Android Applications Android Latest Android News Latest News Security POSTED: 08/8/11 3:04 PM 18 0
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Itzhak Avraham - A Security researcher just unveiled an app called Anti, or Android Network Toolkit at Defcon hacker conference in Las Vegas Friday and plans to make available to Android in coming days. The app is designed to bring easy hacking on the go which brings all the hacking tools available to penetration testers on PCs to smartphones, with an automated interface intended to make sniffing local networks and owning remote servers as simple as pushing a few buttons.
While Anti will be great for researcher to do mobile pen testing, it could be very dangerous and a hacker could, for instance, walk into a coffee shop or a corporate office with his phone and connect in public WiFI to start sussing out machines for data theft or malware infection. Here is what Avraham says:
“Anti is your perfect mobile companion, doing it all for you. Please remember, with great power comes great responsibility. Use it wisely.”
Anti, will be available on Android Market next week as a free app with a $10 corporate upgrade and will ask users in its terms of service to limit their hacking to “white hat” penetration testing.
Every defcon they come out with vapor ware. I'll believe it if or when they even post a beta somewhere by the end of the month. I seriously doubt it will be out by the end of next week on the market.
dvdivx said:
Every defcon they come out with vapor ware. I'll believe it if or when they even post a beta somewhere by the end of the month. I seriously doubt it will be out by the end of next week on the market.
Click to expand...
Click to collapse
Definitely not vaporware as I have it on my phone right now. The beta is out and going well... Zuk's a smart man and a good friend
Being in the security business, I really look forward to see how many vectors & versions will be included...
Hope it'll be good.
Cant wait till it comes out.
Here is his website with a semblance of a price structure/feature list.
Download is for beta testers only at the moment.
edit - silly posting rules (no urls allowed)
zimperium.com/Android_Network_Toolkit.html
Hi, i know that you get this question all the time but, how can a get the apk or how can i be a beta tester? Should i just wait until this app is available in the android market? I will apreciate if you reply my message, have a nice day
Anti, will be available on Android Market next week as a free app with a $10 corporate upgrade and will ask users in its terms of service to limit their hacking to “white hat” penetration testing.
Click to expand...
Click to collapse
$10 corporate upgrade. In no time it 'll be free on the net.....
Download From Here
What is Anti?
ZImperium "Anti" LTD is proud to annonce Android Network Toolkit - Anti.
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti
Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.
What is AntiCredit?
AntiCredit is the app to purchase status and credits for Anti usage.
Once you buy Silver, Gold or Platinum(for corporate users and power users), your status is saved forever. You can use MITM,DOS,SPY,REPLACE IMAGES and other features like PASSWORD CRACKER, but you also get N amount of credits, these credits can be used for attacks and reports.
Once Anti has mapped your network, it is time to choose the attack method:
[+] Scan - This will scan the selected target for open ports and vulnerabilities, also allowing the user to select a specific scanning script for a more advanced/targeted scan.
[+] Spy - This will 'sniff' images transferred to/from the selected device and display them on your phone in a nice gallery layout. If you choose a network subnet/range as target, then all images transferred on that network - for all connected devices - will be shown. Another feature of the Spy plugin is to sniff URLs (web sites) and non-secured (ie, not HTTPS) username/passwords logins, shown on the bottom drawer.
[+] D.O.S - This will cause a Denial Of Service (D.O.S) for the selected target, ie. it will deny them any further access to the internet until you exit the attack.
[+] Replace images - This will replace all images transferred to/from the target with an Anti logo, thus preventing from attacked used seeing any images on their browsers while the browse the internet, except for a nice looking Anti logo...
[+] M.I.T.M - The Man In The Middle attack (M.I.T.M) is an advanced attack used mainly in combination with other attack. It allows invoking specific filters to manipulate the network data. Users can also add their own mitm filters to create more mitm attacks.
[+] Attack - This will initiate a vulnerability attack using our Cloud service against a specific target. Once executed successfully, it will allow the attack to control the device remotely from your phone.
[+] Report - This will generate a vulnerability report with findings, recommendations and tips on how to fix found vulnerabilities or bad practices used.
Anti supports & uses the followings OSS tools :
nmap
Ettercap
driftnet
THC-Hydra
Metasploit
We will be releasing patch sets for OSS shortly. This should assist developers to compile binaries used by Anti!
nice.
Could you sum up what data I should expect to see that your application is sending back to you ?
I'd like to know what you are sending home, even using this tool could violate an pentesting NDA.
The best would be if you sent absolutely nothing back - but I guess you are a bit more curious than that.
anti (android network toolkit)
it's out but you can only get the lite version because you can't pay that .
the app that you can purchase anti gold or whatever is pull of from android market of is not released .
so theire is now danger to this app !!!
where can found platinium ver. (cracked)
requesting warez is a bannable offence under xda rules of use.
Related
A malicious application that can steal cash via phones running Google's Android operating system has been found.
The program poses as a media player but once installed starts sending premium rate text messages.
The service being sent messages is operated by the malicious app's creator, who scoops up the fees.
Discovered by Kaspersky Labs, it is believed to be the first booby-trapped application for Android.
In a security advisory Kaspersky said that the virus - Trojan-SMS.AndroidOS.FakePlayer.a - is being spread by text message. The message prompts users to install an application, 13KB in size, which purports to be a media player.
The virus was most prevalent among Russian Android users. The risk to Android owners worldwide is believed to be low.
'Trusted model'
In its advisory it said that the huge growth in the number of Android applications was likely to make the phones tempting targets for criminals.
"We can expect to see a corresponding rise in the amount of malware targeting that platform," said Denis Maslennikov, mobile research group manager at the firm.
Simeon Coney, spokesman for mobile security firm AdaptiveMobile said booby-trapped applications that run up big bills via premium rate numbers were very common on other platforms such as Symbian.
Symbian is the most popular smartphone operating system, commonly used on handsets built by Nokia and Sony Ericsson.
"There are a significant number of Java based mobile viruses that do exactly the same malicious activity of sending out premium rate (i.e. reverse charge) SMS," he said.
Like other mobile application stores, Google has a system in place that can revoke malicious applications and stop them running on handsets.
"Our application permissions model protects against this type of threat," said a spokesperson for Google.
"When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS.
"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.
The spokesperson said the firm advises users to "only install apps they trust".
"In particular, users should exercise caution when installing applications outside of Android Market."
Source: http://www.bbc.co.uk/news/technology-10928070
http://www.bbc.co.uk/news/technology-10839034
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks for the heads up.
I wonder which antivirus apps can pick this out? Could be a test to see if antivirus actually works...
Interrrsting, are there any anti virus programs available for android?
Google's disclaimer is rediculous, most users have no idea what it means. Shameful handling by google.
Why nog set up an approval process on the market?
Sent from my X10i using XDA App
GlennQ said:
Why nog set up an approval process on the market?
Click to expand...
Click to collapse
Because that would be irritating. Head over to the Apple store and get yourself an iPhone if you want that sort of treatment.
Here's an idea. If you have a computer, think for a second before installing something you have absolutely no idea about. The #1 rule of computer safety: Don't install random crap.
People need to realize that software isn't magically safe just because you're using a phone. It's still a computer. Use a little common sense. This isn't that complicated.
synlar said:
I wonder which antivirus apps can pick this out? Could be a test to see if antivirus actually works...
Click to expand...
Click to collapse
LookOut antivirus, free from Market
Edit: Just found that as well: http://droidfanz.com/appz/android_tools/788-smobile-security-shield-v1714.html
weird...
virus origin : Russia
reported by : Russian anti-virus company
and..: they have planned for av next year.... how come they plan before hand when there was no virus before this .....??
Pandora Subpoenaed in Federal Grand-Jury Probe Over Personal Data
http://nymag.com/daily/intel/2011/04/pandora_subpoenaed_in_federal.html
Does not surprise.
oh so its illegal for pandora to collect demographics, but google, yahoo, bing, facebook, myspace, etc.. can have a field day with it?
Anyone that has dabbled into any type of advertising knows that demographics is the key. Pandora doesn't REVEAL the demographics, but rather allow the advertisers to pick their target audience (male, age of XX, on network XXXX, with phone XXXX).
Same way as facebook targets you with their ads. Facebook not only allows advertisers to target you based on your personal information (age, gender, education, location), but they also allow targeting through what you "Like", and who your friends are.
Pandora is just getting ****ed in the ass for this, without even doing anything wrong.
Last-Chance said:
oh so its illegal for pandora to collect demographics, but google, yahoo, bing, facebook, myspace, etc.. can have a field day with it?
Anyone that has dabbled into any type of advertising knows that demographics is the key. Pandora doesn't REVEAL the demographics, but rather allow the advertisers to pick their target audience (male, age of XX, on network XXXX, with phone XXXX).
Same way as facebook targets you with their ads. Facebook not only allows advertisers to target you based on your personal information (age, gender, education, location), but they also allow targeting through what you "Like", and who your friends are.
Pandora is just getting ****ed in the ass for this, without even doing anything wrong.
Click to expand...
Click to collapse
The question is...does it stipulate that this is done in the ToS?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
dirkyd3rk said:
Click to expand...
Click to collapse
Article he posted doesn't say that.
mattykinsx said:
The question is...does it stipulate that this is done in the ToS?
Click to expand...
Click to collapse
It doesn't have to. Because they aren't giving away your info. They are just storing it and matching what the advertiser wants with what you want.
Here is what facebook has on it:
Code:
You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. You give us permission to use your name and profile picture in connection with that content, subject to the limits you place.
We do not give your content or information to advertisers without your consent.
You understand that we may not always identify paid services and communications as such.
As long as the pandora ToS states that they are allowed to store content/name/location/etc.. which it most likely does, then I don't see how this can be problematic.
And they do say that:
http://www.pandora.com/privacy
All the news media and everyone that is making this a big deal doesn't know the first thing about how advertising works, and are hyping it up as if pandora is actually going out and dropping your name/email/gender/age/etc.. to the advertisers. And thats not how it works. The advertisers give specifics for their campaign, and then pandora matches their specifics to their database, and delivers the ads.
mattykinsx said:
Article he posted doesn't say that.
Click to expand...
Click to collapse
Why doesn't it I just read both?
Last-Chance said:
It doesn't have to. Because they aren't giving away your info. They are just storing it and matching what the advertiser wants with what you want.
Here is what facebook has on it:
Code:
You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. You give us permission to use your name and profile picture in connection with that content, subject to the limits you place.
We do not give your content or information to advertisers without your consent.
You understand that we may not always identify paid services and communications as such.
As long as the pandora ToS states that they are allowed to store content/name/location/etc.. which it most likely does, then I don't see how this can be problematic.
And they do say that:
http://www.pandora.com/privacy
All the news media and everyone that is making this a big deal doesn't know the first thing about how advertising works, and are hyping it up as if pandora is actually going out and dropping your name/email/gender/age/etc.. to the advertisers. And thats not how it works. The advertisers give specifics for their campaign, and then pandora matches their specifics to their database, and delivers the ads.
Click to expand...
Click to collapse
They know how advertising works - they depend on it which is also why they run stories like this. As for everyone else, what you expect free stuff to not have some type of business model that takes advantage of your usage? Even if you pay for Pandora One you have or had the freedom to not use or subscribe.
Sent from my PC36100 using Tapatalk
Last-Chance said:
oh so its illegal for pandora to collect demographics, but google, yahoo, bing, facebook, myspace, etc.. can have a field day with it?
Anyone that has dabbled into any type of advertising knows that demographics is the key. Pandora doesn't REVEAL the demographics, but rather allow the advertisers to pick their target audience (male, age of XX, on network XXXX, with phone XXXX).
Same way as facebook targets you with their ads. Facebook not only allows advertisers to target you based on your personal information (age, gender, education, location), but they also allow targeting through what you "Like", and who your friends are.
Pandora is just getting ****ed in the ass for this, without even doing anything wrong.
Click to expand...
Click to collapse
you should actually read the article, instead of just the headline.
Pandora is not the subject of the investigation, and they were not the only ones subpoenaed.
In fact, in a securities filing for an initial public offering, the company revealed that it had been served a subpoena to turn over information for a federal grand-jury probe into the way smartphone software developers disclose personal data. Pandora isn't the target of the investigation — similar subpoenas have been issued to other publishers that run on the iPhone and Android operating systems.
Click to expand...
Click to collapse
subpoenas aren't only given to those who are accused of or suspected of a crime, they are information-gathering tools for law enforcement agencies.
By David Meyer
In a boon to those about to head off for their summer holidays, Google is to make it possible for people to use its mobile Maps app without a cellular data connection.
Google Maps already had this feature, at least on Android, as a Labs add-on. However, that required a tricky procedure whereby the user had to select a centre point around which a limited area would be pre-cached. On Wednesday the company said it was making the offline capability official and easier to use.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Offline Google Maps for Android are coming in the next few weeks," Google Maps engineering chief Brian McClendon wrote in a a blog post. "Users will be able to take maps offline from more than 100 countries. This means that the next time you are on the subway, or don't have a data connection, you can still use our maps."
The announcement also contained several other updates for the mapping app. For those who want to use Google Maps while hiking, Google is to send 'Street View Trekkers' to photograph wilderness areas that can only be accessed by foot.
The company is also extending its Map Maker feedback-and-corrections service to South Africa and Egypt, with Australia, Austria, Belgium, Denmark, Finland, Liechtenstein, Luxembourg, New Zealand, Norway and Switzerland all set to get access in the next few weeks.
The moves come as a rival system, OpenStreetMap, continues to gain traction, partly through its use by Apple. OpenStreetMap is, as the name suggests, open source, and it has always been built on user contributions and edits.
On Wednesday Google also announced an update to its Google Earth virtual globe. While it has been possible for the last six years to create 3D models of specific buildings, the company will soon add entire metropolitan areas in three dimensions, as demonstrated in a video.
"This is possible thanks to a combination of our new imagery rendering techniques and computer vision that let us automatically create 3D cityscapes, complete with buildings, terrain and even landscaping, from 45-degree aerial imagery," McClendon wrote. "By the end of the year we aim to have 3D coverage for metropolitan areas with a combined population of 300 million people."
Thats great news! So does this mean that I can be home, connected to WIFI and download the maps for my area, and then just go out with no data/wifi and I will be able to use the navigation feature as a GPS?
My question is where is this offline map going to be stored; Sdcard, cache,...(That's right!! I used a semi-colon)
I don't use maps on my phone at all. Have actually uninstalled the apk, because it was always running in the background eating battery. I do keep it on my tablet but that is bc it is wifi and when asleep it doesn't use data which doesn't use battery.
( ... heard there was a Zen party going on in here ... )
I've used the offline maps Labs addon in the past, but it was only limited to 10 download points. Forgot how large the download radius was, but it was only ok (not wood inducing). I'm curious to see whether this will truly allow you to download offline data all the way down to street level view (as purported in an article I read).
I use Locus Pro on my Tab, and I've used it to download tiles from Google Maps as a source. It's limited to downloading 10,000 tiles per day (from Google), which sounds like a lot but really isn't esp. if you're saving multiple zoom levels per target area. Adds up real quick. Not sure the number of tiles I've downloaded thus far, but it's about 250 MB worth of sd card space. Lol.
I'm curious to see what Google brings us. Any offline map is always handy anyhoo.
Woodrube said:
My question is where is this offline map going to be stored; Sdcard, cache,...(That's right!! I used a semi-colon)
I don't use maps on my phone at all. Have actually uninstalled the apk, because it was always running in the background eating battery. I do keep it on my tablet but that is bc it is wifi and when asleep it doesn't use data which doesn't use battery.
Click to expand...
Click to collapse
I remember trying an app that did something like this, and the maps took up ENORMOUS amounts of memory. i guess this wouldnt be an issue for someone who is nice to their sdcard, but for someone like me who is always tinkering on 90%+ full...im good with the way it is now. but hey, its a good option....options are always a plus.
What I can't wait for is the new Maps that Apple is planning on showing, i think its next week?
Apparently, 3D etc. etc. Nothing that Google doesn't have.
I love how google just plans their maps event before Apples and Apple was the first one to plan it in the beginning (this sentence makes no sense i just re-read it -.-)
I would like to start a forensics thread.
I am a securiry auditor ( pen tester) and good at reverse engineering.
*****UPDATE******
I have owned the application decomiled the entire thing. I have all the download scripts and the actual apk is it not mktcamera it is
com.example.cameraroot-325a203119a823aad9e160e729650fbb.apk
I have given chainfire the apk it is up to him what he does.
I will send an email to kingo and and see if they want to clean up there ****. if they dont. i will release everything.
If you do not beleave me pm chainfire and ask him yourself.
I can not spend anymore time on this.
Sounds interesting. Kudos to you for attempting something concrete.
If you want to do static analysis of the initial download ("android_root.exe"), see this post. The initial Kingo download is an Inno Setup self extractor that can be unpacked without running it using the InnoUnp extractor utility.
I'll see what I can do to help.
thanks
I am trying to download the latest kingo. There site is very very slow. Looks like it is getting ddos. That is really good. It might give me a change to hit the request with session splitting, so i can get the scripts manually.
I
can someone translate this
Getting closer to having this app owned
I need this translated thanks!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.
subbed for results. Thanks for taking the time to look into this and sharing with us, very intriguing
krazylary said:
I have decided to not release the source code publicly. I will be giving it to the rockstars in the android world so we can have a clean root.
Click to expand...
Click to collapse
Thank you. It would be much preferable to having a static ARM (not PC-based) binary that needs no network access to get it's job done. Open source would be even better - even in the case of a completely static binary with no need for network access, the device owner is still "turning over their device" to that program and trusting that it is not malicious. After all, if it succeeds, it pwns the targeted device.
Although, truth be told, that just makes Sammy's job of closing off the hole that much easier, but that's the nature of the arms race.
Q about your previously posted (and now redacted) summaries - what is typical for false positive detection rates for random executables submitted to those "all in one" virus scanning services? Seems like the candidate malware identified would have shown some evident symptoms (popup ads, site redirection, etc) on folks platforms - unless it just lies dormant for a while or has been subverted itself to serve other needs (bot, etc).
What was the nature of the .xml that was being downloaded - did you have a look?
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Sent from my SM-N900V using xda app-developers app
dead batteries said:
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Click to expand...
Click to collapse
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Opps!
Yes
bftb0 said:
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Click to expand...
Click to collapse
What he said
I would like to add that the coders of kingo have gone above and beyond trying to hide there exploits methods and everything around it. i would do the same if i had a exclusive exploit like this... Exploits cost money if you want to use them. nothing is free nothing. They get something out of it. Or they would not return emails or update the software Would you? It sure as **** is not advertising on there site.
fyi one of the files that is download from kingos servers is called root_kit_base.sbin
Why blur out the program you are using?
personal
here are the programs
colasoft caspa enterprise 7
ida pro 6.5 arm hex rays
wireshark
cascade pilot enterprise
burp suite pro
just like to not have personal info exposed.. habit i guess.
christianpeso said:
Why blur out the program you are using?
Click to expand...
Click to collapse
Thanks for the info guys, that was a well thought out Super long answerand I read it all. ..twice. It doesn't "seem"like I need to worry though. My root with kingo went well, took less than 5 minutes if I remember and my device seems better because of it. Is There anything I should keep an eye out for?
Sent from my SM-N900V using xda app-developers app
I'm confused, did you actually find something malicious or is that where chainfire comes in?
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
bftb0 said:
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
Click to expand...
Click to collapse
Is it possible that information is needed on a per device basis in order to implement the exploit? Thus network connectivity would be essential for a universal rooting tool?
Sent from my SM-N900V using Tapatalk
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
bump
Sent from my SM-N900V using Tapatalk
kenneu said:
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
Click to expand...
Click to collapse
Kinda wondered that myself. Nothing materially changed on the device end of things for the VZW GN3 ... and all of a sudden a bunch of new reports that Kingo no longer works on that (unchanged) device... ?
Could be mere coincidence ... or could be that Kingo didn't want folks looking under the hood... hard to know.
Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?
kgyirhj said:
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
kgyirhj said:
Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
It checks the IQ of the user. The phone shuts down below 90. Mine does not boot anymore ?
Sent from my SM-G900F using XDA Premium 4 mobile app
fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
All I know about this service is what I have written here.
It's name is "intelligence service"
and the file is com.samsung.android.intelligenceservice
The reason I started this thread is to get more infomration about what this is as google search does not give much about it.
Phone is SM-G900F
I found some new info using another program to monitor services..
"Receiver
com.samsung.android.intelligenceservice.useranalysis.UserAnalysisBroadcastReceiver handels action android.intent.action.BOOT_COMPLETED with priority 0"
And a second one also named "intelligence service"
"com.samsung.android.intelligenceservice.useranalysis.analyzer.CarAnalyzer handels action android.intent.action.BOOT_COMPLETED with priority 0"
This service isn't on my phone. And as you said, a cursory Google search doesn't tell us much, so we can't tell you anything about it either. Unless you, or someone else that has it provides more information.
At a guess it's just part of some Samsung bloatware. If you disable it, then the associated bloatware app will stop working. If you want to learn more, then look at xprivacy, a root enabled file browser or perhaps Settings > Applications > App ops and find out what app (apk) the service originates from. Then post the apk or at least provide the app's name and what permissions it asks for.
.
And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
.
fffft said:
And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
.
Click to expand...
Click to collapse
Somebody is in a bit of a pickle then.
This is also on my handset too
here also.. been reading a bit and found this app:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109
and it looks it works for S3:
http://forum.xda-developers.com/showpost.php?p=28662155&postcount=4
could it work for S5 also?
Same here
fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
---------- Post added at 11:49 AM ---------- Previous post was at 11:10 AM ----------
harlgal said:
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
Click to expand...
Click to collapse
I think it's the Isis (Softcard) Wallet, pretty sure it is. I just re-enabled it to start using my Serve card.
Connecting to Mac/PC
hi there,
I had a problem after installing amazing "Blaze Kernel "Onto G900w8 S5 running Xtresolite Rom v 1.5 is that phone is not connecting to Pc or mac through kies or Andriod file transfer which used to connect without any problems. Kids or other softwares just keep on trying with no success. I guess there might be some settings that need to corrected to get connectivity. tried both file or camera transfer modes on S5 but no connections.
One Amazing thing i noticed in performance and battery life with this kernel is that my Antutu benchmark scores went up to 43456 from 40435 and is the maximum reached so far...Simply Amazing..
PLEASE HELP!!!!! with connection problems would be highly appreciated.
so what's the verdict on this??
No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...
DaddyChaddie said:
No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...
Click to expand...
Click to collapse
What the hell are you talking about?
Note 4 same problem
I use battery doctor and lately it's been hard to charge and running quite slow then when I went to optimize it it had all these weird apps iv never seen before and majority of them say they have permission to record audio take my photos use any of my information and so on most of them I can force stop but they just open back up also since this is happen when ever I plug my charger in it makes a weird beep sound after the normal beep that occurs when plugging it in to charge
Ive always just uninstalled this app along with several other useless and suspicious looking apps samsung likes to load our devices with.
I have had my phone for over 12 months. I am very aware that I am being monitored for no reason and so , have kept tabs on my phones files and apps. Only today have I seen a file called Intelligence Service and so, wanted to find out what it was. It wasnt there 4 weeks ago. 4 weeks ago I had other odd files that I couldnt delete. My phone does what it wants: answers calls and hangs up, opens apps, closes other apps, filters internet and when Im on a call I will hear people talking on the line as if its an echo but they arent saying the same thing I am. I often hear voices coming out of the speaker. It reboots when it wants to. My data runs out too quickly no matter how I use it....when I take photos it gets hot like the info is being transfered. My phone has a magnetic charge, too. The phone runs with a slight delay as if its being relayed. Smart phones and idiot phones arent safe. I used my old basic nokia last week. It too was being controled remotely. It doesnt matter what u do.
Com.Sec is a sucurity company. Com.Sec.android may be innocent. If u have files that just say Com.Sec get rid. Com.Sec Investigations, Omnitron. Look them up.
I've just installed the SuperMan ROM and see a newer version of this service, com.samsung.android.intelligenceservice2.
The ROM also left (or brought) over com.samsung.fresco.logging (Fresco Intelligence Service). Apparently nobody knows what that is.
Let's see what the developer says about the two enabled logging/intelligence services in his ROM.