I thought it might be of interest to some here,
We are working on developing a new set of TCP extensions and are working to find choices that work across as many middleboxes as possible in a large variety of networks (you might be aware of some of the obstacles for Multipath TCP and TCPCrypt deployment...).
If you have a rooted Android, could you run a set of tests on as many wifi and mobile networks as you can?
Search google play store for "org.smarte.tcptester" - I am not allowed to post links yet, sorry!
The reason why we need root permissions is that the app is using Raw sockets to modify core aspects of the TCP protocol, i.e. craft packets with custom header fields. Let me know if you need more detail! Also let me know if the app crashes - I tried to test it on many devices, but with the type of functionality it is bound to be fragile...
We are collaborating with the Netalyzr team as well to get a more comprehensive view of the network, so if you could also run Netalyzr, it would be even better!
Same as above with the URL, but search for edu.berkeley.icsi.netalyzr.android !
Thanks!
Related
Hi there! We are a group of iPhone / Android developers who have developed a suite of web services to assist us and other developers in building great apps.
After numerous projects we have become tired of having to set up the server scripts to do all the same things for different clients. Most of the server functionality
is typical: 1) storing location data for Google Maps; 2) storing users' high scores / ranks; 3) sending Push Notifications; 4) storing files / XML; etc.
We couldn't use the existent solutions because in some cases they didn't provide the required functionality and in most cases they require your users to be exposed to some social network of theirs, while our clients just want a simple functionality without users knowing of any services behind that.
So we have launched what we call Mob1serv, a universal server solution for the typical needs of iPhone / Android apps. It consists of modules which deal with most common tasks:
• High Scores - a powerful online high scores table
• PushNote - a module allowing to send immediate or delayed Push Notifications (you can build instant messengers or alarm clocks, anything with this)
• GeoPos - stores locations of Google Map objects, their statuses and 'last seen online' time
• OAuth contracter - allows you to implement transparent authentication and integration with Facebook, Twitter, Google etc
• More modules to come!
We have tried to make it as simple as possible for developers, so you just need to register at the back end and then you can add as many apps as you want and start using these services. From the client (app) side, you need to add a library to your project and put a corresponding ID there, that's it.
The service is free, it's a 'freemium' model. It has been built by developers for developers. Some developers and apps are already using it as it was open for alpha testing before, but now we are launching it open for the world so that we can see what you're thinking of it and also get your feedback of how we can improve the existent modules or what modules to add next. Welcome to Mob1serv - mob1serv.com!
hello forum, i was wondering if there is a way do develop a game, actually very similar to a existing app Tile Attack from Rossant, that supports a multiplayer mode, wifi , Bluetooth ad hoc, any of these ways, if someone knows, please leave a reply.
if this thread already exists im sorry, tried searching but found nothing.
I don't know the game you've mentioned, but in short, the easy and official way to develop a short-range multi-player game (i.e. something you would play with friends in the same room) is to use UDP over WiFi (you both need to be on the same WiFi network). For a longer-range game, you would have to set up one or more servers for the game; the phone's official APIs don't include server sockets, and even if they did, most networks firewall incoming connections. You can access the server using any networking API on the phone (UDP, TCP Client, or HTTP Client).
Unofficially, you can do server sockets just fine on WP7 (there's even a managed wrapper for them, see the "Homebrew" library project which is available, among other places, in the Root Webserver app) but that won't be allowed into Marketplace. Similarly, native APIs to directly access the Bluetooth stack do exist, but they are unofficial and won't be allowed.
There's an "Apps & Games" sub-forum that may be able to help you more, if you're looking to develop a Marketplace-acceptable game. A lot of what we do here is unofficial, although you're certainly welcome to ask questions about official stuff too.
GoodDayToDie said:
I don't know the game you've mentioned, but in short, the easy and official way to develop a short-range multi-player game (i.e. something you would play with friends in the same room) is to use UDP over WiFi (you both need to be on the same WiFi network). For a longer-range game, you would have to set up one or more servers for the game; the phone's official APIs don't include server sockets, and even if they did, most networks firewall incoming connections. You can access the server using any networking API on the phone (UDP, TCP Client, or HTTP Client).
Unofficially, you can do server sockets just fine on WP7 (there's even a managed wrapper for them, see the "Homebrew" library project which is available, among other places, in the Root Webserver app) but that won't be allowed into Marketplace. Similarly, native APIs to directly access the Bluetooth stack do exist, but they are unofficial and won't be allowed.
There's an "Apps & Games" sub-forum that may be able to help you more, if you're looking to develop a Marketplace-acceptable game. A lot of what we do here is unofficial, although you're certainly welcome to ask questions about official stuff too.
Click to expand...
Click to collapse
Thanks for the reply, ill have what you mentioned in mind =)
Pronounced "say candy", the goal of SecAndy is to come up with as secure and private of an OS as possible. So as not to reinvent the wheel, we'll base this initiative on our open source code of choice (Android or maybe other developers' choice).
I am not a developer myself but I can without a doubt, because of former professional experiences, organize a project and gather the right people together as a community in order to make sure that project sees the light of day after it has acquired a life of its own if needed, which I think we will agree is something that this kind of project requires because of the scrutiny it will quickly attract.
I am officially calling upon this post all interested developers that could help us fork Android or other open source OS.
Let's get a kickstarter funded and let the party begin. I will update you later today on the advancement of such.
This thread welcomes constructive ideas and developer participation, but here are beginning requirements we'll need to fulfill eventually to privatize and secure android :
- default browser allowing custom search engines such as https://ixquick.com or duckduckgo
- default system search pointing to those custom engines for online component
- control of gps at firmware level to allow full disability
- peer to peer file exchange (think BitTorrent sync) with 1024 to 2048 bit encryption
- implementation of secure sms and mms exchange (think textsecure)
- implementation of encrypted voice channels (think redphone or SIP with end-to-end encryption)
- root vpn for all online access
- systemwide warning of insecure solutions (example : wanting to use gmail or regular email)
- PGP transparent email solution
- Tor option for root vpn (subject to mitm attacks but more on that later)
- peerguardian type auto-updated database to identify suspicious IP address ranges
- systematic in-out firewall control auto updated with peerguardian database and community based rules database
- hardened malware protection and app permissions with automatic permission audit based on application type
- full device encryption and lockup (in case of unauthorized user)
- full remote wipe out and bricking with auto IMEI reporting (in case of theft, might have to be amended because of attack vector)
- full remote location capability with real time tracking (that one might have to be scratched, high security risk because of attack vector)
This obviously doesn't cover all the bases but would be a good start... I know a lot of these options can be implemented with a mismatch of apps and custom Roms but having it all at an OS level AOKP style would greatly help in building an android by the people for the people community that could eventually loosen the stranglehold of less than transparent corporations.
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
e-motion said:
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
Click to expand...
Click to collapse
I don't want to be insulting, but no programming work has been done on your part, and you're just asking for people to dive in this project to get managed by someone they never heard of. It's not really surprising no one has commented yet.
I understand what you're saying but any comment, even if only just to show interest in such a project, will be key to drive developers to it.
I might not have started any development but I have clear understanding of how to design secure solutions. I can't go into details of why that is, however you can clearly see with my 2nd post that some research has been done. If I wanted a solution for me alone, I could just go on with my own little pudding of custom ROM and security apps.
However, because of the recent news events that SHOULD have awaken this population, I thought now might finally be the right time to try to get such a project off the ground. But without anyone even showing any interest, why would any developer be drawn to it ? If people would rather focus more on content consumerism than on what might happen under an umbrella of spooks that they're paying for with their taxes, then they have learned nothing from history and deserve what's coming to them, simple as that.
This is NOT a development thread in case you haven't noticed, so telling me I haven't developed anything yet is not even relevant.
In case anyone cares, this will be moved shortly in the t-mobile Note 2 Android development thread as a Touchwiz proof of concept ROM. Little steps, little steps...
Sent from my SGH-T889 using Tapatalk 2
mobile sec
While I am not a developer I would be interested in this project. I've been thinking about this a bit lately given recent events. I think a useful privacy preserving security related app and phone combo might have these features:
-some way to separate the baseband processor (radio) from the OS. It seems most phones share memory with the radio and this fact can and has been exploited. Own the bb processor and you own the phone. Perhaps a 3g dongle plugged into an android phone in host mode would work. Some of these usb "data only" radios can be unlocked for voice too. I believe a rooted phone with IP tables/firewall running would be much more secure than a conventional mobile phone.
-an anonymising network for connecting to servers/peers. I think the i2p network is well suited for this purpose. Rather than connect to services that are not designed with your anonymity/privacy in mind, connect to hidden/darknet servers that make it extremely difficult to ascertain your real IP and location. Perhaps an i2p router running on your home computer relaying i2p traffic while also maintaining a long lived encrypted connection to your mobile in order to "push" data to it. In this way the user benefits from the anonymising network, contributes to the network, but doesn't have the battery drain of relaying packets from the phone (if this is even possible).
-end-to-end encryption. Perhaps OTR messaging for texting and perhaps openPGP for transferring binary files as I don't believe file transfer in OTR is available at this time.
-an app that uses the above network that is capable of sending/receiving encrypted text, audio, video, gps location etc and does not leak any personal information that you don't want leaked. XMPP might be a good choice (with perhaps out-of-band binary transfers for efficiency). Giving your unique identifier to another person that is using the same app would allow you to communicate with them while not revealing your phone number, imei, imsi, etc. There would be some latency in the communication especially with binary transfers but I would gladly accept that for the added security.
anyway, just wanted to add this to the conversation and hope to see this project take shape as we definitely need more security enabled os's and apps.
My app was recently banned from Play and you were asking to put it here, so here it is.
I would be really glad if somebody could give me some hints how to get the app back on Play. I read the reason for removal and I think somebody at Google did not understand what the app is doing. There are apps doing the same for router passwords and there is also complete BackTrack distro living for 2 years on Play so I really do not understand why my app was removed!! It is not using any packet injection or other exploits, it only does the same the user can do - try passwords one by one (of course using app is more convenient). We can discuss it in this thread, I would be happy to hear your opinions. Please note that I was learning on this app so it is far from perfect The paid version is better and still living on Play, but I am counting hours to its removal. Well, this really sucks as it cost me lot of work
Thank you for support!
DESCRIPTION
WIBR is application for testing of security of the WPA/WPA2 PSK WiFi networks. This application is NOT FAKE, it really works and it is possible to access the WiFi network if it uses weak password. Read whole description before using.
Dictionary test - it tries passwords from predefined list one by one. Please don't be disappointed if the password will not be found, it simply means that it was not in the dictionary. However, if somebody set his key to "12345678" or "password" it will be detected.
It's easy as 1-2-3.
1) List available networks and select desired network. WIBR is tested on WPA/WPA2 networks with pre-shared key (PSK). Please note, that the testing will be unreliable if the signal is weak! WARNING: HACKING SOMEBODY ELSE'S WIFI IS ILLEGAL! USE THIS APP ONLY ON YOUR OWN NETWORKS!
2) Select desired dictionaries . There are three predefined wordlist which you can use. They contains a list of most commonly used passwords. Please note, that for WPA passwords the minimum length is 8 characters and shorter passwords will be skipped.
3) Wait for results. The process is very slow due to nature of the WiFi connection handling in Android, so be prepared that it can take a loooooooong time. 8 passwords/minute is considered good speed. The wifi have to be enabled all the time, so WIBR is also battery eater!
NOTES
WIBR will change password for the selected network. It is impossible to get this password back. If you are testing previously saved network then the password will be lost.
WIBR will not work on other encryptions than WPA/WPA2.
if it doesn't work:
- you are trying to test network with weak or unstable signal or in very "noisy" environment (i.e. many networks on same channel)
- you are trying to access network which is using so called MAC filtering, so only explicitly allowed devices could access the network
The solution is to try WIBR on another network with good signal.
Perhaps you picked the wrong keyword... Bruteforce+hack sounds very illegal
Sent from my GT-N7100 using Tapatalk 4 Beta
Sorry but it's not welcome here either. I've removed the link to stop you getting into any trouble over it.
Thread closed.
I wrote this app mainly for fun and to explore android, but I thought I would share it here in case anyone finds it useful.
HasItChanged is intended for personal use when a website you're interested in updates irregularly, but you still want to know when it changes. Instead of firing up your browser only to find nothing has changed, let your phone do it for you!
While the app does have the ability to keep track and notify you when a site goes down, it is not intended to be a professional uptime tracking tool. Please don't use for sensitive or critical purposes.
Features
Ability to specify individual update intervals
Utilizes Android's built-in sync mechanism to reduce battery usage [This requires the Identity Permission]
Doesn't just check to see if it's up (although you certainly can); only be notified when the website changes!
Utilize HTTP content caching technologies to reduce network usage
Control specifics such as connection timeouts and network usage
Supports HTTP/HTTPS/FTP connections
No ads. Open source. Feel free to contribute!
Please submit bug reports via Github. Feature requests welcome! As this is a purely hobby project, no support is guaranteed, although I'll certainly try to do my best!
Play Store
Bug report
The app doesn't work for many websites, for example mojang.com, YouTube channels or YouTube Playlists. Every check if the website changed gives a positive result, so I keep getting notifications for those sites. I tried with smart compare on and off and also cache on and off.