*** the issue with my ph-1 devices are linked to a computer "virus" that ive come to find operates using the same mechanics of mounting loop devices with and endless parent-child linking system. Im seeking assistance here because the solution is the same in both cases, phone or pc, and believe I will be able to find an answer with the help of the talented members of this community. Thank you in advance**
Ive had an Essential PH-1 for 2 years, rooted nearly the entire time (thank you the contribution of fellow xda contributors). In August it was behaving oddly enough i ran some logcats that showed i wad having a full-on takeover of my device (streaming video and audio of mt calls, uploading all my docs and pics somewhere, etc). I tried wiping it clean, reformatting, nothing worked. I ended getting another ph-1 which was infected the same way shortly after i began using it. I know how it spreads (hijacks the bluetooth in each device and uses it as a broadcast signal and infects nearby devices in discovery mode) and why it has extreme persistence (converts ramdisk into a hidden partition to execute commands from boot) and what it results in (phone and pcs boot into a shell, never having ownership of the device) and why it goes undetected (hijacks system files and but keeps official signatures, also has its own imposter files and drivers for seemingly every software including every antivirus i can think of)
I also know that unmounting these subsystem loop devices will allow me to eradicate the init files that restart the takeover process at every reboot, and allow me to restore proper function and my privacy to my devices.
So, to any of you devs or programmers that speak Linux or python, id appreciate any help.
Any screenshots or examples ill gladly supply there are so many i honestly don't know what is relevent enough to post. If you need to see anything specific let me know.
Thanks fellas
I believe I've suffered the and issue possibly started when I got my ph-1 about a year ago. Haven't used it for about 6-7 months now due to a broken screen but I believe w.e it is has infected some of not all of my other devices. From your description it sounds identical. Can you provide more info just curious to find out what the source could be. I was also rooted most of the time on android pie ROMs, and use verizion as my cell service. I've been thinking Verizon might play a roll in what's been going on but reading your post is the first info I've been able to find anything similar
Related
PenTesters_Paradise
Code:
[b][center]DISCLAMER[/center][/b]
I can not be held responsible for how you use this package.
I am also not to be held responsible if flashing this package
damages your device in anyway. This package is for
educational use only and should not be taken lightly. This is
the exact package that I use for my 2nd job, and is not meant
to just be played with willy nilly. Ask permission before doing
anything in public OR private.
PenTesters_ParadiseThis package was originally supposed to be a custom ROM, but I wanted to give everyone an equal opportunity to enjoy this package, so I converted it to something everyone can use! This package isn't for the faint of heart. This is for those of you curious about Pen Testing and for those who basically want to feel like they're bringing Watch_Dogs to the real world. Below I will explain the package, and what each item can actually do. I will also have YouTube videos (when I get the time to record them) explaining each app and package. I also have some custom content coming, some that will be shown off and not released as well. Please enjoy and remember to play it safe and always ask permission first before using any of these packages or tweaks.
What's A Pen Tester?If you're asking yourself this question, this package MIGHT NOT be for you. A Pen Tester is either a White Hat or Grey Hat hacker that gets hired by individuals or companies to basically purposely hack their products, networks, or any other sorts of electronically based applications. Pen Testers are becoming a big deal especially in the Gaming world. Dev companies are starting to get smart and are realizing that they honestly can't BEAT the hackers with out TRUE HACKERS of their own. This is slowly becoming a big money life style and more and more people want into it. This is basically your "License to Kill" when it comes to a product/project/ect. when the company or individual gives you the green light to crack in and have at it.
Package Includes
Screen Shots will be added to the 3rd post of this thread, tutorials for each app and the change log to the 2nd
AnDOSid
This app is an Android-based DOS attacker. Basically, this app allows you to simulate a DOS attack (Denial of Service) as a HTTP POST flood attack on either another person or a web server.
NetSpoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. Simply log onto a Wifi network, choose a spoof to use and press start. This can be a lot of fun, but always ask first.
AndroidVNC
please see this thread for all the info about this
http://forum.xda-developers.com/showthread.php?t=497187
aWPScan
This app lets you scan wordpress based sites for exploitable entrances to the sites admin panel. Fairly simple to use and can sometimes come in handy when working for a client and building them a WP based site.
DroidSheep and FaceNiff
These apps were popular for a very short time but are very powerful. They both kind of have the same functions as they work as a MITM (Man In The Middle) attacker service. Basically, login to any WiFi hot spot, and you will start capturing web traffic. You can manipulate the web traffic to do as you want from here.
DroidSheep Guard
This app guards you from anyone else using Droid Sheep. I'm not entirely sure if it will guard against FaceNiff as well.
DriveDroid
This app turns your device basically into a disc image mounting device. Basically, you can take an ISO or IMG file, mount it with this app, and install full operating systems to another PC. Read below on how to work it with the Galaxy S5 Specifically, as there's 1 special step you need to know
1.) Run the app and go through the setup.
2.) When you get to the selection about selecting a driver, select the 3rd item, which should be a "Legacy USB Driver"
3.) When you get to the point abut TESTING it and restarting your PC, this is where the trick lies.
3a.) As your PC boots up, boot directly to your BIOS (for HP and ASUS its either Escape or F2. not sure about others off the top of my head)
4.) From here, make sure your phone as connected successfully in MTP mode.
4a.) Go into Drive Droid (After MTP has been set), and select the IMG or ISO you wish to emulate from your device.
4b.) In the BIOS, Save Settings and restart (I know you didn't change anything, hear me out)
5.) From here, you need to test...
5a.) You'll either (after the bios loading screen) boot directly to the ISO or IMG, or into your standard OS.
6.) If you boot directly to your standard OS, reattempt from step 3 onwards, but at step 5, go to 6a
6a.) When the PC restarts, bring up your Boot Menu of options (F12 I believe on ASUS and HP)
6b.) From here, select the Samsung device listed, and it should boot!
dSploit
dSploit is a package of all sorts of tools ranging from MITM attacks to DOS attacks, and other testing abilities. Plenty of videos around on how to use this app.
HackAppData
This is for any app on your device. This app lets you modify the AppData of any application installed on your device.
Hackers Keyboard
Just a highly customizable keyboard.
Network Mapper
This app simply maps out the WiFi Network you are currently connected to, showing you every device connected.
Shark
Basically WireShark for Android. Lets you see incoming and outgoing data packets from your device and other things on the network.
Penetrate Pro
No this isn't a dirty joke (couldn't resist), This app works with decoding WiFi connections to allow you to connect to locked and private connections.
SQLMap
SQLMap is one of the most highly used tools around for SQL Injection attacks as its basically the best automated tool for it. There's tons of tutorials out there about it and soon I'll post one of my own.
LockScreen Widgets Tweak
Created by BigBot96, this tweak lets you apply Widgets to your lock screen. PLEASE Make sure you download the correct file. Currently, only the NE9 builds are supported with this tweak, but I'll have an option available for you to not have to worry about this.
Coming Soon...
Future Additions will be coming around soon for this, so keep checking the thread!
Kali Linux NetHunter Features.
So far, only supported by the Nexus devices, I'm attempting to port over the apps and data for this to the S5 as the first non-Nexus device to have support for Kali Linux control. Below will be the list of what will be included.
KaliLauncher
This is the heart of the NetHunter features. This controls everything, and launches all the different exploits available through Kali Linux. To learn more, keep reading
BadUSB
BadUSB is a form of undetectable Malware that is applied to specific USB devices that match the exploit. Basically, this hijacks your USB plug while your device is connected to a computer (windows based), and lets you install a faulty driver to it that houses your malware files. You could use this to transfer things like BotNets, Trojans, and many other forms of malware to a users system and they'd never even know.
DNSSpoofer
Basically, this tool just spoofs the DNS connection you're using or the other person/s are using and lets you reroute people. DNS Attacks are few and far between, but they're slowly getting easier.
PowerSploit
I'll admit, I haven't read up on this yet, but when I have, I'll edit this lol.
NoUpStream
This stops any up stream data entirely.
Other Future Additions
Basically, I'd like to convert this to something like a "Mini-ROM" that gives you a Launcher, themed Gapps, themed system apps, and much more, but for now, this is the temp solution. Next Update should have at least a custom boot animation.
How-To Install1.) Transfer the Zip file that matches your device to your SD card or Internal Storage
2.) Boot up into recovery mode and Flash the ZIP
3.) Done!
Special thanks to the creators of all these apps, scripts and tweaks that are being applied to this package. The ZIP packages below simply just need to be flashed to your Android device via SafeStrap (only method I can test). If someone could test a standard TWRP on a Dev Edition or another unlocked device, that'd be awesome.
Download Links Below
UPLOADING NEW ONES AFTER THE NEXT FLASH Test.
Thought it was ready, and realized it wasn't.
All apps are force closing -_- I'll fix it when I wake up. I've been at it for 12 hours now
Planning on updating this/adding a download?
Nice waiting anxiously for this
Waiting like wagging dog.... I went to source and got working nice..like to wait for add ons.
http://forum.xda-developers.com/showthread.php?p=3518324
Subscribed.
Sent from my SM-G900V using Tapatalk
lol he posted this weeks ago.. he respondin in his rom thread also saying he was working on a new rom which isnt out yet and said a week or two ago that his tmo budfy got 5.0 lollipop which was false lol so not sure if and when this will actually be uploaded.. its been here for weeks with no zip or apks at all in the themes n apps section..
most of these apks are stuff you can manually install if you dont want to wait :-/
Reinventing the wheel
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
dmayniak said:
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
Click to expand...
Click to collapse
lol the last comment was me about 2 years ago
elliwigy said:
lol the last comment was me about 2 years ago
Click to expand...
Click to collapse
i know right? lol i gave up on this because at the time i sucked at making flashable zip's
Vortell said:
It would be cool if you started it back up!
Click to expand...
Click to collapse
The reason I haven't is because Kali Linux has an official release for this phone as long as your bootloader is unlocked and you're on CM
Hello!
I would like to ask for help installing either a new Cubot X6 Android or a linux based system. Until recently I wasn't aware of what kind of aggressive trojans for Android happen to compromise a phone to a degree where the solution is to buy a new one. I do not want to accept that. Therefor I am here to ask for help.
WLAN enabled - the phone runs nutts. It causes unknown apps to be installed, ruining the function of the phone completely. I bought it via ebay, a used Cubot X6. I had the device years ago until i sat on it which happened to break the display, but I liked it and bought it again, used. (The used one cost 60 bucks, a replace-display would have cost 35, so I ran with the used one - big mistake as it turned out).
Now, it's root-system is compromised. I set it to only allow apps from trusted sources. I did not download any apps beside well known trust-worthy ones, like google-maps, WhatsApp, all together.
When I first enabled WLAN, it suddenly started to display a message of the shutting down of "org.rain.ball.update" and also "ssCleaner ("suc", "chengele") is trying to obtain your current position", "ymm" cancelled, and several others. If I allow WLAN it automatically downloads 10-20 apps, some of which correlate with my laptop visited websites (alibaba), others apps from sites I have never visited ("sexy videos"). Basically the phone gets so busy that it needs to be restarted to allow any control of the phone.
I tried to fix it with Avaast, Avira, and Malewarebytes without success. With Avaast it also displays: "/storage/sdcard0/.androidsdata/is.jar", but is unable to fix it. I guess I would have to erase the SD-Card too, if I were to have the system replaced, once. None of the above things can be fixed with the tools at hand. The deletions are always interrupted, nothing gets improved permanently.
I immediately did a "Reset to factory condition", but when I enabled WLAN I didn't even install an app - it all started again, as described above.
So, a quick Google-Research turned out, there are trojan-horses, that cover themselves by pretending to be system applications, so that it would be nearly impossible to get rid of the trojan - only solution: buy a new one (See this article wwwDOTblog.lookout.com/blog/2015/11/04/trojanized-adware/).
Now, while I have a broken device and a trojan device, one solution would be to mount the display of the compromised one onto the broken one. I know it's easy to break the display during this. That's why I am here to ask, if someone might have suggestions of what else could be done to have this fixed?
Maybe it would be possible to get an uncompromised mirror-image of a Cubot X6 from the internet that would replace every data on mine? Would it fix it, if I were to install this: "Ubuntu Touch - Version 15.04 Phone"?
Any help would be appreciated. If I were to take a wild guess, I'ld say the trojan horses might have been developed by Apple...... So what am I to do now? Buy a new one?
EDIT: If you were to not believe this to be true, I could shoot a video of it with my laptop. It's really strange, but it is as it is. EDIT 2: Avaast displays a message, the phone has been rooted.
Please help!! Thank you so much!!
You won't get the virus to YOUR phone from replying ...
Am I here at the right forum for this technical problem?
Thanks
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
tys0n said:
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
Click to expand...
Click to collapse
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
CubotX6 said:
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
Click to expand...
Click to collapse
A google search for "cubot x6 firmware" will give you some good results.
Here's also Cubot forums, with link to downloads.
Hope that will help, and be sure to read up on the subject on how to flash before you start
So many Thanks! You linked me to the perfect spot! Thank you!
While i will redo my laptop with linux soon, you got experience with having linux on the phone? If i wee to try and mes up, it still were possible to go bac to the original cubot files u linked to, correct?
Thank you!!
Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer
Hello guys, as you probably see I'm new at this forums, there's only one reason I joined and is because I own the BLU STUDIO X5 (S390U) since while ago.
I noticed that this phone has built-in somewhat thing of malware on the system APKs of it. What do I mean? Don't matter how many times you do a clean, use anti-malware apps, hard-reset, even flashing to a new stock ROM or a CROM made from the original one: The problem is going to persist.
So... Tell us, which would be the solution? Well I was analysing all the possibilities, even evolving a CROM of it, however this infection it seems to be part of other APKs components, as it is visible through Anti-MalwareBytes, that Settings.APK is corrupted with it.
The solution it seems to be easy but it could be complex, even knowing that other APKs could be infected but are not listed on the scanns: Erasing Settings.APK and try to replace it with a non-infected one, but this is complex as I said.
Before I continue I need to explain what this infection does: After you use the smartphone for first time (counting resets, flashes, etc.) the smartphone is just good, even if your not using internet.
After sometime you will notice some new apps installed on your smartphone, what this infection does is to install them under what it could be called a "Silence mode", PlayStore is not needed to download such apps, either a Web Browser.
But, hey, this doesn't sound bad as it just sounds annoying lad... Aye, this sounds as if the problem is only something redundantly annoying, but not is only that, this malware is found as a Hijack and doesn't sound bad too, however, if someone with enough knowledge knows how to manage a Hijack it can even steal info from your smartphone.
But probably you're thinking, well you can fix it not allowing Unknown Sources APKs to install on it, well...
This is what it takes me to the second point of it: This malware changes the settings of your smartphone whatever the times it wants by itself, don't matter which app you use to not allow this change by itself, it is going to do it anyway.
But why? It seems that the infection has Root Access, what this mean is that it has a higher level access (is running under an Administrator mode).
And we're back again to the solution, you'll think: Maybe if I root it and replace the Settings.APK is going to be fixed, well is not that easy, apart of wasting your time, the smartphone can be even more vulnerable and unstable.
The best solution that is going to work and that's why I posted this here:
To fix this the Stock ROM must be re-built from zero. I'd do this on my own, the problem is that I'm not an advanced user, and I still learning programming and coding at my degree, every help with this would be flawlessly.
Hi, I am not new to computers phones and development but it's been years and a lot has changed. I went to school for software design and I learned on Visual Studio 6.0. So for anyone in there 30's and older you all remember how 6.0 was. Well alot has changed since 6.0 but regardless I know when someone has been messing with my phone a s or computer. I am going to try and post all of my syslog that I have saved and any new that I see. Also ibam going to try and post what open source software that I notice my phone now has licenses for. I am on a Samsung Note 10 plus 5G. And I am almost positive that my girl is responsible for the modifications done to my phone but she screams that she only knows how to play games call and text. I need someone to review my information and any information that anyone needs and tell me if my phone has been modified and if everything could have been done remotely. My ultimate question is could this all have been done remotely or would any of it and I mean even the smallest thing have to be done locally on the phone. If every single modification could all have been done remotely then maybe she's telling the truth but if just one thing had to of been done locally then she's responsible somehow. And then I need to know how to fix all of this and set up secure to prevent it from happening again.
you claim you're developer but provide logs as screenshots... seriously, if you can't trust your girlfriend what you need help is a couble care course or psychotherapist.
I doubt your Samsung Galaxy Note10+ bootloader locked device secured by Knox is tampered in any kind at all
What i'm seeing here is you using your phone with samsung packages working. It's mostly sounds running, you unlocking the device, setting an alarm ect.
Bare in mind google and apps use location alot so the location is i would say the norm. The more apps the more times location is called.
if you are concerned get dmr checker and check security levels, has the device been rooted and displays the true code? Really worried check all your apps then disable location or use odin to fully wipe the device but from what i can tell this is possibly paranoia
Whether your girlfriend can be trusted or not is not the problem. Maybe she is really hacking your phone or maybe you are just paranoid, I can't tell. Either way you two should break up before you break each other.
.. or just a week digital detox