Is it feasible to do an app that automatically accesses the whatsapp key file, that from my understanding is located in /data/data/com.whatsapp/key, and sends it to a listener ip location, or by email?
To access that file, one has to have su privileges. So, could the app use a su command and prompt the user for authorization? The ideal would be to do it without rooting, like with a custom APK that managed the whole thing. ADBing the app from within the phone?
I think one could do this (with rooting :S) with metasploit, but it is quite a questionable tool to use, as my intentions are completely benevolent and I would like to make the script as direct and transparent as possible.
How could I do this? Any guidelines are hugely welcome!
Related
Just out of curiosity does anyone know if any android devices can be affected by a fork bomb sent via text or email?
It is Linux so I'm guessing it will be affected. Maybe it won't be like OMG but it will be some what affected.
If a text or email could execute a custom script on being received, there is probably a lot worse that it could do than a fork bomb... Might be possible to get two views to keep calling each other, in which case the bundle for that program will expand until it runs out of memory and android will kill the app. This is very much an app specific bug though, and isn't related to the "fork bomb" of a program making a new instance of itself.
I thought Android runs on the sandbox environment for applications, which means the app can't execute much permissions as compared to Windows.
Just my $0.02
Yes, the apps are sandboxed for the most part.
Now that I think on it, there is a launch flag to open a new instance of a program leaving any currently running ones alone, which could be used to make a forkbomb. In this case, it would not be stopped by memory as the earlier instances will shut down but the exponentially increasing new instances will keep going, probably making the phone unusable until a reboot.
This can only be done by compiling and launching a signed app though, no email client can do this unless it has a backdoor to trigger this code from itself or from a trojan-esque feature to download, install, and launch apps on its own. The user would be promted to ok the new app's permissions anyway, unless it uses and gets permission for root access.
Basically, forkbombs are possible, but not by email or text with stock or nonmalacious programs.
Task Management
If the script gained root access, it'd be just the same as on a Linux machine. But I believe the DalvikVM simply kills any apps/processes it needs to in order to keep the system running smoothly (in theory).
well it works...
https://github.com/nicandris/com.example.forkbomb
I have installed an Android Application which was developed by the friend of mine. It had installed on my Android phone (HTC G2, with Android 2.2). I need to locate the application forlders, and especially SQLite database which was created along with the application, because I need to copy it to my PC. I did seach on SD card but I did not found it, so I assume it must be on the device RAM, but I really don't know the structure and how the apps are organized. I might suspect the SQLites data filename, but that all I know at the moment.
Can somebody pint me to some utility which will allow to find the database, and the application path, and most of all to copy it to the PC ???
Thanks - Arthur
The database and any other "data" used by the app will be located in /data/data/ then inside a directory that corresponds to the app's package name. If we use the Kindle app as an example, the path to it's data would be: /data/data/com.amazon.kindle
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
aklisiewicz said:
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
Click to expand...
Click to collapse
I should have also said, you need to be rooted in order to see the contents of the /data directory. Without root access, it will be shown as empty because you do not have permission to view or modify. If your phone is rooted, you can use Root Explorer, Terminal Emulator, or adb to access /data and copy, modify, create, or delete files there.
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
aklisiewicz said:
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
Click to expand...
Click to collapse
Took me a bit to get back to you but figure better late than never...
Here is a good FAQ on rooting among other things specific to the G2(the US variant of the Desire Z). In order to root your G2, this guide looks to be good as he's simplified and automated a good bit of the process, should be safe, and seems to work. You'll need to install the two apps he mentions in step 1 and download the zip file he mentions in step 2 which is attached at the bottom of the post then just follow the instructions.
As for the database stuff, if you end up needing to access the /data directory you'll have to be rooted. Also, moving the app to the sdcard won't really help you with having access to the app's files. Froyo built-in App2SD just moves the apk file to a hidden directory on /sdcard (.android_secure) but the app data, cache and all that stuff will still be on internal memory. But to answer why the app won't move to the sd card, I'm guessing it's because the app itself must allow for it to be moved since by default, an app doesn't have this enabled unless the app dev gives it that ability.
To communicate with the phone, even with root access, you'll probably have to do so through adb commands or use an adb shell to be able to run shell commands on the phone. This would require adb be set up on the user's computer. If you want to play around with adb, there's a nice guide called ADB for Noobs that goes through setting it up and starting out using it. I can't say I've really done anything with SQLite databases on Android and certainly not then syncing it to a computer so I could be off-base or overlooking a workaround.
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
aklisiewicz said:
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
Click to expand...
Click to collapse
Unless there is some trick I don't know about you are going to have to be rooted to get access to the database. I found a couple links discussing this: here and here. The second link does mention that the app with the database you want to access could be written to store the database on the sdcard where it would then be accessible but that would be unsecure since anything could read/modify it there.
Thanks, looks like I have to do more research on my own. It is hard to believe for me that Google would not allow to access the same database from different Apps. I've seen there is a Java class ContentProvider which seems to allow that, so I will study this, perhaps it will help. Thank for you help.
Arthur
This is something I have been wondering for a while and after searching the forums and Google I have not been able to find a clear answer. As a long time Linux user the idea of running your system as root all the time is appalling. It is a huge security risk. But for some reason that is really the only way to gain root access on an Android device (as far as i am aware). Apps like SuperSU allow you to pick the apps that are allowed to run as root, but there is no password or verification that the entity approving the access actually has the authority to do so. I hear all the time that rooting your phone is a trade-off between customizability and security, but every Linux system has a root user and it is incredibly secure when properly administered. What is the reason for the difference?
From what I have read, it sounds like part of the issue has to do with Android handling users differently. I would love to be able to maintain a more limited root function on my devices. Thanks.
funkbuqet said:
This is something I have been wondering for a while and after searching the forums and Google I have not been able to find a clear answer. As a long time Linux user the idea of running your system as root all the time is appalling. It is a huge security risk. But for some reason that is really the only way to gain root access on an Android device (as far as i am aware). Apps like SuperSU allow you to pick the apps that are allowed to run as root, but there is no password or verification that the entity approving the access actually has the authority to do so. I hear all the time that rooting your phone is a trade-off between customizability and security, but every Linux system has a root user and it is incredibly secure when properly administered. What is the reason for the difference?
From what I have read, it sounds like part of the issue has to do with Android handling users differently. I would love to be able to maintain a more limited root function on my devices. Thanks.
Click to expand...
Click to collapse
You can set a passcode with SuperSU....
Thanks for the reply. That is good to know. Does that really fill the security gap though? I guess if I set My non-background root permissions to expire every 15 minutes that does help for apps that do not need to run as root in the background.
I am more referring to the distinction between regular user land and the root user. Titanium Backup for example; If I want it to be able to run a full backup (including system apps and settings) of my phone every night I have to give it permanent root permissions. That root permission applies to both the automatic process and anything that I as a user (or any entity that can get control of TB) to act as root as well. Ideally there would be 2 separate instances of the program; the back-up process (a daemon perhaps) initiated by the root user and a second available in regular user space. This sort of thing is common on Linux systems.
My knowledge of Android is not particularly deep. I cannot tell if there is actually a separate root user or how user/group permissions work. It seems that the Android framework is designed around the user not having root access. Which is a bit confusing for an OS that prides itself on customization and "Be together not the same". I can't imagine buying a desktop PC that didn't allow me to have system level (root) access. Why should it be any different on a mobile device?
Hello all, got a rather unique question that I hope someone can shred some ideas.
What I am trying to do is the following:
1.) Run a particular android application that sends push notifications periodically.
2.) Convert the push notification into a CSV file and saved it in a Dropbox. folder. I can already sort of solved this via applications such as Automate, Tasker, Automagic, etc.
3.) Be able to run this application off an ANDROID EMULATOR installed on Windows and all ON a VPS.
One reason for running it on VPS is that I need this application with the push notifications to be "monitored" continuously for several hours a day, 5 days a week. It is EXTREMELY CRITICAL that I don't miss a single push notification from my end, so the VPS provides me with the guaranteed 99.99% uptime and is much more reliable than if were to run it off my own mobile phone. Another reason is that I will be using a VPS anyway to run another program (python FYI) that automatically reads the "CSV file" created from the push notification through Automate/Tasker/etc.
It is a unique situation, but I can't think of another way that could make use of the "text" from the push notifications received from this particular application. So any ideas would be great.
If all else fail, my fall back position is run it on a physical mobile phone, but I need to find ways to make sure it can achieve 99.9%+ internet uptime.
Thanks all!
Hi Guys,
I'm currently looking for a possibly very special app and can't find anything but the usual suspects like Tasker that don't seem to meet my requirements.
I'm looking for an automation app that allows me to navigate in apps, fill in text fields, if possible, transfer predefined data into the text fields for each run and wait for text to be entered at certain points.
For a better explanation:
I would like to test 2 apps and their behavior. Reset smartphones should be used for this. The automation app should run through the following steps:
- Step 1: The app creates an account with Gmail. As soon as the SMS code has been requested, the app should interrupt so that I can enter the SMS code. After confirmation, the app should continue to go through its routine.
- Step 2: Another app is to be opened that has a longer waiting time before it starts. Then text fields should again be filled in with predefined data.
- Step 3: Finally, the app should go to the settings and delete the G-Mail account.
I don't care how the whole thing is realized. Either macro recording again or using symbols as with Tasker. The main thing is that it works properly. I am not familiar with such an app. Just such simple apps as Tasker that work with if and while and are not sufficient for my purposes.
Otherwise, I had the idea to use Python to implement my dream routine. A few days ago I discovered a Python SDK for Android. If I understand correctly, the SDK is based on Python 3. I just can't estimate how well the programming is going or whether scripts can be executed 1: 1 as on the PC. What do you all mean? Do you know of an app that meets my expectations or should I deal directly with the Python method?
Nobody has an idea? Or is my text not understandable?
I know you said no "Tasker" like apps, but this app called Automate can definitely achieve what you outlined without any other apps (or with them). You only need android 7 or above and These function blocks:
The app uses a flowchart logical system (essentially the basis of all programming languages) and can even execute shell scripts with/without root privileges. You can also install Termux (a terminal emulator) and use the command:
Code:
pkg install python
To install python3.7, from there the world is in your hands, provided you have sufficient java/kotlin knowledge and an understanding for android processes.
Also please tick the check mark next to my answer if I solved your question, so that others can find the solution.
Thank you Slim K. Automate looks good at the first look. I'll give that app a chance and otherwise test thy python way with termux.
If there are other ways to solve the problem, let me know.