Related
I have been trying to spoof my mac address on my phone. I am a pen tester so please don't lecture me on the ethics behind this because I know. It is very simple to do on linux, so I thought it would be possible on Android.
I installed busybox and terminal emulator and ran the su command. So far, i can run 'busybox ip link set eth0 address XX:XX:XX:XX:XX:XX' 'busybox ip link set eth0 broadcast XX:XX:XX:XX:XX:XX'. Everytime I do this, it changes the mac address, but breaks the wifi functionality. The only way to fix the wifi was to disable, then re-enable it, but that resets the wifi. I was wondering if we could colaborate on this and maybe get somewhere.
I have also seen this somewhere, but am not sure if it will work.
ip link set address NEWMAC dev eth0
Sorry for digging out this old thread, but I was trying the same and failing in the same way as you were.
The only difference is, I do not change the broadcast address, because imo this should remain on "all FF" (please tell me, why the broadcast should be set to the new MAC).
If I change it and fire up 'ip link show eth0', it shows the changed MAC.
The settings menu still shows the real MAC.
As in your case, the WiFi-connection (naturally) terminates (the router (access point) cannot know about the change). If I try to reconnect to the router, I get the error that my password is wrong. When checking the router's log, I see an entry about a failed connection attempt from the changed MAC address.
The only explanation I have is that the WPA2 encryption somehow incorporates the actual "real" MAC address so the encryption fails and as a consequence the connection is refused.
So-far, I haven't tried it without encryption.
Another question would be, what exactly is executed, when you activate WIFI on the phone? Which script?
I know that the network device (in my case "eth0") is created at this point.
If WIFI is down, no such device exists.
I would suspect some script that creates the interface, activates it and starts a demon that handles the connection stuff.
Maybe it would help to inject the spoof code after the interface was created, but before it is activated? So-far, I couldn't identify the correct script/command. Does anyone know?
Knowing the command that creates the network interfaces would also help when searching for the script.
Nov 15 2013 Version 1.4.5 released.
This app is for those, who are tired of being kicked from the network by WifiKill. And for those, who are a little bit paranoid, because they know it's quite easy to read the Wi-Fi traffic with tools like DroidSheep, ettercap, FaceNiff, Cain & Abel and others. Such programs use the same technique to prevent you from accessing the network or to sniff your data. You can defend yourself with a single app.
What is Wifi Protector?
Wifi Protector is a Android security app specifically designed to detect and prevent ARP spoofing attacks against your phone in Wi-Fi networks.
How does it work?
Wifi Protector is continuously monitoring network related parameters. When abnormal behaviour is detected, an alert is triggered. The type of alert can be configured. Detection, basic protection and alert work on all phones. On rooted phones it is also possible to reconfigure the phone to make it immune against the attack.
Get it!
You can download the attached free version or get it for free from Google Play (mobile link).
Comments, questions, bug reports are welcome.
If you find the app useful please donate to this Bitcoin address: 19jqzdWFYTf5KZKnS6CJfG9vMX86ghysJQ
FAQ
Q: What is a MAC address?
A: The Media Access Control address is a hardware address of a network interface. Every device in the (Wifi) network has a unique MAC address.
Q: What is ARP?
A: ARP stands for Address Resolution Protocol. When two devices want to communicate via Internet Protocol (IP) in a (Wifi) network they need to know each others MAC address. The ARP protocol is used to resolve the MAC address for a given IP address.
Q: What is the ARP cache?
A: The ARP cache is a temporary storage on your phone that holds pairs of IP and MAC addresses that belong together.
Q: What is ARP cache poisoning?
A: ARP cache poisoning is a method to inject false information into your phone's ARP cache by sending forged packets to the (Wifi) network.
Q: What is DOS attack (Denial Of Service) through ARP cache poisoning?
A: An attacker changes the ARP cache on your phone in a way that invalid MAC addresses are associated with certain IP addresses. Very popular is to inject a false MAC address for the default gateway of your phone. This is an effective way to prevent your phone from accessing the internet. The attack is very lightweight, so a single attacker can disturb large networks. With Wifi Protector on a rooted phone you are immune to this kind of attack.
Q: What is MITM attack (Man In The Middle) through ARP cache poisoning?
A: Like in DOS attacks an attacker changes the MAC address of your phone's default gateway in your phone's ARP cache. Instead of injecting an invalid MAC address he places the MAC address of his own device into the cache. If possible, he also poisons the ARP cache of the default gateway in the Wifi network and changes the MAC address associated with your phone's IP address in the gateway's ARP cache. If the default gateway is vulnerable, the attacker has established a full-routing MITM. He can now read and change everything you send and receive over the network, in some special cases even if you use encryption. If the default gateway is not vulnerable, the attacker has established a half-routing MITM. He can then read and change everything you send, but not the data you receive. With Wifi Protector on a rooted phone you are immune against half-routing and - to some extent - against full-routing MITM. In the full-routing MITM scenario Wifi Protector prevents the attacker to read and change everything you send, but not the data to receive. In any cases you get an alarm.
Changelog
Code:
1.4.5
- OTHER: Added ACCESS_SUPERUSER permission
1.4.4
- OTHER: Changed su handling which fixes issues with outdated su binaries
1.4.3
- BUGFIX: Notification icon no longer disappears when "Clear notification" button is pressed
- FEATURE: Added option to force start at boot, which is useful on devices that don't signal Wi-Fi start at boot
- OTHER: Added CHANGE_NETWORK_STATE permission, which is required on some Samsung tablets running Android 3.2 in order to disable Wi-Fi on attack
1.4.2
- BUGFIX: Fixed ANR on some devices that happened in rare cases when app is started first time
- BUGFIX: Fixed rare FC when restarting service from Expert Perspective
1.4.1
- BUGFIX: If notification settings haven't been configured the notification icon disappeared if main activity was closed. Fixed
- OTHER: Improved error messages
1.4.0
- FEATURE: Notification icon can be hidden
1.3.0
- FEATURE: Wi-Fi can be automatically disabled on attack (optional). This is useful on non-rooted phones
- FEATURE: App can be brought to the front on attack (optional)
- OTHER: Improved compatibility with battery saving apps
1.2.0
- BUGFIX: Attack notification ringtone didn't honor phone volume on some devices. Fixed
- BUGFIX: Vibration didn't honor phone silent mode. Fixed and made it configurable
- FEATURE: All spoofing attempts are logged, including SSID, BSSID, Gateway IP, Gateway MAC, Attacker MAC, Attacker IP. Vendors are resolved and shown in detailed log view. Logs are cleaned automatically. Log size can be configured
- FEATURE: Expert perspective shows BSSID vendor as well as SSID
- FEATURE: On attack vibrate in a given pattern. Duration, repeats and gaps configurable
1.1.4
- BUGFIX: Fixed crash on ICS when Expert is selected
- BUGFIX: On ICS a wrong phone IP address was shown. Fixed
- BUGFIX: Fixed minor bugs
- FEATURE: Internal arp command included
1.1.2
- BUGFIX: Database cursor closing properly
- BUGFIX: If manually clearing gateway ARP entry fails, an error message appears
- BUGFIX: If manual countermeasures fail, an error message appears
- BUGFIX: BSSID mode attack detection precision improved
- FEATURE: Background image can be switched off to save RAM
- OTHER: OUI database performance improved
- OTHER: Unused permissions removed
- OTHER: Size of internal buffers reduced to conserve resources
1.1.1
- BUGFIX: Fixed wireless connection state handling
- BUGFIX: Fixed FC on wireless connection change
- BUGFIX: Fixed BSSID display in expert perspective
1.1.0
- FEATURE: IEEE 802.11 BSSID analysis. Detects the situation when a network is joined, which is already under attack.
- FEATURE: Three BSSID analysis levels. Light: Vendor compare. Deep: 5 octet compare. Extreme: Exact match.
- FEATURE: Expert perspective shows current BSSID.
- FEATURE: Home screen shows attack detection method.
1.0.0
- Initial public release.
MD5: WifiProtector-48.apk = 21bc43ba941a7f6bb75471e25e5dbd37
MD5: WifiProtector-46.apk = 5a2acdec7be1ea9faf1cfc3fb480d747
Anyone test this yet?How is the battery consumption when running in backround?
@Imjjames
One of the design goals was efficiency. Nonetheless the battery consumption is under your control by setting the Collection Interval.
With default value the consumption is about 1% on a Samsung Nexus S. You can reduce the consumption by increasing the Colletion Interval.
I'll try this one, I think it's useful when connecting to open networks, you never know.
Well done sir, now we have the first ARP-Watch on Android !!
I just tested against ettercap (pc) and it's working (running on Ideos stock rom):
When the network is clean and the pc starts spoofing, I get the alarm on phone correctly.
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.
It happens that when I go to Expert and manually start-stop the service 3-4 times, the app stop responding or crashes, but then it respawns in a couple seconds ! Nice !!!
Let's just remember that this is effective against arp-based attacks, if someone is sniffing passively, this won't fire any alert and the sniffer can still capture your data.
Thanks for this app !
ell3 said:
Well done sir, now we have the first ARP-Watch on Android !!
I just tested against ettercap (pc) and it's working (running on Ideos stock rom):
When the network is clean and the pc starts spoofing, I get the alarm on phone correctly.
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.
It happens that when I go to Expert and manually start-stop the service 3-4 times, the app stop responding or crashes, but then it respawns in a couple seconds ! Nice !!!
Let's just remember that this is effective against arp-based attacks, if someone is sniffing passively, this won't fire any alert and the sniffer can still capture your data.
Thanks for this app !
Click to expand...
Click to collapse
Thanks for taking the time to test this. Will be interesting to see what this is capable of doing and any limitations.
Thanks to the developer too!
Sent from my GT-I9100 using XDA App
@OP Maybe this could be handy for an update: before running the main watching activity, make an arping on the net and warn about possible problems.
Normal arping reply:
Code:
00:16:01:AA:BB:CC at 192.168.0.1
00:18:4d:DD:EE:FF at 192.168.0.228
00:15:af:00:00:00 at 192.168.0.244
Arping reply when the net is under attack
Code:
[B][COLOR="Red"]00:15:af:00:00:00[/COLOR][/B] at 192.168.0.1
[B][COLOR="Red"]00:15:af:00:00:00[/COLOR][/B] at 192.168.0.182
00:18:4d:DD:EE:FF at 192.168.0.228
[B][COLOR="red"]00:15:af:00:00:00[/COLOR][/B] at 192.168.0.244
same MAC on different machines... hmmm... suspicious, maybe the attacker is already in.
what do you think ?
This is a great idea! Can you give us more details on what changes you make for rooted phones to be protected? I have implemented most of the sysctl tcp hardening techniques already and want to make sure they won't get overridden.
Hmm, the WiFi Protector app and service are taking up 20MB RAM. If you can optimize it a bit and cut the RAM usage to 5 or 10 you'll get more love
ell3 said:
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.
Click to expand...
Click to collapse
It's true, when you join a network that is already under attack the app sees the attacker MAC as the MAC of the gateway. Although this will happen very rarely, there is a point on the roadmap to counteract this behaviour. Future version will build a local database of legit MAC-IP pairs of gateways in known networks. The database will be checked whenever you join a network. This way it is relatively easy to identify a network already under attack.
Update Nov 20 2011: Version 1.1.0 comes with IEEE 802.11 BSSID analysis and detects a network already under attack.
ell3 said:
@OP Maybe this could be handy for an update: before running the main watching activity, make an arping on the net and warn about possible problems.
Click to expand...
Click to collapse
Inspecting the whole network is an idea that was discarded at an early stage. Doing so would require actively sending ARP who-has frames to the network (like arping or iproute2 does). The idea behind Wifi Protector is to defend a single device and not to produce load on the network in any way. However, the suggestion was noted. Thanks for that. Maybe - in the far future - the app can be extended to act as a network admin's troubleshooting tool...
avgjoemomma said:
This is a great idea! Can you give us more details on what changes you make for rooted phones to be protected? I have implemented most of the sysctl tcp hardening techniques already and want to make sure they won't get overridden.
Click to expand...
Click to collapse
No need to worry, your TCP hardening on transport layer won't get overridden by code on data link layer. Wifi Protector does not modify any frames that reach your layer.
avgjoemomma said:
Hmm, the WiFi Protector app and service are taking up 20MB RAM. If you can optimize it a bit and cut the RAM usage to 5 or 10 you'll get more love
Click to expand...
Click to collapse
Erm... yes. The background image and the OUI database take a lot of RAM. There are plans to make this configurable.
gurkedev said:
The idea behind Wifi Protector is to defend a single device and not to produce load on the network in any way.
Click to expand...
Click to collapse
Ok you made the point. And the IP-MAC association for well known APs would help also!
gurkedev said:
Maybe - in the far future - the app can be extended to act as a network admin's troubleshooting tool...
Click to expand...
Click to collapse
Portable Network Troubleshooter...sounds cool !!!!
Great, thanks for the response So, can you details a bit about the countermeasures? I also have some iptables rules to help with SUNDAY and DDOS.
Oh and this might be a bit too nefarious but, would you be interested in adding a countermeasure? Once an attacker has been found you can pop up a nuke button that will either DDOS or SYN flood him
avgjoemomma said:
Oh and this might be a bit too nefarious but, would you be interested in adding a countermeasure? Once an attacker has been found you can pop up a nuke button that will either DDOS or SYN flood him
Click to expand...
Click to collapse
lol that would depend on OP's hat Detect - Protect - Prevent - Retailate!!
I don't think that would be much 'ethical', though it could be 'educative' .... i wonder how many specific kernel dos you could trigger remotely on a Android phone... hmmm that would be a good fuzzing
I find it somewhat disturbing that a network vandalism app receives much more positive feedback that a network defense app. Right now WifiKill, which costs $3, has over 300 thanks vs. 5 for your free app. I, for one, thank you for your efforts.
avgjoemomma said:
So, can you details a bit about the countermeasures?
Click to expand...
Click to collapse
What would you do on a stock linux box to correct an incorrect ARP cache entry?
avgjoemomma said:
Once an attacker has been found you can pop up a nuke button that will either DDOS or SYN flood him
Click to expand...
Click to collapse
How about sending packets to overheat the battery and make it explode?
I recently downloaded the files on: http://tasker.wikidot.com/wifi-automator and wanted to configure it so that I could work in multiple locations. I figured that the parts you are told to configure would be the parts that needed editing for this.
Under WiFi Checks Params I was thinking that the two wifi network names could be separates like *wifi1*/*wifi2*. Then maybe adding a second WiFi starter profile with a second WiFi Near state and scanning in one location for each profile. I'm at work and will report back, but I'd like to know if anything is clearly technically wrong with this approach or if there are better ones.
Thanks!
Tasker - WIFI Automator - Multiple Locations
ssyphon said:
I recently downloaded the files on: and wanted to configure it so that I could work in multiple locations. I figured that the parts you are told to configure would be the parts that needed editing for this.
Under WiFi Checks Params I was thinking that the two wifi network names could be separates like *wifi1*/*wifi2*. Then maybe adding a second WiFi starter profile with a second WiFi Near state and scanning in one location for each profile. I'm at work and will report back, but I'd like to know if anything is clearly technically wrong with this approach or if there are better ones.
Thanks!
Click to expand...
Click to collapse
Just checking if that worked or if you were able to create WIFI Automator for multiple locations. Thanks!
Does the WiFi Automator run with the newest version of tasker?
Here WiFi Starter profile is active at home but it doesnt turn on the wifi... seems a problem with the AP Search task which does not start correctly...
https://www.dropbox.com/s/spgm9z78i5kry1r/Screenshot_2014-10-13-12-44-38.jpeg?dl=0"]https://www.dropbox.com/s/spgm9z78i5kry1r/Screenshot_2014-10-13-12-44-38.jpeg?dl=0
[APPLICATION UPDATED 2/25/21 Version:2.02]
Hello XDA!
If you are interested in a simple and straight forward WIFI application that allows you to easily roam, scan the area, and see your current status. This is the app for you.
I have spend 6 months writing and testing my application with select beta testers. Enjoy!
SDK 15+
My Website for download:
https://ruckman.net/wifibadger.html
Github for Source Code:
https://github.com/williamruckman/WIFIBadger
Why I don't put apps on Google Play:
https://ruckman.net/whynotgoogle.html
Description:
Get the strongest and best performing WIFI access point automatically based on your selected roaming profile.
Works great on most mobile or on the move devices:
- Phones
- Tablets
Available roaming profiles:
- Same SSID (Roam across access points that have the same name)
- Any Saved SSID (Roam across any saved access point regardless of name)
- Any SSID and Open (Roam across any saved and open access points) *VPN Suggested
- Off (Turns off roaming. Only use as a WIFI scanner)
Great for businesses, homes, or any large building with multiple access points.
All timers are customizable. Choose how often you want your device to check for better access points.
View your connections current status and the available access points in your area.
Get the best from your WIFI!
AREA TAB:
- Green = Connected AP
- Yellow = Candidate AP
- Blue = Encrypted AP
- Red = Open AP
LANGUAGES:
- English
- Portuguese (Brazil) - Thanks to Jijo Smidi
@RuckmanXDA
first off all thanks for that nice and usefull app
Is it necessary that the symbol stays active in status bar ?
And how is battery consumption with this app ?
Battery consumption is good with the default settings. If you increase the timers you will scan more and use more battery.
The icon is necessary in later versions of Android as they prefer that persistent services show their presence. No way around it unfortunately. Not without root.
RuckmanXDA said:
Battery consumption is good with the default settings. If you increase the timers you will scan more and use more battery.
The icon is necessary in later versions of Android as they prefer that persistent services show their presence. No way around it unfortunately. Not without root.
Click to expand...
Click to collapse
and whats the solution with root ? can you explain that ?
or maybe the icon can be changed ? i my case the icon is to big and unproportional. maybe thats because i changed the default DPI
-Update-
maybe you can implement the notification in a different way ?
Other apps like LightFlow or Avast AntiVirus doenst show a persistent icon but have a persistent notification in notification bar.
der_Kief said:
and whats the solution with root ? can you explain that ?
or maybe the icon can be changed ? i my case the icon is to big and unproportional. maybe thats because i changed the default DPI
-Update-
maybe you can implement the notification in a different way ?
Other apps like LightFlow or Avast AntiVirus doenst show a persistent icon but have a persistent notification in notification bar.
Click to expand...
Click to collapse
That's a good suggestion! I'll see if I can figure that out. Thanks!
2-23-17: I have changed the software so that after version 1.7 is released that the persistent notification will no longer show in your tray but only shows in the notification tray.
This is only available to API 16+, anyone on API 15 will still see it.
With this simple code addition for anyone else who needs it:
Code:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
notification.priority = Notification.PRIORITY_MIN;
}
I currently don't plan to implement any root options as I want to stick to the API as closely as possible to minimize compatibility headaches.
Thanks!
@RuckmanXDA
Hello RuckmanXDA,
Thank you for your app. It addresses an important problem with Android network usability: selection of the desired WiFi network. Others developers have tried to address the issue in different ways, but the implementations have been severely lacking.
In the interest of improving the app development, I have made some notes from a user's perceptive about desirable network selection and am sharing them with you.
A user often has various criteria to decide upon which is or are the desirable access point(s). The following are considered:
Not all access points have the same features, security, or offer the same level of access. This is true regardless of SSID-name sameness or signal strength. For example, access points of a given SSID name may offer Internet access at different levels of service (or none at all) or impose different network management criteria; it may therefore be preferable to connect to an access point with lower signal power that offers superior features than one with same SSID name and higher signal strength, but that does not offer the better access or features.
There are some access points that are defective, rogue, or otherwise undesirable. Connecting to such access points is problematic, and thus it is important to be able to prevent automatic roaming to such access points.
At times it is desirable to manually select a specific access point to use or test.
It is sometimes, oftentimes, or always important to know which specific network or access point one is connected to. This is especially true with network roaming, where the network or access point one was connected to may no longer be the current network or access point.
There may be more than one option with regards to network interfaces (single or multiple of WiFi, Ethernet, Bluetooth, cellular, etc.) and such options should be manageable to be usable how the user wants. Currently, this is handled very poorly on Android; the interface types are prioritized and network connection is often exclusive. For example, if there are network resources on Ethernet (which seems to be given low interface priority), they often cannot be used without disabling other interfaces (such as WiFi or Cellular data) first if they are enabled. Ideally, the different interfaces and links should be used, prioritized, or balanced in the manner a user wants.
It is also worth noting the following common use scenarios:
Same SSID naming and feature access points are used for a single network.
Different SSID and feature access points are used for a single network.
Same SSIDs used for multiple and separate networks.
Subscription services over public access points. (such as subscription WiFi Internet service). These are sometimes troublesome to roam when they have captive portals. These may use the same or different SSIDs.
For the moment, I request three features:
Ability to manually select an Access Point to connect to.
Ability to create and use custom (SSID, MAC address, etc.) roaming rules and profiles.
Ability to blacklist access points given criteria (SSID, MAC address, etc.).
Hey @RuckmanXDA are u alive? Badger is missing at Google Play Stole and even your webpage is not functional. Wifi Badger was excelent app but now it can not be installed anymore
frogale said:
Hey @RuckmanXDA are u alive? Badger is missing at Google Play Stole and even your webpage is not functional. Wifi Badger was excellent app but now it can not be installed anymore
Click to expand...
Click to collapse
I am still alive, I have updated the app information. The final version, updated links, and github page are now listed. Thanks for the bump, I forgot to update the info here.
Is this kind of stuff normal?
6: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP>
link/ether Deleted 8: rmnet_data1 inet 166.233.130.26/30 scope global rmnet_data1 valid_lft forever preferred_lft forever
Deleted 166.233.130.24/30 dev rmnet_data1 proto kernel scope link src 166.233.130.26
Deleted broadcast 166.233.130.27 dev rmnet_data1 table local proto kernel scope link src 166.233.130.26 Deleted broadcast 166.233.130.24 dev rmnet_data1 table local proto kernel scope link src 166.233.130.26 Deleted local 166.233.130.26 dev rmnet_data1 table local proto kernel scope host src 166.233.130.26 166.233.130.25 dev rmnet_data1 lladdr Ƞ� NOARP
Xxx
ip route show table all
default via 10.17.131.228 dev rmnet_data1 table 1
10.17.131.224/29 dev rmnet_data1 table 1 scope link
default dev dummy0 table 1002 proto static scope link
default via 10.17.131.228 dev rmnet_data1 table 1008 proto static
××
10.17.131.224/29 dev rmnet_data1 proto kernel scope link src 10.17.131.227
broadcast 10.17.131.224 dev rmnet_data1 table local proto kernel scope link src 10.17.131.227
××
local 100.85.241.177 dev rmnet_data1 table local proto kernel scope host src 100.85.241.177
100.85.241.178 dev rmnet_data1 lladdr 1008 NOARP8: rmnet_data1: <> mtu 1428 qdisc pfifo_fast state DOWN link/[530]
Please help me understand....
Dummy0 static? Means administor defined? I didn't program any of this.
Why would rmnet_data1 return noarp? And what is the symbol by noarp...encrypted?
Mtu pfifo state down... what is link /[530] mean?
Also, I enabled bluetooth log but when I open the log file the text is a bunch of this.....
tsnoop�������5�~)���������5�~*P�����������5�~*Qx�������5�~*��������BCM4359C0
��5�~*��������-����5�~*�|����������5�~,���.�����5�~,�R����.�JJ��5�~-lP�L�F"BRCMcfgS2����������YC��B"�����5�~-r6����L�����5�~-s/�L��B"BRCMcfgD����"BCM4359C0 Hero SWB-B90S eLNA-0033���:����! ������D4 �|9 �D; ������( ����\/ �x�� �� O L�@| ���d������d�������d���������5�~-~B����L�����5�~-r�L��
�"��d������d����2�b���d���2����/(�2����`�T��`�h�`�����l�`����
p�`�����t�`�����|�`�������`����#��A���`�����P�A�����5�~-������L�����5�~-���L����"���T�A�� \�A�� �`�A����d�A����l�A��� t�A��� �A�����A���Sh�A��� D�A����H�A���X�A��.�x�A��
��d���2������x2�������������5�~-������L�����5�~-���L�̚�"���� ������4� �2�������(�2�4� l�d����d����4� �2����������d���d>�`d�
��4� �2���������d���d>>`d���������2���������5�~-������L�����5�~-���L��b�"2�����2�����2LL �2��������$�2(�2�4� 4�2�8�2P�2��l�d����d���d>�`d�
dd��������3 �K�X��*���������5�~-������L�����5�~-���L��*�"��*f������F*z�����-�*������A'*������PN){���������������� ��������k����w�;������_���K�y�{�L�"������������������
��������5�~-�!����L�����5�~-�D�L����" ��� ���$��
���(��X���,�Y����0�Z
��$4�bX��(` cY��,d dZ��0h ����4d
�����h�
Thank you in advance for your input
First you need to help us understand what we're looking at
Log from what? And what are you concerned about?
SM G930v non root. There are 3 different ones there ran with termux
My concerns is Google play says my service is not secure. I checked the list and my device is on the list of certified devices. I am trying to figure out why Google says that. I also have suspicion my phone is sending voice signal to fake tower. And every time a call ends even with data and wifi closed data is being sent/received
Suspisions confirmed
I dug a bit deeper and found boot kernal is not factory. Beacon manager was being controlled by someone other than myself. Camera was set to stream p2p, audio was set to stream p2p, data was sending usage logs p2p, Sys dump command was set to restart the phone. I also found some other things like Sw modification ect..... Just wish I knew how to identify where this information was going to.
This person did an excellent job of covering his tracks. It was extremely difficult to find this information.
Where did you get the phone from, why haven't you just flashed stock and reset?
I think tin foil is involved here
He posted an earlier thread where he was told to do an Odin flash with stock firmware, same tin foil vibes in that thread too.
Cant flash
I try to change from USB charge to USB file transfer and it will not switch. Every electronic in my house has been port forwarded, subnet, remote tcp udp, trusted platform module modifications, registry keys prevent full clean factory reset and reset or ignore user changes. Even down to USB and DVD driver modifications have been applied. My phone does not communicate with cell towers, but sends all of my information to my semi truck. Some crazy NSA FBI DEA lock down kind of mess. Strange thing is I haven't done drugs for quite a while nor do I go hacking people's computers or nothing stupid that will get me arrested
reahcat said:
I try to change from USB charge to USB file transfer and it will not switch. Every electronic in my house has been port forwarded, subnet, remote tcp udp, trusted platform module modifications, registry keys prevent full clean factory reset and reset or ignore user changes. Even down to USB and DVD driver modifications have been applied. My phone does not communicate with cell towers, but sends all of my information to my semi truck. Some crazy NSA FBI DEA lock down kind of mess. Strange thing is I haven't done drugs for quite a while nor do I go hacking people's computers or nothing stupid that will get me arrested
Click to expand...
Click to collapse
No, non of that has happened, the drugs you did take have screwed your head up, please stop posting on XDA
Time to see a doc @reahcat. Got a carbon monoxide monitor? Some homes and apartments aren't ventilated properly and build up of that can cause delirium.
That or you've got schizophrenia.
Figured it out after a lot of study....
It is called Mobil Device Management. My phone has been added to Knox Enterprise, Google Services. these services are a way you can bring your own device for work. I have not authorized any enrollement to any provisioning services, but they are active on my device. through google services and knox, work(or who ever enrolled the device) has the ability to track your GPS location, and internet use(even filter out porn), and add other services to you phone. Things like video/audio capture, google fit to collect health data, install/uninstall applications, monitor your use of the applications, and even push persist settings that will "persist" through factory reset. If you want to know more of what kind of stuff is going on with my device feel free to contact me. Don't Bash me and tell me I am crazy oxygen deprived idiot. I have proof. If you want to know more PM me
Everyone here has tried their best to help you.
In your first post here you said your laptop, your phone, and your xbox are all hacked and tracking what you do. You then brought up the FBI, CIA and NSA while mentioning you used to do drugs.
You have to understand from the perspective of everyone here, you are very far in the deep end with your accusations.
Nevertheless, TMDM's don't just enrol themselves onto phones. If you didn't authorise it, how do you propose it got there?
You also say persist through factory reset, we talking doing a reset through settings, or a full Odin flash in download mode?
reahcat said:
It is called Mobil Device Management. My phone has been added to Knox Enterprise, Google Services. these services are a way you can bring your own device for work. I have not authorized any enrollement to any provisioning services, but they are active on my device. through google services and knox, work(or who ever enrolled the device) has the ability to track your GPS location, and internet use(even filter out porn), and add other services to you phone. Things like video/audio capture, google fit to collect health data, install/uninstall applications, monitor your use of the applications, and even push persist settings that will "persist" through factory reset. If you want to know more of what kind of stuff is going on with my device feel free to contact me. Don't Bash me and tell me I am crazy oxygen deprived idiot. I have proof. If you want to know more PM me
Click to expand...
Click to collapse
Stop smoking, sell your phone, stop posting nonsense on XDA
"Nevertheless, TMDM's don't just enrol themselves onto phones. If you didn't authorise it, how do you propose it got there?
You also say persist through factory reset, we talking doing a reset through settings, or a full Odin flash in download mode? "
Factory Reset Protection. Persist settings are protected from reset.
Yes, I did say all my electronics are hacked. And they are. I have dealt with hackers before, but they have been script kiddies and were easily shut out. This is no script kiddie. I found json/XML script to ignore&replace key changes in regedit, block/ignore/remove shell command, and other things....
They are even using my bluetooth/wifi/infared/ to scan/collect/ and connect to the devices around me.
I even found hotplug in the firmware of my head set I use for hand free driving. the plug makes the device never turn off and removes the light indicators. The plug includes a list of several vehicles allowing auto connect with out notification.
I found Ad-hoc wireless signal near my house I could not find the source of. I live in the sticks and cannot capture any neighbors signals. I figure it was the printer or something so I removed power source from every device in my house that could emit signals and scanned again, it was still present and providing full signal strength.
The methods used in obtaining and maintaining access to my electronics are exceptional! I have collected a ton of data about the intrusion to the array of my devices. the data they are collecting implies I am under surveillance warrant. I can only think of one reason, "Guilt by Association" I am drug free but some of my friends are not. I imagine the investigators think I am a buying/selling/manufacturing drugs and bringing them to my friends.
reahcat said:
"Nevertheless, TMDM's don't just enrol themselves onto phones. If you didn't authorise it, how do you propose it got there?
You also say persist through factory reset, we talking doing a reset through settings, or a full Odin flash in download mode? "
Factory Reset Protection. Persist settings are protected from reset.
Yes, I did say all my electronics are hacked. And they are. I have dealt with hackers before, but they have been script kiddies and were easily shut out. This is no script kiddie. I found json/XML script to ignore&replace key changes in regedit, block/ignore/remove shell command, and other things....
They are even using my bluetooth/wifi/infared/ to scan/collect/ and connect to the devices around me.
I even found hotplug in the firmware of my head set I use for hand free driving. the plug makes the device never turn off and removes the light indicators. The plug includes a list of several vehicles allowing auto connect with out notification.
I found Ad-hoc wireless signal near my house I could not find the source of. I live in the sticks and cannot capture any neighbors signals. I figure it was the printer or something so I removed power source from every device in my house that could emit signals and scanned again, it was still present and providing full signal strength.
The methods used in obtaining and maintaining access to my electronics are exceptional! I have collected a ton of data about the intrusion to the array of my devices. the data they are collecting implies I am under surveillance warrant. I can only think of one reason, "Guilt by Association" I am drug free but some of my friends are not. I imagine the investigators think I am a buying/selling/manufacturing drugs and bringing them to my friends.
Click to expand...
Click to collapse
OK, you are under surveillance 24/7, you are on the FBIs most wanted list, your life is so important the government needs to know your every move, your dodgy dealings are so secretive and well hidden that they need to snoop on you with every electronic device you own, and leave ad-hoc wireless signals open for you to scan and find
or
You have no idea how electronic devices work, and you need to seek mental health help
I go with option 2
MDM, and IMEI
Nevertheless, TMDM's don't just enrol themselves onto phones. If you didn't authorise it, how do you propose it got there?
You also say persist through factory reset, we talking doing a reset through settings, or a full Odin flash in download mode?[/QUOTE]
Reset through settings/button combination does not clear everything. I am currently trying Odin reset. Issues comes after logging into Samsung account or Google. So I created a new account. It still comes back. I assume there is some kind of MDM web crawlers finding it when you register your new account and are required to use an already established account to confirm your identity. Another possibility might be with the unique IMEI broadcast signal the phone uses to maintain contact with the nearest tower. From what I understand, IP address cannot be used to track cellphones because it changes as you travel and get handed over to different towers. So the alternative to IP is IMEI. IMEI is always broadcasted, most phones will broadcast even when shut down
MDM can be implemented without the admin having physical access to the device. Knox supports DualSim provides two billing accounts. One for personal and one for work. Personal monthly is paid by user. Work is paid for By work. MDM administer sets up the device to create a personal space which admin has no access to. If set up correctly, admin side of thing can stream/record GPS location, phone calls, text messages, skype, facebook, and other social media. They also have the ability to collect account information on the device, set SD card to fuse with your device, and many other things. SD fuse is important to how knox works. A user could use SD card to bypass permissions to possibly corrupt knox environment or misuse company confidential information.
Ad-Hoc
ad-hoc wireless signals open for you to scan and find
or
You have no idea how electronic devices work, and you need to seek mental health help
I go with option 2[/QUOTE]
Ad-hoc by design cannot brodcast hidden or encrypted signal, and cannot be set to use authentication unless the adhoc is connected to a network. but then it really is not adhoc any more.
adhoc is portable netowrking which does not need router or an established network to operate, it is the whole design of adhoc. portable wireless connection to near-field devices.
I should clairify
*Detection* said:
OK, you are under surveillance 24/7, you are on the FBIs most wanted list, your life is so important the government needs to know your every move, your dodgy dealings are so secretive and well hidden that they need to snoop on you with every electronic device you own, and leave ad-hoc wireless signals open for you to scan and find
or
You have no idea how electronic devices work, and you need to seek mental health help
I go with option 2
Click to expand...
Click to collapse
wifi you use at home- Signal comes from your ISP, and into your modem. Your network can be set up in many configurations, including gateways, switches(now depreciated), and router to access the network(both local and global) Common configurations use a router which stores all the local devices IP addresses. When one device A wants to extange data with device B, it sends the information to the router, router finds the IP then sens it to device B.
Ad-hoc- Device A wants to send file to Device B. Device A and Device B turn on wifi and allow discovery. either device can scan for the other signal and connect. Device A sends the data directly to device B.
So you're convinced you're under surveillance, yet still using those devices
Can't fix stupid I guess
You'd better remove all devices that contain radios from your possession ASAP before they have enough dirt on you to lock you up for life
Go see a doctor and tell him what you're telling us, maybe they'll give you a nice white room without any radios for a few years