Related
I was reading some interesting stuff about IMSI catchers and their ability to deactivate the encryption on your GSM phone to listen in on your conversations.
Now, considering that these tools are expensive and probably not in the hands of nosy individuals, I'm still curious about this whole deal of a third party device disabling your encryption and conversations being 'out in the open'.
Are there any software tools that display the encryption status of your calls?
Lots of info about IMSI Catchers but most of them are in German... apparently there's more of a fuss about invasion of privacy issues over there.
if you are concerned with your security, then look at www.cryptophone.de . Currently 2 russian companies are writing their own programs like that.
Getting encryption status is not docummented, I don;t think that there exists such a program.
HOwever, according to the Wikipedia page on IMSI-catchers, there are some mobile phones that display an icon when the call is unencrypted. I believe this should be a feature integrated into WM 6.1! Since it is such an old and arguably advanced platform... Maybe someone could write a program that puts an icon in the dialer when the call is unencrypted...perhaps it could also play a warning tone at the start of the call.
Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
Well, I am entitled "Senior Member" but still have no clue how to program apps beside some smaller mods I did (which are already superceded by the geniousses here )
I have downloaded "Trapster" on my HD2 to prevent further costly tickets from radar-shots.
Although GPS-Tracker 3 has included radar-warning I still dunno where I can get reliable and up to date data for this function and how to build up a data-bench that updates automatically (in GPS-Tracker by MooNah You have to do this manually)
Now the idea is simple but building an app not doable for me (not enough knowledge, not enough time to collect enough knowledge )
The app should work like this:
1. On home screen a switch to switch on GPS (or using GPS-Tracker as interface ?) AND loads radar-data from an updateable file on SD-card (preferrably Trapster ´cause it´s a very active community and data are very reliable also concerning "hidden mobile police traps preferred spots" )
2. Once movement is dedected the plug-in checks Your position toward any radar-trap and - even if HD2 is in Standby/Screen off - alerts by acoustic and graphic announcement, programmable in distances 1km/500m/200m before radar-trap and then switches to standby/lockscreen/screen off or whatsoever.
3. PlugIn should be VERY small in size and work in all modes (screen off/lockscreen/standby)
4. GPS-Tracker would be the perfect basis but methinks MooNah is not going to implement a fuction like this
Let´s see if someone hops onto this idea .................
Is it me or does the DeviceID of a Viewsonic G always come back as the same thing on every device?
I'm running TNT Lite. Running certain market apps immediately lets me take over an existing account owned by someone else, and other apps tell me my deviceID is already registered and give me the username / email address of the person who registered it.
First, it's a bad idea for an app to identify the user solely on the DeviceID. Second, it's a bad idea (and probably against the Android specifications) for all devices to report the same DeviceID, I would assume.
I've also written an app that tracks mileage for tax purposes. I developed a web based license solution that allows a user to either purchase the "pro" version through the Google Market, or I can also "gift" it to people, identified by their gmail account.
When I gift it to someone, it allows them to register up to three devices associated with their gmail account and it sends me an encrypted one-way hash of the DeviceID. I've seen a couple of the same DeviceID's associated with users that my own gTab reports.
This also means if anyone tries to set up an app that does any sort of encryption key based on the deviceID that it would be easy to break.
So, long story short, is this a problem with the core Viewsonic build, or is this an effect of TNT Lite? Or are all DeviceID's the same unless you have a cell radio?
VEGAn 5.1.1 has the same problem... found that out the other night while trying to get Line2 going.
If memory serves correctly there's a hack involving the Android Emulator that I'm adding to my list of todos.
Well I found a post here by Chief Beefalo describing how to do it, but his post is wrong when it comes to the viewsonic.
It's stored in the database at:
/data/data/com.android.providers.settings/databases/settings.db
In the "secure" table is a row with device_id. Just update that from sqlite should do the trick. It's a 16 digit hexadecimal number.
Of course then you still need to generate a random number that doesn't still conflict with anyone else...
Now the security expert in me starts to think about how bad it would be to write an app that would roll through a ton of deviceid's and log into Pocket Empires (which only locks it down by the deviceid, no password) and trash people's accounts.
I believe you found the android_id ... check out this write up:
http://augendev.wikispaces.com/Market+Fix
start at step 18
And I can confirm this works. You can use a tool such as Android ID Changer (on the market) to update your id. Once that is done you're now free of all the other custom rom holders.
Line2 is now working great for me!
Here's another link to the same (basic) instructions with a better download link if you have problems with the one above:
http://www.smartqmid.com/wiki/index.php?title=Getting_Android_Market_to_work_with_2.1_v1
Can't I just modify the Android ID with a random 16 hex digit number? It might be a duplicate with 1 device out there, but that would be better than to be a duplicate with every ROM of the same kind?
The emulator solution takes all of maybe 15 minutes. You could also look into stealing 15 of the 32 bytes consumed by a guid. I'd like to find the code that supposedly regenerates the android id and host it on a web page. Curious to learn what its variability is.
Sent from my Tegra 2 gTab using Tapatalk
This is also what we used to do over on the Pandigital Novel Slatedroid forum. It was called the "ugly" Market hack. Maybe it should have been called the "secure" Market hack.
When I originally got my GTablet, I couldn't figure out how to port the ugly hack over, and eventually we found the other Market hack that we currently use. Also, interesting enough, I added the xbin folder into TNT Lite originally to get sqlite because of early attempts to get that hack working.
OK. So I tried the emulator path and the problem I have is that I ended up with a 18 digit Android ID instead of the 16. The Android ID application will not let me change the ID to an 18 digit number, only a 16 digit one. Any ideas?
I dropped the first two digits ... go figure
Btw I'm finding the same Id on every rom ... it is not limited to any one distribution. The only app this has visibily effected for me is line2. Seems fewer and fewer apps rely on this value... atleast on its own. Problem for us is some bring in the imei code and all the gtab is going to do is return zeroes there.
Sent from my Tegra 2 gTab using Tapatalk
Synman said:
I dropped the first two digits ... go figure
Btw I'm finding the same Id on every rom ... it is not limited to any one distribution. The only app this has visibily effected for me is line2. Seems fewer and fewer apps rely on this value... atleast on its own. Problem for us is some bring in the imei code and all the gtab is going to do is return zeroes there.
Sent from my Tegra 2 gTab using Tapatalk
Click to expand...
Click to collapse
So you just dropped the first two digits and it worked? Let me try that!
Thank you!
BTW, I am running Vegan 5.1.1 So this is not a TNTLite only problem. I am guessing that any ROM will have this problem.
Agreed. I've seen the same id on vegan 5.1 and chalkilin.
Sent from my Tegra 2 gTab using Tapatalk
A suggestion:
any coder, or anyone who can modify the "SettingsProvider.apk" can change the creation to something else.
On FolioMod and Elocity i changed it to be based on the "ro.firstboot" value, so any new installs will always be different, and yes it might conflict in any firstboot values match by the second or a minute in other parts of the world but chances are small.
its normally generating it from the ro.serialno value..
I have done some reading and observed some Android Wifi tools which could be useful to you guys.
I know some of you guys already know about some of these apps whiles others don't.
My First Wifi Tool is Dsploit.
Introducing dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.
Here are some screen shots http://www.dsploit.net/images/shots/1.png
http://www.dsploit.net/images/shots/2.png
And A Walk through Video http://youtu.be/HrQl1cG2Hq0
And you could visit their website http://www.dsploit.net/
My srecond Wifi tool I wanna Show you Guys is Anti-Android Network Toolkit
What is Anti?
ZImperium LTD is proud to annonce Android Network Toolkit - Anti.
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti
Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.
This App is Kind of a paid App. But you can get the free version from here http://zantiapp.com/anti.html
Here is a link to the walk through video http://youtu.be/tKW-XV59-gk
My third Wifi Tool is Wifi Kill
Its an application for killing wifi connections, that is preventing users on that network from getting to their websites.
I couldnt find the website for this app. (Seems they dont have any). But you could download it from
Here : http://mediafire.com/?ue5itmf89w5h4x2
Here is a link to the walk through video http://www.youtube.com/watch?v=MtaPF6NcOeo
My third Wifi Tool is Droid Sheep.
Its Actually in Two forms
DroidSheep [Root] is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
DroidSheep Guard is another Android app for monitoring Androids ARP-table. It tries to detect ARP-Spoofing on the network, such as an attack by DroidSheep, FaceNiff and other software.
For Some reasons, the Doidsheep[Root] cant be downloaded from their website which is this http://droidsheep.de/
But dont worry you can find it here at http://depositfiles.com/files/ektsufdkl
On the other hand, DroidSheep Guard can be found at the playstore
https://play.google.com/store/apps/...h.droidsheep.guard.free&feature=search_result
The next one is Android Netspoof
Description
Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.
Please note that there is no intention for Network Spoofer to include any malicious features. This application is a fun demonstration of how vulnerable home networks are to simple attacks, with permission of the network owner - DO NOT attempt to use Network Spoofer on any corporate or other non-residential networks (eg. at school, university). It becomes very obvious when Network Spoofer is being used on a Network, and use of Network Spoofer will be considered malicious hacking by network administrators.
It can be downloaded from here http://sourceforge.net/projects/netspoof/files/latest/download
There is another App called AoutoProxy
Description
The most complete proxier on the Market. Autoproxy allows you to use Market, Gmail, maps or surf the web even behind the proxy from your home/school/office.
It works by creating a transparent/intercepting proxier running on your phone that redirects web traffic to your proxy. Other apps don't have to be aware there is a proxy!
All outgoing traffic is captured, formatted and transmitted through your network's proxy. That means it works with market, all browsers, gmail, maps, and others.
This is App is a paid app but they have got the light version.
here is a link to it https://play.google.com/store/apps/details?id=com.mgranja.autoproxy&hl=en
FaceNiff
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
*** ROOTED PHONE *** is required. Please note that if webuser uses SSL this application won't work.
This application due to its nature is very phone-dependant so please let me know if it won't work for You
Use with stock browser (might not work with other)
Legal notice: this application is for educational purposes only. Do not try to use it if it's not legal in your country.
I do not take any responsibility for anything you do using this application. Use at your own risk
It can be downloaded from here http://faceniff.ponury.net/download.php
I will Be updating the list frequently.
UPDATE
So as i said, i would be updating this and guess what i have kept my promise.
There is this App called Intercepter-NG its another android wifi tool i find useful.
Intercepter-NG is a multifunctional network toolkit for various types of IT specialists. It has functionality of
several famous separate tools and more over offers a good and unique alternative of Wireshark for android.
The main features are:
* network discovery with OS detection
* network traffic analysis
* passwords recovery
* files recovery
Runs on Android >=2.3.3 with root+busybox
Looks better on high resolution, but completely comfortable on 480x720.
It can be downloaded from the playstore https://play.google.com/store/apps/...t#?t=W251bGwsMSwxLDEsInN1LnNuaWZmLmNlcHRlciJd
Another important Wifi tool for android is Wifi WOlf
- PCMag.com Editors' Choice award winner for network utilities
If you are a network administrator or a network engineer that has any WiFi / wireless on your network then you already know that you need a good WiFi network monitoring / analyzer tool or toolkit to properly manage and analyze inside your wireless network. Without the proper network tools you have no way to determine proper functionality of your WiFi network or identify security risk that comes with having wireless technology inside of your enterprise corporate LAN. As a network administrator or engineer you already have many other responsibilities with your network such as managing servers, routers, switches, workstations, inventory management, asset management, bandwidth monitoring, troubleshooting... the list is long. Make sure you have a tool that makes your wireless network management easier!
- Active Passive Pre-Deployment and Site Survey and WiFi Analyzer network tools for wireless professionals. Works on 802.11 N, G, B, and A networks (Depends on device)
Quickly perform wifi site surveys by simply double tapping on floor plan to register samples
2.4Ghz and 5Ghz wifi analyzer fully supported in all wireless tools
WiFi Heatmapper
WiFi AP Edge Map
WiFi Channel Map
WiFi Stumbler
WiFi Analyzer
Access point filters allow you to analyze AP edge individually
Wireless security filters identify and analyze secure and non-secure (WEP, Ad-Hoc, Open) wireless networks
Sub-filters allow you to filter out weak WiFi coverage areas
Network Icons for mapping out your hardware
Export all views for email or printing
Export and Import all surveys for backup or to share with other techs using Wolf WiFi Pro
Create multiple sites
Supports and analyze broadcast and hidden SSIDs (once known to device)
Complete help documentation at www.wolfwifi.com and videos on www.youtube.com
-WiFi Scanner and analyzer with summary view and detailed view
-Channel Graph displays and analyze channels in use to easily identify congestion
-Signal Tracker helps you track down access points and adjust antennas
-802.11 A/B/G/N support (depends on device)
It can also be downloaded from the store https://play.google.com/store/apps/...nByaXNpbmdhcHBzLmFuZHJvaWQud29sZndpZmlwcm8iXQ..
And one more thing, The app WifiKIll can also be used to redirect web pages to a specific site.
you can do so by first knowing the sites IP Address, then u open the wifi kill app and go to settings the select rejection method drop policy + redirect to.......
Afterwards click on redirect to IP and insert the Ip of the site you want to redirect to.
Note that None of these Apps are mine and all these apps require root, also i am not the cause of any damages these apps could do to your phone. Thanks
Enjoy:fingers-crossed:
But If you have any questions with these apps or questions on how to install any of them, feel free to ask.
Thanks once more.
DroidSheep link is broken
Turbokat said:
DroidSheep link is broken
Click to expand...
Click to collapse
Its not broken, just choose regular download and wait for the countdown to complete.
Sent from my myTouch 4g using xda app-developers app
here you guys might like this as well.
https://app.box.com/s/1h0mdqynmb5lcz0gasbf
Another tool for site survey
There is another free android tool for heat maps creation - "WiFi Maps Light", available on GOOGLE PLAY, documentation can be found on app's official site.
you gonna want for sure bcmon.apk if you want to get your wifi crack on. crack wep and wpa/wpa2-wps natively in rooted android rom.
http://bcmon.blogspot.com/
https://bcmon.googlecode.com/files/bcmon.apk
https://code.google.com/p/bcmon/
thisworks on a lot of devices i have it working on a samsung galaxy nexus sprint, htc glacier, samsung galaxy s2, nexus 7-2012-grouper, and a couple others. no need for custom rom even just root and youre golden
Commented to follow on this wonderful index
Sent from my E151
Network Toolbox for Android
Another great tool I came across recently is Network Toolbox for Android:
play .google .com/store/apps/details?id=com.appsropos.whois
It includes a bunch of handy admin tools including Whois, RBL checks, DNS and ARIN lookups, Ping, Port Scan, find external IP, Geo Location for Ip addresses, CIDR calculator, Email server tester, and much more! :good:
mark.worth.666 said:
Another great tool I came across recently is Network Toolbox for Android:
play.google .com/store/apps/details?id=com.appsropos.whois
It includes a bunch of handy admin tools including Whois, RBL checks, DNS and ARIN lookups, Ping, Port Scan, find external IP, Geo Location for Ip addresses, CIDR calculator, Email server tester, and much more! :good:
Click to expand...
Click to collapse
asdfghjkl
ktetreault14 said:
asdfghjkl
Click to expand...
Click to collapse
Trying to push it up?
Sent from my HTC Desire HD using XDA Free mobile app
mickeyasamoah said:
Trying to push it up?
Sent from my HTC Desire HD using XDA Free mobile app
Click to expand...
Click to collapse
yes lmao. i haven't found a reliable app for all the wifi tinkering and what not
A bit of help maybe please on Zimperium's anti
I had dsploit installed and stupidly uninstalled it because now I cannot find the last version apk anywhere.
Anyway, I installed Z's ANTI. Everything seemed to go OK. My android is rooted and superuser rights were granted to the app.
My problem is that when it runs a network scan it recognizes my router but no open ports and that seems to be the end of it.
Any advice?
silvanet said:
I had dsploit installed and stupidly uninstalled it because now I cannot find the last version apk anywhere.
Anyway, I installed Z's ANTI. Everything seemed to go OK. My android is rooted and superuser rights were granted to the app.
My problem is that when it runs a network scan it recognizes my router but no open ports and that seems to be the end of it.
Any advice?
Click to expand...
Click to collapse
Me too. I found zanti (dsploit) difficult to use. I would wish to have guides for learning purpose.
Sent from my XT1033 using XDA Free mobile app
I've tried various man in the middle hacks on my laptop with the new zAnti. Its actually very cool
Don't download droid sheep from here (virus)!! I looked at the md5 hash and it did not match the ones of the last 3 versions (the md5 hashes are on http://droidsheep.de/?page_id=23) and also android warned me and blocked the installation
Download the one on https://forum.xdadevelopers.com/showthread.php?t=1539105 from the comment of user "Dlll" i verified the md5 and it matched the version 14 on http://droidsheep.de/?page_id=23 (verify it yourself if you don't trust me)
Stay safe
How to verify?
Graciasz
Muchos gracias ?