11+ Developer options:Wireless debugging toggle, as it says...
"On Android 11 or above, you can enable Wireless debugging and start Shizuku directly from your device, without connecting to a computer."
Click to expand...
Click to collapse
By which they really mean:
"On Android 11 or above, you can enable Wireless debugging and start Shizuku directly from your device, without first needing to connect by USB to a computer."
Click to expand...
Click to collapse
I'm not rooted; but, since Shizuku can be started on the Android device, maybe it can be used to tell the computer over Wi-Fi what the current random port address assignment is (or the unencrypted adb connect command) or the random port and pin assignment (for the encrypted adb connect command).
MOD EDIT: ENGLISH TRANSLATION ADDED
I want to apply this program, Yasser, as much as possible
---------------------------------
ااريدتطبيق هذا البرنامح ياسر مايمكن
MOD EDIT: ENGLISH TRANSLATION ADDED
and not google
-----------
وغير قوقل
زين said:
MOD EDIT: ENGLISH TRANSLATION ADDED
I want to apply this program, Yasser, as much as possible
---------------------------------
ااريدتطبيق هذا البرنامح ياسر مايمكن
Click to expand...
Click to collapse
زين said:
MOD EDIT: ENGLISH TRANSLATION ADDED
and not google
-----------
وغير قوقل
Click to expand...
Click to collapse
1. This thread is a question (mostly) about a missing XDA tutorial.
2. The NEED for the tutorial is embedded in the details
Essentially...
a. We need an updated adb TUTORIAL for Android 11+ new features
b. Specifically, how to connect COMPLETELY via Wi-Fi (no USB)
Keeping in mind...
i. The OLD USE model used adb over USB first
ii. And then, after USB connection, adb could move to Wi-Fi
What we want is...
A. The Android 11+ use model is to eliminate the need for USB
B. But STILL connect using adb over Wi-Fi from the PC
Where...
A. The OLD use model was done COMPLETELY from the PC
B. And we're simply trying to REPLICATE that old use model
However... the problem is...
1. So far, we MUST first ascertain VISUALLY the random port (& PIN)
2. Which means we can no longer connect FROM the PC
That's the problem exposed by this thread, in a nutshell...
But... I do NOT understand what the two posts above are asking us to answer...
a. "I want to apply this program, Yasser, as much as possible"
b. "And not google"
Huh?
A. Which program? (adb? ladb? shizuku?)
B. Who (or what?) is Yasser?
C. And what does "not Google" have to do with it?
D. What does that poster want as an "answer"?
I want to help the guy (just as I'd want to help anyone).
But I don't understand what the heck the guy is even asking.
Can someone translate that English translation to something that makes sense in English that can be answered in English?