AndroRAT - Remote Administration Tool for Android - Android Apps and Games

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Code:
The name Androrat is a mix of Android and RAT (Remote Access To
ol).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.
Features
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser
Do vibrate the phone
- Credits to Robin David (https[://]www[.]soldierx.com[/]hdb[/]Robin-David)
- Download the source code here
Github - https[://]github[.]com[/]DesignativeDave[/]androrat
Sorry to you all, because this is my first post, i can't post link to outside this forum so you should remove the "[" and "]" from the link above to access it. Thank you

idrcelab said:
Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Code:
The name Androrat is a mix of Android and RAT (Remote Access To
ol).
Credits to Robin David (https://www.soldierx.com/hdb/Robin-David)
Download the source code here
Github - https://github.com/DesignativeDave/androrat
Click to expand...
Click to collapse
interresting lets see..
but why is it in android wear and not android apps and games ?

webwalk® said:
interresting lets see..
but why is it in android wear and not android apps and games ?
Click to expand...
Click to collapse
Because, that is my first post - and i can't post it right in the development place . I hope you like it. Thank you

Works on android 4.4<= ?

Interesting!!
Great its working on Android 4.4.
For more visit us at:
ati-erp.com

Looks like a great concept. How do the rest of us android enthusiasts install this?
Suggestions:
Add
-ability to wipe phone and SD card.

Interesting and useful app, but without an APK, I'm afraid you'll have problems making this success.
https://github.com/DesignativeDave/androrat

Compiled APK
Sorry to not satisfy question / ask about compiled APK and FUD binder, my purpose to post this thread only for advanced user that know how something really done, if you need the APK - please learn some language (especially JAVA) in order to compile it and know how it works, and then you will know the easy way to FUD it .

Compiled file?
How to use this software? Is there any compiled version? I don't have a computer. :/ please anyone can upload the compiled file? And also 'how to use manual'
Thank you, I would be really thankfull to you

No further Process after building apk in binder...
idrcelab said:
Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Code:
The name Androrat is a mix of Android and RAT (Remote Access To
ol).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.
Features
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser
Do vibrate the phone
Credits to Robin David (https[://]www[.]soldierx.com[/]hdb[/]Robin-David)
Download the source code here
Github - https[://]github[.]com[/]DesignativeDave[/]androrat
Sorry to you all, because this is my first post, i can't post link to outside this forum so you should remove the "[" and "]" from the link above to access it. Thank you
Click to expand...
Click to collapse
No further Process after building apk in binder...what is solution?

thehunt94 said:
Works on android 4.4<= ?
Click to expand...
Click to collapse
yes , its working on 4.4

Can anyone provide me with an installable version of this utility?

Need help in configration
idrcelab said:
Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
Code:
The name Androrat is a mix of Android and RAT (Remote Access To
ol).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.
Features
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser
Do vibrate the phone
Credits to Robin David (https[://]www[.]soldierx.com[/]hdb[/]Robin-David)
Download the source code here
Github - https[://]github[.]com[/]DesignativeDave[/]androrat
Sorry to you all, because this is my first post, i can't post link to outside this forum so you should remove the "[" and "]" from the link above to access it. Thank you
Click to expand...
Click to collapse
I'm using dial-up connection so can i setup androrat and able to use it ? If yes then plzz tell me

Work on Lollipop?
Work on lollipop?

Black Screen
the apk does not open of some phones it shows a black screen and says app not responding wait or close .... any solution for this ..i created the apk using the androrat binder app

I am not able to compile it . As soon as I build it my antivirus detects it and deletes it.Any solution for this?

Hi,
AndroRat working perfect , I tested with my own phone , I can download images and everything but I tested with another phone in China , it can connect and also access photos everything but after download images and when I try to open, it gives me " images cannot view ..." Like error , why is that?

download link
Where is it ?

Is the client side invisible/unnoticable for the user?
By retrieving messages do you mean just SMS or it can get whatsapp, viber and so on?

Apk Binder
Dear friends
Please help me for the apk Binder app (in both Droidjack and Androrat) they does not work!
I think there should be another way to bind or mix 2 apk files.(with Winrar or ...)
Thanks in advance!

Related

[Q] noob with some *simple?* questions

Hi all, I'm new to android app development and I'm really not looking to make anything for anyone other than myself. I am basically trying to do a couple of easy apps to help me see if the power is on at my house so I know my fish tank has power and to be able to remotely monitor the conditions of the tank from my phone. Nothing amazing or difficult but just for my own peace of mind. What seems that it should be simple has been very frustrating over the last few days. I do have a background which includes some programming, nothing extensive, but I really didn't bat an eye at the proposition of doing what I'm looking to do. I really thought I could bang something crude but usable out in a few hours with what experience I do have.
I found a how-to that shows a foundation for an app I'd like to be able to modify for my own use. It can be viewed at http (colon) (slash) (slash) media (dot) pragprog (dot) com (slash) titles (slash) mrhome (slash) light.pdf (skip to page 10) for anyone interested. I have installed eclipse and have become quite familiar with the interface. I can run the app exactly as the how-to instructs you to create it and it works flawlessly. Http requests can be seen at the server for whatever I tell it to send. However, when I export the app and install it on my phone the app loads and appears to be working fine but when I tail the web server logs to view them no incoming requests are coming from my phone. I can see the incoming http requests from the emulator but not from the phone. There are also no errors during compiling nor during running it in debug mode on the phone in eclipse via a usb cable. The common answer to similar questions to mine seems to be if the permissions are set up correctly in the Manifest file which they are AFAIK.
My suspicion is that there is something in the phone blocking outgoing http requests but there are no errors whatsoever to indicate this. I'm wondering if it is because it is an unsigned app regardless of whether or not I have the phone in debug more and regardless of the user-permissions in the Manifest file. Is there anyone who can give me a hand to understand what I might be doing wrong or differently than the author of the aforementioned pdf file? The most confusing thing is how it works flawlessly on the emulator and seems to work flawlessly on the phone until you look at the web server logs and see no incoming requests from the phone but from the emulator you see the incoming requests to the remote web server. The phone has internet access and I can even ssh to the web server or access it through a browser on the phone. It is only my app that I made that cannot access the web server. Any ideas?
Thanks.

[APP][NO ROOT] WazzapMigrator: move your Whatsapp history from iPhone to Android

I developed a (free) tool to move your Whatsapp history (txts + media) from iPhone to Android. Read the tutorial and spread the word if anybody needs it, already a few hundred people used it succesfully!
mod edit - links removed
ps if you know java, a stack overflow thread is linked in the Throubleshooting section. I wasn't able to solve an apparently-random issue so any help is appreciated.
How to transfer chats Whatsapp from Android to iPhone ?
I'm willing to pay for help
condor-style
@
mail.
ru
Boytsoff said:
How to transfer chats Whatsapp from Android to iPhone ?
I'm willing to pay for help
condor-style
@
mail.
ru
Click to expand...
Click to collapse
A tool called Backuptrans Android WhatsApp to iPhone Transfer can help. See the detail tutorial:
How to transfer WhatsApp Messages from Android to iPhone?
Hope it helpful.
ark0n3 said:
I developed a (free) tool to move your Whatsapp history from iPhone to Android. Read the tutorial and spread the word if anybody needs it, already a few hundred people used it succesfully!
mod edit - links removed
ps if you know java, a stack overflow thread is linked in the Throubleshooting section. I wasn't able to solve an apparently-random issue so any help is appreciated.
Click to expand...
Click to collapse
moved to a (free) android app. you can check it out on play store https://play.google.com/store/apps/details?id=com.nbeghin.whatsappmigrator.lite
I can't access the tool
The url you provided is not accessible. Where can I access it now. Please post the updated URL and Does it support migrating from Nokia Symbian OS to Android?
luckyxdadev said:
The url you provided is not accessible. Where can I access it now. Please post the updated URL and Does it support migrating from Nokia Symbian OS to Android?
Click to expand...
Click to collapse
you're right. the updated url is mod edit - links removed . Unfortunately it does not migrate from Symbian to Android.
Boytsoff said:
How to transfer chats Whatsapp from Android to iPhone ?
I'm willing to pay for help
condor-style
@
mail.
ru
Click to expand...
Click to collapse
did you know already how to transfer whatsapp from android to iphone?let me know i've been searching everyday but still not easy way to transfer my chat history...tnx
It includes files ?
do you mean media (audio/photo/video)? yes, it does
ark0n3 said:
do you mean media (audio/photo/video)? yes, it does
Click to expand...
Click to collapse
Any way to merge iPhone database with new crypto 10 database ?
My phone is rooted and I tried without merging and it worked fine, but I really wish to merge.
Thanks.
CyberPonk said:
Any way to merge iPhone database with new crypto 10 database ?
My phone is rooted and I tried without merging and it worked fine, but I really wish to merge.
Thanks.
Click to expand...
Click to collapse
If your phone is rooted yes you can. Contact me by pm if you want more info
the links posted were directing to a paid application which is against the forum rules
Here you can read about how to post paid apps on XDA
A Guide to Paid Work on XDA-Developers
thread closed until a free version will be available
Thanks for understanding
Dan - forum moderator

[APP][2.2+] Backitude - Server-side development

I am creating this thread to start an area for Backitude server side developers and for casual users looking to implement their own flavor of location history or Google Latitude, to come and chat, ask questions, and get information.
Backitude is an android application that allows users to track their device locations in a highly configurable and continuous manner. Location data can be stored locally as (KML, CSV) or posted to a custom server. Anyone can create their own server implementation for storing or sharing location data.
Currently, three users are sharing their implementations:
http://backitude.ascanwex.de/ ([email protected])
-and-
https://bitbucket.org/nparley/mylatitude/wiki/Home ([email protected])
-and-
http://www.backituders.com ([email protected])
Let me know if more exist you would like me to add to the list!
Quick hack for using Traccar as backend
Hi,
If you want to use Traccar as the backend, then you can quickly implement a server side fix in PHP that converts the HTTP POST from Backitude to the required HTTP GET request OsmAnd style that Traccar expects.
Requirements:
- HTTP server with PHP
Place a backitude.php file with this content on your Traccar server:
PHP:
<?
$data=$_POST;
array_walk($data , create_function('&$v,$k', '$v = $k."=".$v ;'));
$url='http://127.0.0.1:5055?'.implode("&",$data);
$response = file_get_contents($url);.
echo "200 OK\n";
?>
Replace 127.0.0.1 with your Traccar server, if it's located on another host than the one you put the PHP code in.
Configure Backitude like this:
Server URL: http://<yourserveraddress>/backitude.php
Successfull response code: 200
Authentication: none
Custom field1: <enter your imei or the ID youre using in Traccar>
Latitude: lat
Longitude: lon
Accuracy: hdop
Speed: speed
Altitude: altitude
Direction Bearing: bearing
Location Timestamp (UTC): timestamp
TimeZone Offset: do not post/empty
Custom Field 1: id
Works for me! Thanks a lot for Backitude - the Traccar client is not nearly as reliable or battery friendly as Backitude.
wire103 said:
Hi,
If you want to use Traccar as the backend, then you can quickly implement a server side fix in PHP that converts the HTTP POST from Backitude to the required HTTP GET request OsmAnd style that Traccar expects.
Requirements:
- HTTP server with PHP
Place a backitude.php file with this content on your Traccar server:
PHP:
<?
$data=$_POST;
array_walk($data , create_function('&$v,$k', '$v = $k."=".$v ;'));
$url='http://127.0.0.1:5055?'.implode("&",$data);
$response = file_get_contents($url);.
echo "200 OK\n";
?>
Replace 127.0.0.1 with your Traccar server, if it's located on another host than the one you put the PHP code in.
Click to expand...
Click to collapse
Would this whole implementation be a lot simpler, if Backitude sent over a GET instead of a POST ?
Yes, a toggle switch between GET and POST would make your program directly compatible, if the user can set port number on the URL as well.
Sendt fra min GT-I9505 med Tapatalk
To repost from the other thread:
I have finally got around to opening up my Google App Engine app code. It runs on the free quota on Google App Engine and so it does not require you to pay for a server. Also as it's your app you have control of your location data, and can delete it at any time by going into the Google App Engine settings for your app. You send your location to your app and it is recorded in a database. The app allows you to share your location with other people by creating a white list of allowed Google accounts. I have also made a history page which you can use to see your updates from each day. I can't add links but you should be able to find the code at bitbucket.org / nparley
No doubt there will be bugs which I have not found. If you find one please add an issue to on the bitbucket page. I will continue to add new features as I can but am open to requests, just add a feature requestion issue on bitbucket.
Cheers,
Neil
[B[/B][/B]
nparley said:
To repost from the other thread:
I have finally got around to opening up my Google App Engine app code. It runs on the free quota on Google App Engine and so it does not require you to pay for a server. Also as it's your app you have control of your location data, and can delete it at any time by going into the Google App Engine settings for your app. You send your location to your app and it is recorded in a database. The app allows you to share your location with other people by creating a white list of allowed Google accounts. I have also made a history page which you can use to see your updates from each day. I can't add links but you should be able to find the code at bitbucket.org / nparley
No doubt there will be bugs which I have not found. If you find one please add an issue to on the bitbucket page. I will continue to add new features as I can but am open to requests, just add a feature requestion issue on bitbucket.
Cheers,
Neil
Click to expand...
Click to collapse
ON WEB PAGE IT SHOWS ONLY "Hello world!"
holysmoke001 said:
[B[/B][/B]
ON WEB PAGE IT SHOWS ONLY "Hello world!"
Click to expand...
Click to collapse
Hi holysmoke001,
I am not quite sure what you are referring to,
Neil
nparley said:
Hi holysmoke001,
I am not quite sure what you are referring to,
Neil
Click to expand...
Click to collapse
Hi Neil
I follow all your instructions for Setting up the app but when i go to yourapp(my app).appspot.com/
IT SHOWS ONLY "Hello world!" written on corner of the web page.
can you please upload detailed instructions step by step how to set up the app
holysmoke001 said:
Hi Neil
I follow all your instructions for Setting up the app but when i go to yourapp(my app).appspot.com/
IT SHOWS ONLY "Hello world!" written on corner of the web page.
can you please upload detailed instructions step by step how to set up the app
Click to expand...
Click to collapse
I assume you have done all the steps here? https://bitbucket.org/nparley/mylatitude/wiki/Setup App Does your site say running if you go to here https://appengine.google.com/
---------- Post added at 09:34 PM ---------- Previous post was at 09:26 PM ----------
holysmoke001 said:
Hi Neil
I follow all your instructions for Setting up the app but when i go to yourapp(my app).appspot.com/
IT SHOWS ONLY "Hello world!" written on corner of the web page.
can you please upload detailed instructions step by step how to set up the app
Click to expand...
Click to collapse
OK the problem could be this https://code.google.com/p/google-app-engine-samples/issues/detail?id=40 i.e. the path is wrong and the app engine application launcher has created another default app.yaml and app.py file.
nparley said:
I assume you have done all the steps here? //bitbucket.org/nparley/mylatitude/wiki/Setup%20App Does your site say running if you go to here://appengine.google.com
---------- Post added at 09:34 PM ---------- Previous post was at 09:26 PM ----------
OK the problem could be this //code.google.com/p/google-app-engine-samples/issues/detail?id=40 i.e. the path is wrong and the app engine application launcher has created another default app.yaml and app.py file.
Click to expand...
Click to collapse
yes problem is same.Launcher is creating a new folder inside my project folder with a default main.py and app.yaml file.
my project folder is JMlatitude and i copied my client secret file in JMlatitude folder and edited the app.yaml file as JMlatitude.yaml but launcher is creating new folder (JMlatitude) inside project folder.pls help what to do
Thanks Brian for the dedicated post.
This is how to get started with my service (www.backituders.com).
0) The service is free
1) Drop me an email to [email protected] backituders <Dot> com. You'll get a username pwd password back.
2) Start using backituders!
You can find more infos, expandoing docs and guides at www.backituders.com.
Backituders is meant as an API you can use to implement your own applications on. I provide the server and APIs to set and get positions, set alamers and alerts and so on. There is also a ready-to-use "draw my map" and "follow my device live" feature.
Will use this post as updates to the service are done.
- 20131031: display timestamps in RFC format, display speed
- 20131104: changed the icons on the map to reflect direction (8 main dir) when available.
- 20131104: sono disponibili istruzioni base in italiano.
Thanks any for testing.
holysmoke001 said:
yes problem is same.Launcher is creating a new folder inside my project folder with a default main.py and app.yaml file.
my project folder is JMlatitude and i copied my client secret file in JMlatitude folder and edited the app.yaml file as JMlatitude.yaml but launcher is creating new folder (JMlatitude) inside project folder.pls help what to do
Click to expand...
Click to collapse
Hi,
Sorry I might not have been clear in my instructions. You have to keep the file named app.yaml as this is the file Google App Engine looks for and will create a new one if not found. It is inside this file where you have to make the edit, the top line contains `application: YOURAPPNAME` here you have to change YOURAPPNAME to JMlatitude.
Neil
nparley said:
Hi,
Sorry I might not have been clear in my instructions. You have to keep the file named app.yaml as this is the file Google App Engine looks for and will create a new one if not found. It is inside this file where you have to make the edit, the top line contains `application: YOURAPPNAME` here you have to change YOURAPPNAME to JMlatitude.
Neil
Click to expand...
Click to collapse
Thanks Neil its working now
Hi Neil pls help me in setting up backitude custom server settings
1.there are two custom field 1 one in request parameter values and another is in request parameter keys .which key i have to fill in both custom fields
API key or application key setup at yourapp.appspot.com. when i fill custom field 1 in request parameter values it shows no custom field parameter key configured, value will not post (configure below) when i run test it shows error gaugler.backitude.service.backitudeException:Custom Server POST failure: HTTP/1.1400 Bad Request
2. what to fill in Device ID
holysmoke001 said:
Hi Neil pls help me in setting up backitude custom server settings
1.there are two custom field 1 one in request parameter values and another is in request parameter keys .which key i have to fill in both custom fields
API key or application key setup at yourapp.appspot.com. when i fill custom field 1 in request parameter values it shows no custom field parameter key configured, value will not post (configure below) when i run test it shows error gaugler.backitude.service.backitudeException:Custom Server POST failure: HTTP/1.1400 Bad Request
2. what to fill in Device ID
Click to expand...
Click to collapse
Get the key from going here: yourapp.appspot.com/viewkey. You want to end up with something like this:
https://bytebucket.org/nparley/mylatitude/wiki/settings.png I.e. at the top in the custom field type your long key. Under requestion parameter keys change custom field 1 (it'll have no value to start with) to the word "key". I don't seem to have a device ID on my backitude version are you sure you have the latest version from the play store? (or try leaving it bank) Also make sure you change the response codes to 200,202
Neil
Trying to set up the app in google apps
nparley said:
To repost from the other thread:
I have finally got around to opening up my Google App Engine app code. It runs on the free quota on Google App Engine and so it does not require you to pay for a server. Also as it's your app you have control of your location data, and can delete it at any time by going into the Google App Engine settings for your app. You send your location to your app and it is recorded in a database. The app allows you to share your location with other people by creating a white list of allowed Google accounts. I have also made a history page which you can use to see your updates from each day. I can't add links but you should be able to find the code at bitbucket.org / nparley
No doubt there will be bugs which I have not found. If you find one please add an issue to on the bitbucket page. I will continue to add new features as I can but am open to requests, just add a feature requestion issue on bitbucket.
Cheers,
Neil
Click to expand...
Click to collapse
I have also tried to set up the app with google engine. I got stuck where I need to download a copy of my app code. I have no idea how to do this. In the description you wrote to download the latest .zip or clone the git repo into a directory. How will I be able to do that?
Thanks for helping me.
regards
Manfred
nparley said:
Get the key from going here: yourapp.appspot.com/viewkey. You want to end up with something like this:
https://bytebucket.org/nparley/mylatitude/wiki/settings.png I.e. at the top in the custom field type your long key. Under requestion parameter keys change custom field 1 (it'll have no value to start with) to the word "key". I don't seem to have a device ID on my backitude version are you sure you have the latest version from the play store? (or try leaving it bank) Also make sure you change the response codes to 200,202
Neil
Click to expand...
Click to collapse
Hi Neil!
Great app, finally got it to work. Will report more feedback later!
Good work!!
Error message with key
nparley said:
Get the key from going here: yourapp.appspot.com/viewkey. You want to end up with something like this:
https://bytebucket.org/nparley/mylatitude/wiki/settings.png I.e. at the top in the custom field type your long key. Under requestion parameter keys change custom field 1 (it'll have no value to start with) to the word "key". I don't seem to have a device ID on my backitude version are you sure you have the latest version from the play store? (or try leaving it bank) Also make sure you change the response codes to 200,202
Neil
Click to expand...
Click to collapse
Hi Neil!
Now the app worked for a couple of hours and now I get this message:
Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v3 on this site. If you are the owner of this application, you can learn about obtaining a valid key here: https://developers.google.com/maps/documentation/javascript/tutorial#api_key
Do you have any idea what I could do?
Thanks!
dukerider33 said:
Hi Neil!
Now the app worked for a couple of hours and now I get this message:
Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v3 on this site. If you are the owner of this application, you can learn about obtaining a valid key here: https://developers.google.com/maps/documentation/javascript/tutorial#api_key
Do you have any idea what I could do?
Thanks!
Click to expand...
Click to collapse
This probably means you have your Google maps api key wrong or you did not fill in your Google maps api in when you setup the app. The instructions show you where to get the browser api key from, it's this page https://code.google.com/apis to get your Google maps browser api key. You can go here https://appengine.google.com log in to your app, click on data store viewer, in the by kind drop down pick maps the keyid should equal the key you get from the Google api console. You can edit it if it's not correct. If you have no maps kind in the data store you need to delete all the users and run the setup again.
Hopes this gives you some help trubble shooting,
Neil
nparley said:
This probably means you have your Google maps api key wrong or you did not fill in your Google maps api in when you setup the app. The instructions show you where to get the browser api key from, it's this page https://code.google.com/apis to get your Google maps browser api key. You can go here https://appengine.google.com log in to your app, click on data store viewer, in the by kind drop down pick maps the keyid should equal the key you get from the Google api console. You can edit it if it's not correct. If you have no maps kind in the data store you need to delete all the users and run the setup again.
Hopes this gives you some help trubble shooting,
Neil
Click to expand...
Click to collapse
Hi Neil,
had to setup the site completely new from the scratch. Now it works nicely.
Thank you!

[Q] I want to create chat application

Hello!
Unfortunately, if the subject contains spelling errors
Today the idea of ​​my creation chat application technique is the tips that I work out how much would cost and what are the appropriate servers

[APP] Pikik 7.9 (Modified Kik Messenger with AntiLag)

Hello XDA,
I'm releasing a modified version of Kik to the public. This is version 7.9 - without video playback support. I created this in January after discovering an exploit within Kik Messenger that allowed me to crash other users. This gave birth to what are known as "lag codes", which are long strings that cause instability within Kik.
If you're on kik and people post strings like:
0la.3p.snai7.eo.490.0la.3p.snai7.eo.490.0la.3p.snai7.eo.490.0la.3p.snai7.eo.490.(etc)(shout out to TL1 for his work in this area)
you will lag, ios and android are affected by this.
I have modified the parser within Kik to stop those short lag codes from causing lag.
I issued these Pikik clients to only a handful of individuals (hardcoded their usernames and disabled editing) , typically being used to crash pedophile chatrooms. Someone in this handful decided to leak the file. They attached AndroRat and distributed it under my credibility and name and I don't appreciate that.
The exploit (along with other exploits I've discovered) and suggested fixes have been emailed to Kik without reply.
This is version 7.9 without video support. You can do the same with 8.0+ as I have done but I don't want to distribute that yet. as I'd like to make a menu via smali to add additional features to Kik. (Confirmed fake camera is possible among other things) Hopefully within that time, Kik will patch the exploits I've emailed them about.
Please be respectful to one another with Pikik, it can cause issues for other users without Pikik if you so choose.
I will create additional links if necessary. Happy Easter.
May 6 update:
Added Kik 8.0apk for video playback. Added another layer of lag protection.
-gunther210
Admin note: APK has been removed due to legal complaint from Kik. Do not re-upload. https://github.com/xda/Notices/blob/master/2015/Kik-20150624.md
Warning, I would not recommend trusting. The app was leaked. Gunther stated that he would release the application to the public in the month of July.
424aca said:
Warning, I would not recommend trusting. The app was leaked. Gunther stated that he would release the application to the public in the month of July.
Click to expand...
Click to collapse
Hey mate, that wasn't the case.
I planned to publish the technical details of the xss exploit within kik.com in July but that also leaked.
I encourage anyone to decompile this apk and look for anything malicious or suspicious if they don't trust it. It isn't my style to do that.
I understand you're just looking out for the community.
Take care mate.
Apologies and Results
Yah sorry to come out as aggressive or as if I was pointing fingers. If you are truly gunther, then you are very much aware of the presence of individuals on kik who post links which intercept IP's and I see a new exploit regarding a phishing link "video" with your name on it etc. I just want individuals to be careful. Because I made seemingly false accusations, I have done the task of running a scan on the app in a virtual machine (genymotion) running a various security scans on it. Only avast gave a security warning, but upon rescan it was gone. I have uploaded four images of four different tests. Please, proceed with caution for this application is as wonderful as you anticipate it to be. To those that have root and xposed, i would advise using I believe xprivacy to block any SMS or call log interaction which this app may present if the proof supplied below does not suffice your paranoia which I seem to be having right now.
-424aca
View attachment 3247779
View attachment 3247780
View attachment 3247781
View attachment 3247782
Thx for the tests.
I'm aware of the games being played on Kik. That's not likely to go away but their lack of willingness to correct the problems leaves everyone vulnerable. At least this protects a regular user from another regular user being annoying. The xss exploit needs to be patched immediately. The amount of people getting phished is amazing. I regret sharing info about that exploit.
As I mentioned long ago to anyone on Kik who asks the status quo kik hacker question "can you get ips thru kik?" My response has always been the image handler. The way kik handles their images has been exploitable forever but I'm not yet certain to what degree. After reporting the 2 "main" exploits to Kik, I moved onto checking out my suspicions and getting some confirmation/vindication.
The entire handler for images is a wreck. It's possible to create corrupt image headers (see my pastebin) which will crash Android upon receiving said picture. It's possible to create corrupt image headers to get IP addresses via images (confirmed on iOS by Host 4/6/2015). It's possible to create corrupt image headers to crash Android for lack of associated action.
It's possible to send videos as Gallery, Gallery as Camera, Camera as "Gunther", custom icons, and most likely offsite pngs (apache log taps). It is possible to build a card that exploits these same flaws but with more parameters. The card:// handler is probably only "more secure" because less people use it.
The fact that I can send you a picture that crashes your kik is absurd and it was obvious to me this style of attack would be possible from the first glance at it.
I like Kik but it is a dangerous hangout lately.
424aca said:
Yah sorry to come out as aggressive or as if I was pointing fingers. If you are truly gunther, then you are very much aware of the presence of individuals on kik who post links which intercept IP's and I see a new exploit regarding a phishing link "video" with your name on it etc. I just want individuals to be careful. Because I made seemingly false accusations, I have done the task of running a scan on the app in a virtual machine (genymotion) running a various security scans on it. Only avast gave a security warning, but upon rescan it was gone. I have uploaded four images of four different tests. Please, proceed with caution for this application is as wonderful as you anticipate it to be. To those that have root and xposed, i would advise using I believe xprivacy to block any SMS or call log interaction which this app may present if the proof supplied below does not suffice your paranoia which I seem to be having right now.
-424aca
View attachment 3247779
View attachment 3247780
View attachment 3247781
View attachment 3247782
Click to expand...
Click to collapse
So is it safe or not?
I don't like its dark background. Fix it
PrinceCoc said:
I don't like its dark background. Fix it
Click to expand...
Click to collapse
I changed mine to white.
I recommended you do not try this app. Probably the maker of this modified version add some malicious things. Or something for stealing personal infos
GreekDragon said:
I recommended you do not try this app. Probably the maker of this modified version add some malicious things. Or something for stealing personal infos
Click to expand...
Click to collapse
Damn I've already been using it
GreekDragon said:
I recommended you do not try this app. Probably the maker of this modified version add some malicious things. Or something for stealing personal infos
Click to expand...
Click to collapse
I didn't. Instead of talking dumb ****, why don't you decompile it and check for yourself. I have no desire to take anyone's info.
ODSTZ3RO said:
Damn I've already been using it
Click to expand...
Click to collapse
You're fine mate.
Me Host and Link have been working together on adding several features for pikik2 and their similar releases.
For now pikik2 will be:
Based on 8.1.x
Probable:
Turn off read receipts (Host)
Turn off typing notification (Host)
AntiLagV2 (Gunther)
Fake-Camera Mod (Gunther)
AntiLagv2 secondary check (Link)
(Theme choices by download if below doesn't work)
Possible:
Turning links on/off
AntiLagv2 override by conditional regex by input
Selectable Theme by input
Selectable Image background (Link/Host)*
*This works now but needs some more tweaking.
If you or someone you know is a smali pro, please PM me.
We are hoping to build these ideas as switches from a panel within kik
Also. If you're interested in building an Xposed Module to do these things, please PM me and I will help point to where the above things are taking place.
All credits will be given
If someone wants to reach us on kik. Check in #pikik
Appreciative said:
I didn't. Instead of talking dumb ****, why don't you decompile it and check for yourself. I have no desire to take anyone's info.
You're fine mate.
Me Host and Link have been working together on adding several features for pikik2 and their similar releases.
For now pikik2 will be:
Based on 8.1.x
Probable:
Turn off read receipts (Host)
Turn off typing notification (Host)
AntiLagV2 (Gunther)
Fake-Camera Mod (Gunther)
AntiLagv2 secondary check (Link)
(Theme choices by download if below doesn't work)
Possible:
Turning links on/off
AntiLagv2 override by conditional regex by input
Selectable Theme by input
Selectable Image background (Link)
If you or someone you know is a smali pro, please PM me.
We are hoping to build these ideas as switches from a panel within kik
Also. If you're interested in building an Xposed Module to do these things, please PM me and I will help point to where the above things are taking place.
All credits will be given
If someone wants to reach us on kik. Check in #pikik
Click to expand...
Click to collapse
OK I wasn't going to delete it I just changed its appearance a bit.
NOT working?
I have tried to download the File but i keep getting an error saying I don't have the app installed when I do? Maybe it's because a recent update that I did yesterday April 14, 2016. Any help?
Delete the kik you already have
INTRUTHS said:
I have tried to download the File but i keep getting an error saying I don't have the app installed when I do? Maybe it's because a recent update that I did yesterday April 14, 2016. Any help?
Click to expand...
Click to collapse
Yeah man your in the future, please tell us what its like in 2016
I reeeaally enjoy this app. Buuuut I like the new material design update (8.2.0) more. Pls update.
gallowsArisen said:
I reeeaally enjoy this app. Buuuut I like the new material design update (8.2.0) more. Pls update.
Click to expand...
Click to collapse
Didn't you read the post, their working on it, if you know someone that's good with smali tell them to contact us at #pikik
theattackingdildo said:
Didn't you read the post, their working on it, if you know someone that's good with smali teller them to contact us at #pikik
Click to expand...
Click to collapse
Sorry. I'll look out for anyone with experience. I'm in a few good groups so I'll ask around.
gallowsArisen said:
Sorry. I'll look out for anyone with experience. I'm in a few good groups so I'll ask around.
Click to expand...
Click to collapse
I'll ask some people about it.
First, let me/us say thanks for all the support. It helps keep us motivated to get pikik2 how we want it.
Updates:
We have pretty much narrowed down all the future feature locations.
We are still stuck in the same spot however.
We need a little advice or guidance on how to use toggles and inputs.
We can build the toggles, we can associate them in the places they need to be. But, we aren't sure how to do the following:
We need a generic or simple way to write and read toggle values into the database or preferences. We need to be able to pull these into smali. We are getting progress on Smali knowledge and may be able to import the values ourselves but we need to have a better understanding of how to implement this.
We want to create a check box, no problem. How do we add the value of check box (or inputs) into the db or prefs in the simplest way?
Next, how do we then read the value out of these?
We are reading to use <checkboxprefs but that's not working easy for us so far. We have tried literally hundreds of tests at this point.
My last test was duplicating the widget check box and associating it.
We need help. Someone. Give us a run down of the fastest way to what we need, please. As always, credits will be given.
Thanks mates,
gunther210
I will make a thread asking for more direct help when I have enough posts to do so. Anyone out there who has any advice, we will investigate.
Thanks again.

Categories

Resources