Hacking the G1 through wifi? - G1 General

I know this is a little overboard. But i got to thinking last night that...
1. Our phones run a linux OS
2. Have exploited a super user root account which should be usable at any point while on the phone
3. Has wifi capabilities built in to connect and obtain a routable internal ip address
What is to prevent someone that knows what their doing from accessing the phone and messing up through the internal network.... or pretty much a basic hack. The phone runs nothing different (well a little different) linux distro with all commands still available. The root account doesnt even have a password to protect it and im scared to set one for fear of messing something up (supposed to have no password). I dont know if i needed root access for it to automatically know what the password is as most apps are made to probably not need a password. So whats to stop someone from hacking into the G1 and pretty much screwing everything up

The fact that there is no SSH/Telnet server running by default, so you can not make a remote connection to your phone without explicitly starting said server on the phone first.

daveid said:
The fact that there is no SSH/Telnet server running by default, so you can not make a remote connection to your phone without explicitly starting said server on the phone first.
Click to expand...
Click to collapse
good point but what about using exploits that could or have been found in the distro that this is based on or made from. When connected to any internal network you dont need a telnet or ssh tunnel to "remote" into the computer, just use commonly found exploits (if any?)

whats going to prevent this??
this bad boy right here:
http://forum.xda-developers.com/showthread.php?t=449536

well then andrew theres the answer to your question...

inpherno3 said:
good point but what about using exploits that could or have been found in the distro that this is based on or made from. When connected to any internal network you dont need a telnet or ssh tunnel to "remote" into the computer, just use commonly found exploits (if any?)
Click to expand...
Click to collapse
An "exploit" still requires some avenue of access. What you mean by an exploit is, for example; someone listening in as you log in as a regular user over telnet who then later logs in as the same user, but uses a KERNEL BUG to grab root access. This still requires a telnet server to be running. If your telnet server is NOT running, then they can't EXPLOIT the KERNEL BUG to steal root access. Another example is running unknown code on some remote web page, which then exploits a BROWSER BUG, for example; http://www.microsoft.com/technet/security/advisory/961051.mspx
You see, it doesn't matter if someone is connected to the same network, if there is no way into your computer, there is nothing they can do, even if you don't have a protected root account.
And if it makes you feel better, there's no reason you can't run iptables firewall on your phone. It is kernel supported and there are executables compiled for this device.

Related

Can I change my Hero's ID on a wireless network?

My Hero ID shows up on my wireless network as UNKNOWN, is there a way to change this? I know there was in WinMo, but I can't find anything in Android.
Thanks.
Do you mean the hostname?
I've not tried it but try setting it in /etc/hostname, and add it to the end of the localhost line in /etc/hosts, might work..
Hi Sam, thanks for the reply. Not sure what you mean by hostname.
I'm referring to how the phone is identified on a wireless network. With my WinMo devices I gave the phone a name in the Device ID section. Then, when I go to my router, I am able to see IP address, Device Name, and MAC address.
I cannot find any settings in the Hero that allow me to specify a device name, so it always shows up as UNKNOWN on the network.
Linux / unix
Deke
a Hosts file is a file that links IP address with Names... Windows have them UNIX and macs... etc...
its a file you will rarely see in windows. but in unix/linux you very well could.. as Android is based on Linux i beleive the sugesstion mentioned is to edit this file on your phone and ad the Local host (the phone itself) in there with the name you want it to have...
In UNIX (which i use) i can totaly see this working but have no idea if this will work on the phone, and you will need it to be 'rooted'
this means have access to the Administrators privlages to edit files...
(in linux root = Administrator)
there are posts on the forums on how to root your phone and it will open up function to you but at the same time will allow you to happly **** up the system files if you dont know what your doing and make your phone into a nice paperweight...
hope this helps
Hi Bobro; very helpful, thanks.
So basically I can't do something as simple as give my phone a useful ID without rooting it? I would regard that as a fundamental requirement, so it seems a bit foolish to omit the functionality from Android.

[Q] Which file/property tells apps phone HAS internet access?

Hi,
I'm working to get reverse tethering (internet passthrough) working through a Linux pc. The app that comes with the phone is for Windows only. I have got to the stage where I can bridge the interfaces on the pc, get a dhcp address on the phone's usb interface, set the route and access the internet (from some apps). However, other apps don't even bother to try to connect if the phone tells them it has no access. This must be set in a property somewhere, but I don't know where? Can anybody help find it and tell me how to set it?
Cheers!
They probably only ask this class, directly or automatically when creating a connection :
http://developer.android.com/reference/android/net/ConnectivityManager.html
You will probably need to browse the Android SDK sources, but looking at this class, this will not help you much as the connectivity itself is hidden behind a IDL interface :
http://android.git.kernel.org/?p=pl...ore/java/android/net/ConnectivityManager.java
Thanks for the reply faugusztin.
Sounds too complex for me to set, unless there are ways to do this indirectly.

bypass school router blocks

hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
yukinok25 said:
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
Click to expand...
Click to collapse
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
johnston9234 said:
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
Click to expand...
Click to collapse
yes, a free proxy can be a solution in most cases, here try some in this list first:
http://www.publicproxyservers.com/proxy/list1.html
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
pulser_g2 said:
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
Click to expand...
Click to collapse
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Considering you are at school, you will lack a lot of needed rights to edit certain things. I would know, I had to get around blocks on both Windows and Mac computers my freshman year.
I would advise you use the software, Your Freedom, it's free, but requires an account, you will also need to use a browser such as Firefox, and edit the settings to use the correct IP and Port as a proxy.
It also works on both Mac's and PC's. There is another software that I had used, strictly for windows PC's, but I can't recall the name of it.
Edit: I also ran the software from my flash drive..
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
yukinok25 said:
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Click to expand...
Click to collapse
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
Come on... Surely you ain't gonna abuse that privilege? You got it because you were trusted, not to work round the restrictions that are in your acceptable use policy...
yukinok25 said:
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
Click to expand...
Click to collapse
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
pulser_g2 said:
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
Click to expand...
Click to collapse
haha, All of my schools have used disk freezing software. I thought about putting it on my parent's computer so I don't have to work on it anymore.
Eventhough I generally don't work on it anymore and just have them call someone to work on it for them. hahah.
buttes said:
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
Click to expand...
Click to collapse
Back in my days in high school we just got the many different IT and Librarian passwords/usernames and some teacher's passwords aswell. Then we'd log in to them and download Kazaa (yeah, it was that long ago lol), and downloaded like a gig or two of old NES, SNES, SEGA, Etc roms and started passing them around to everyone. haha.
It got so bad that the school threatened expulsion for everyone that had the games on their user accounts because it was overloading their network and storage space.
For a while they were just searching for the rom's extensions and you could just go and change them to a .txt and then change them back when you wanted to play them, but then they finally realized that the gig of space the roms took up were about 4 times the size of the data we were allowed to have and they could just sort the usernames by the usage of storage space.
The teacher's ones were fun to have though... it allowed you change some grades here and there...especially with my method of madness which I will not describe here. lol
pulser_g2 said:
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Click to expand...
Click to collapse
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
yukinok25 said:
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
Click to expand...
Click to collapse
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
pulser_g2 said:
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
Click to expand...
Click to collapse
True I am agree with you Pulser, thus I am really into this sort of things recently.
I am eager to learn..
Could you please recommend me a book or something (not too advanced) that would help me to understand better LDAP/AD, DNS and everything about security and networking?
I obviously wanna learn just for myself and I definitely don't want to spread or divulge in anyway bad behaviors..
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
if not previously mentioned, you're looking for "Tor" which comes in both installable packages or portable exe files that can be run off flash drives and includes a custom made 'Mozilla Firefox' which comes preloaded with Tor and does not save any browsing information on your client machine, thus this program is completely anon when ran from a flash drive.
www.torproject.org and you're looking for the Stable Portable Browser Bundle
Please thanks me (click thanks) if this helped
really there is a simple way
use kon-boot and bypass admin password and change the settings
kylon said:
really there is a simple way
use kon-boot and bypass admin password and change the settings
Click to expand...
Click to collapse
not if he is on a school network, he would have to physically run kon-boot on the server itself which defeats the purpose because the server would already be logged in as an admin of some kind.
-correct me if I'm misunderstanding or have missed a key post somewhere-

[How To] Use ConnectBot to pass WebTop FF traffic without a tethering plan

I, like many here, have received a notice about tethering usage. I was working on a non-related project for someone who is heading to China so that they could bypass TGFoC when I had the following idea. If I can pass a computer in China through my SSH server to get internet access, why can't I do the same within the WebTop environment?
I know that in the WebTop environment, the phone window still has a valid connection to my carrier (AT&T, as the case may be), although the Webtop environment does not unless you pay for the double-dipping fee for tether usage. Here's what I did to get internet access on my phone (in Firefox) and it appears to work for me (YMMV):
===Things you'll need:===
Phone with WebTop
ConnectBot installed on the phone
Valid credentials to a box you can SSH to as well as create port forwards on
===Procedure===
1 On the phone, setup the ConnectBot ahead of time for the connection to the server.
2 Create a port forward
2a Name it anything you want (I called my WebProxy)
2b Type should be dynamic (SOCKS)
2c Source port is set to 8080. Any unused port should be fine, but this is the one I used
2d Destination is unchanged
3 Open up Webtop. Although untested, I see no reason why Webtop via HDMI shouldn't work.
4 Within the Mobile view window, connect to your server and ensure that the port forward is enabled (a disabled one has a line through it)
5 Open the Preferences of the WebTop's Firefox
6 Click on Advanced->Network->Settings
7 Change the proxy to be SOCKS and use 127.0.0.1 as the IP and the same port number as you selected in step 2c
8 If you want the DNS requests to work, you may wish to change that within about:config (look for "network.proxy.socks_remote_dns" and set it to true)
Your FF should now pass all its traffic through ConnectBot's SSH connection.
===Caveats===
1 All your network traffic from Firefox will be slower due to your SSH server acting as proxy.
2 You obviously need a desktop/ server machine that is reachable all the time. This may not be cost effective if this is its only use.
3 I do not claim that this is undetectable, only that it works. If another person more knowledgeable in this could comment, I'd appreciate it.
Thoughts?
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
wingmanjd said:
I'm having occasional issues with ConnectBot not creating the port forward while on mobile data, and I'm thinking it may be timing related. Could anyone assist?
Click to expand...
Click to collapse
Solved my own problem. I had a dying Atrix phone previously. My tutorial above works perfectly on my new phone.
This really helped me!
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
perr0.br said:
Thanks a lot, it worked (although I can't find a "thanks" button).
But I don't get one little thing. Why we have to set the proxy to "source port"? In my (obviously mistaken) mind, it should be the destination port.
On a computer ssh command we would use something like:
ssh -ND [port-passed-to-proxy] [email protected]
I'm a bit confused by the name "source" to the port being passed to the proxy as I see it the other way around.
Click to expand...
Click to collapse
Well, I think the confusion lies in possibly the way you're looking at it. From connectBot's viewpoint, it's going to be passing all data that hits the source port via its connection. Firefox's proxy port, and what I'd consider to be a destination port from its point of view, would be the connectBot's source port.
I'm not a developer, but I play one on TV.

What is everyone here doing for a firewall?

Am a little bit surprised (to say the least) that a device for ebook reading with a shop based function, has no working firewall!
Especially as the kernel is based on Linux!
What are people here doing for a firewall?
Has anyone manged to get ipchains etc back onto the Nook?
Freya
FreyaBlack said:
Am a little bit surprised (to say the least) that a device for ebook reading with a shop based function, has no working firewall!
Especially as the kernel is based on Linux!
What are people here doing for a firewall?
Has anyone manged to get ipchains etc back onto the Nook?
Freya
Click to expand...
Click to collapse
I doubt that an unrooted NST has any listening ports, so no need for a firewall. Credit Card details aren't stored on the NST itself, so an attacker would need to sniff the (SSL-encrypted+signed?) network traffic and use that to log into the account, if that's even possible. I suspect that all an attacker could do would be to buy books for the registered user without their permission.
cowbutt said:
I doubt that an unrooted NST has any listening ports, so no need for a firewall. Credit Card details aren't stored on the NST itself, so an attacker would need to sniff the (SSL-encrypted+signed?) network traffic and use that to log into the account, if that's even possible. I suspect that all an attacker could do would be to buy books for the registered user without their permission.
Click to expand...
Click to collapse
We know that at least port 80 exists because of the built in web browser and the nook must be receiving data somehow for the books etc.
You are right that the credit card details are almost certainly stored remotely but once a hacker is inside they can log the data from the keyboard so that when you update your credit card details you are passing on the details to who knows who.
Freya
FreyaBlack said:
We know that at least port 80 exists because of the built in web browser and the nook must be receiving data somehow for the books etc.
You are right that the credit card details are almost certainly stored remotely but once a hacker is inside they can log the data from the keyboard so that when you update your credit card details you are passing on the details to who knows who.
Freya
Click to expand...
Click to collapse
No, that's not how TCP works.
The NST will make a connection from an ephemeral source port in the range 1024-65535 to the destination port of 80 (http) or 443 (https) on the server. Connections cannot be established to the ephemeral port on the NST without MITMing the connection. If you're worried about that, you should also worry about lots of other attacks (e.g. transparent malicious proxies) that an IP firewall also won't protect against. And don't connect your WiFi devices to untrusted networks (which is good advice anyway).
TL;DR: the lack of an IP firewall on an unrooted NST is the least of your worries.
cowbutt said:
No, that's not how TCP works.
The NST will make a connection from an ephemeral source port in the range 1024-65535 to the destination port of 80 (http) or 443 (https) on the server. Connections cannot be established to the ephemeral port on the NST without MITMing the connection. If you're worried about that, you should also worry about lots of other attacks (e.g. transparent malicious proxies) that an IP firewall also won't protect against. And don't connect your WiFi devices to untrusted networks (which is good advice anyway).
TL;DR: the lack of an IP firewall on an unrooted NST is the least of your worries.
Click to expand...
Click to collapse
Well I would worry about malicious proxies but I'm not sure I can do anything about them really.
So what you appear to be saying is that the whole firewall thing is very overrated and isn't really all that necessary.
I assume it was just one of those things that was trendy for a short while some time ago but has now gone out of fashion.
I know a lot of people turn off their firewalls to play networked computer games because the firewall tends to get in the way, so maybe they are a lot less important than I assumed.
You are right that I probably worry too much about these things.
The thing you say that makes me pause for thought tho, is about connecting to untrusted networks.
Isn't the internet itself an untrusted network? Or am I being over the top again because I'm basically protected by my ISP?
Freya
FreyaBlack said:
Well I would worry about malicious proxies but I'm not sure I can do anything about them really.
So what you appear to be saying is that the whole firewall thing is very overrated and isn't really all that necessary.
Click to expand...
Click to collapse
It depends.
IP firewalls are still quite useful to protect networks where people may connect hosts running network services that don't comply with the organisation's security policy. And host firewalls are sometimes useful if there are listening network services that cannot easily be disabled, or if there are outbound connections that one wishes to block. More intelligent firewalls that perform some deep packet inspection can also be useful these days (mostly because so many so-called "firewall friendly" network protocols just run over HTTP(S)).
The thing you say that makes me pause for thought tho, is about connecting to untrusted networks.
Isn't the internet itself an untrusted network? Or am I being over the top again because I'm basically protected by my ISP?
Click to expand...
Click to collapse
That depends how competent and/or malicious your ISP is, and how co-operative they are with the local government!
Freya
Click to expand...
Click to collapse

Categories

Resources