Now it’s easy to exploit and manage Android mobile devices using a python based tool ADBsploit. To use this tool we required ADB (Android Debug Bridge) on hackers machine and the USB debugging option must be enabled on the targeted device. There is no need to root the device. These types are tools are also covered under the cyber forensics curriculum of International Institute of Cyber Security. In the ADBsploit we have many options to access the target mobile.

Environment

• Os: Kali Linux 2020 64 bit
• Kernel-Version: 5.6.0

Installation Steps

• Use this command to launch the tool.
• git clone https://github.com/mesquidar/adbsploit

root@kali:/home/iicybersecurity# git clone https://github.com/mesquidar/adbsploit
Cloning into 'adbsploit'...
remote: Enumerating objects: 174, done.
remote: Counting objects: 100% (174/174), done.
remote: Compressing objects: 100% (104/104), done.
remote: Total 174 (delta 68), reused 124 (delta 31), pack-reused 0
Receiving objects: 100% (174/174), 40.97 KiB | 230.00 KiB/s, done.
Resolving deltas: 100% (68/68), done.

• Use the cd command to enter into adbsploit.

root@kali:/home/iicybersecurity# cd adbsploit/
root@kali:/home/iicybersecurity/adbsploit#

• Now, use this command to install the dependencies python3 setup.py install

root@kali:/home/iicybersecurity/adbsploit# python3 setup.py install
running install
running bdist_egg
running egg_info
writing adbsploit.egg-info/PKG-INFO
writing dependency_links to adbsploit.egg-info/dependency_links.txt
writing entry points to adbsploit.egg-info/entry_points.txt
writing requirements to adbsploit.egg-info/requires.txt
writing top-level names to adbsploit.egg-info/top_level.txt
==============================================================================================SNIP==========================================================================================================================
Using /usr/lib/python3/dist-packages
Searching for urllib3==1.25.9
Best match: urllib3 1.25.9
Adding urllib3 1.25.9 to easy-install.pth file
 
Using /usr/lib/python3/dist-packages
Searching for idna==2.10
Best match: idna 2.10
Adding idna 2.10 to easy-install.pth file
 
Using /usr/lib/python3/dist-packages
Finished processing dependencies for adbsploit==0.1

• Next, use this command to launch the tool, adbsploit

root@kali:/home/iicybersecurity/adbsploit# adbsploit
adbsploit(none) >

• Type “help” to find all the options.

• To use the ADBSploit tool, follow these steps to enable developer/USB debugging mode.
  • Settings -> About Phone -> System Information -> More -> Build Number
• Next, tap on build number more than 7 times, to enable developer mode and move to Setting -> Developer Options -> Turn on USB debugging mode.
• Now, connect target mobile to the hacker’s machine using USB cable then choose File transfer option to connect the machine and connect the target device
• Now, use this command “devices”

adbsploit(none) > devices
┃ Device detected ┃ Model    ┃ Name  ┃ Device ┃
│ 1e4a1d127cf4    │ Redmi 4A │ rolex │  rolex │

• Now, use “select” command and “enter the device series“ to access the target device

adbsploit(none) > select
[+] Enter the phone serial
 └──> adbsploit(select) > 1e4a1d127cf4
Selected device: 1e4a1d127cf4
adbsploit(1e4a1d127cf4) >

• Successfully connected to the device.
• Use the “list-app” command to view the applications on the target device.

• Use “logs” command to view the previous activities. It can display all or we can select for a particular package.

• Next, use “shell” command to access the target device via shell.

adbsploit(1e4a1d127cf4) > shell
rolex:/ $ ls
acct bt_firmware cache   config d    dev etc      mnt persist property_contexts root sdcard  sys    tombstones
bin  bugreports  charger cust   data dsp firmware oem proc    res               sbin storage system vendor
1|rolex:/ $ cd sdcard/
rolex:/sdcard $ ls
Android DCIM Download Fonts MIUI Movies Pictures WhatsApp WhatsApp Business dctp did joox_for_third wlan_logs

• Here, we can view all the victim’s data.

• Use the “recovery-mode” command to recover or wipe data from the device.

adbsploit(1e4a1d127cf4) > recovery-mode
└──>Entering in recovery mode…

• Successfully entered Into recovery mode.

• Use “netstat” to view the connection details.

Conclusion

As we saw how we connected and accessed the target’s android mobile by using ADB (Android Debug Bridge) and adbsploit hacking tool.

The post ADBSploit tool for exploiting and managing Android devices via ADB appeared first on Information Security Newspaper | Hacking News.

Can you imagine creating a backdoor on Android using ADB (Android Debug Bridge). Suppose you want to spy on our friend’s mobile connected on any network, this tool will be the best to monitor/control the device. In the earlier post researchers of International Institute of Cyber Security demonstrated Android mobile hacking with ADB. Spanish version of the same can be accessed from Noticiasseguridad.

Now, coming to the scrcpy, this tool is a screen mirroring and open-source tool for all android devices. To use this tool, we required  ADB (Android Debug Bridge) on hackers machine and USB debugging option must be enabled on the targeted device. This does not need root access on mobile.

Environment

• OS: Microsoft Windows [Version 10.0.18363.959], 64 Bit

Installation Steps

• Click On Download to download the File.
• After downloading, create a folder and extract the file.

Execution Steps

• Before using scrcpy tool, we have to turn on debug mode in the android device. To turn on debug mode first, we have to enable the developer mode.
  • Follow these steps to enable developer/USB debugging mode.
    • Settings -> About Phone -> System Information -> More -> Build Number
  • Next, tap on build number more than 7 times, to enable developer mode and move to
    • Setting -> Developer Options -> Turn on USB debugging mode.
• Now, connect the target mobile to the hacker’s machine using USB cable then choose the File transfer option to connect the machine and connect the target device.
• Next, open CMD then move to scrcpy path and use this command adb tcpip 5555

C:\iiCyberSecurity\adb>adb tcpip 5555
* daemon not running; starting now at tcp:5037
* daemon started successfully
error: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.

• Now, we will get a prompt on the target device. Click on ok to approve and again use the same command to verify  

C:\iiCyberSecurity\adb>adb tcpip 5555

C:\iiCyberSecurity\adb>

• Now, unplug target’s USB cable from the machine and use this command adb connect <IP>:<Port>
• To check the target’s IP address follow these setps Settings -> About Phone -> Status -> IP address.

C:\iiCyberSecurity\adb>adb connect 192.168.0.23:5555
connected to 192.168.0.23:5555

C:\iiCyberSecurity\adb>adb

• Here, we successfully connected to the target device.
• If the target is on 3g/4g/5g link, we will need his/her mobile public IP address.
• Now use this command scrcpy.exe to screen mirror the target’s device.

• In the same way, we can see the log files on CMD (Command Prompt).
• After, connecting to the device. We can monitor each and every activity on the victim’s mobile.
• Here, we have a few options to control the victim’s device.

• Using this shortcut options we can control any android device.

Conclusion

As we saw on how to create backdoor on Android Using ADB and take control to monitor the targeted android device. It makes it easier for hackers to take control. So it is always recommended not to give your mobile to anybody. Giving your mobile for few minutes can also be unsafe.

The post Create Backdoor on Android Using ADB (Android Debug Bridge) appeared first on Information Security Newspaper | Hacking News.

Android Architecture –

Hardware Components :-

• Hardware components interacts with the drivers to interact with the upper layers. When any signal is received from any end-user application, this layers converts signal from hardware devices to soft layers. For eg. – calling system. Same way Cameras, Wifi, Antenna’s, & other devices works. Mostly Android uses ARM processors.
• ARM is used to design architectures & instruction sets which is then gives licenses to chip manufactures companies. Who designs the chips for mobiles. For ex – Qualcomm sells Snapdragon which is now seen is most android devices is the popular chip manufacturing company.
• Some another companies like – Mediatek, ARM, Qualcomm Snapdragon, AMD, Nvidia, Samsung, IBM, Broadcom INC & Intel which create chips specially for computes.

• ARM is most used hardware in android devices. For checking your android mobile processors. Use CPU-Z applicaion : https://play.google.com/store/apps/detailsid=com.cpuid.cpu_z&hl=en_IN

• ARM is based on RISC (reduced instruction set computer) which is designed to perform million of instructions at higher speed. Since instruction requires fewer transistors which make them cheaper to design & produce.
• Most of the instructions are completed in one cycle, which can allow processor to handle more instructions at same time.

Linux Kernel :

• Linux kernel is main component which is responsible for connecting with android libraries, android framework, end-user applications. Linux kernel act like level of abstraction (Level of Abstraction – the highest level with less details & lowest level with high details). It is important to note that android runs entirely on Linux kernel.
• For checking Linux kernel version in any android mobile. Go to About Phone/ About Device section in settings. There you will see Linux kernel version.

Android debug bridge (adb)

• Android debug bridge (adb) is a command line tool that enable users to access device internal files. ADB commands gives variety of commands which can help in debugging of apps. Adb act like client-server program which includes three main components:-
  • Client – Client is used to interact by sending an commands to adb. Here we can use computer as client by connecting it with mobile.
  • Daemon (adbd) – Daemon runs the command on mobile. It provides service for the objects which are running.
  • Server – Server manages the communication & services between daemon & the client. Server runs on background process on your mobile.

For Accessing ADB (Android Debug Bridge) :-

• If you download & run terminal emulator on non rooted devices. Adb command will not work. As terminal emulator needs superuser permission. And superuser permission can only be granted if the device is rooted. So adb command will return with adb not found. If you run adb in recent android versions on non-rooted devices. adb will not found, as shown below. According to Ethical hacking researcher of International Institute of Cyber Security, Companies regularly updates the security patches to block admin access.

• From mobile – Use Terminal Emulator application for accessing android shell. Download the application : https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en_IN
• For using all features of android shell. Your mobile must rooted.
• Ensure that terminal emulator application is granted in Superuser.apk or Kingoroot superuser.apk
• Type adb root for getting root access in terminal emulator.

• For knowing the kernel version. uname -a

• ADB From computer – Download the file on your computer for accessing mobile using ADB from your computer: https://forum.xda-developers.com/showthread.php?t=2588979
• Download version 1.3. Install & run the program. Enter Y & press enter.

• Enter Y

• Enter Y, An popup will appear to isntall adb.

• Install adb & your computer will be configured to run adb shell in windows command prompt.
• For running open cmd as administrator.
• Connect your device with computer. Make sure the device drivers are installed on your computer. For testing we are using rooted samsung galaxy grand neo plus I9060. Download driver for this model from : https://www.samsungusbdrivers.net/2017/02/samsung-galaxy-grand-neo-2014-usb.html
• Open CMD as administrator. Type adb devices

• Above you will see list of available devices. You can get the kernel version of your android mobile through computer. Type adb shell for knowing the kernel version.

• Above screenshot shows the kernel version of your android mobile.
• Adb has lot more features. adb is even used while developing applications.

POWER OF ADB (ANDROID DEBUG BRIDGE)

Know the Wifi Password :-

• For knowing the password of connected wifi network.
• Enter the following command on the adb shell we got in the last steps- cat /data/misc/wifi/wpa_supplicant.conf Supplicant.conf stores the wifi password in plain text form.
• For security reasons we have hide the username & password.

• Above screenshot shows the username – ssid password – psk.

Backup Your Files with adb :-

• Type adb backup -all -f E:\backup.ab
• -all will backup all configuration of your device.
• E:\backup.ab is the backup file.
• After entering above command. Press enter & pop up will appear in your mobile to encrypt that file with a password. enter the password.

• Above you can see that backup file has been saved in desired location. You can save different files. But it will only save the configuration of that application.
• Different formats:
  • .apk will only save its configuration
  • .obb will save obb files.
  • .shared will save sd card files.

Restore Backup Files :-

• Type adb restore E:\backup.ab

• Above file has been restored to your mobile device.

Install Multiple Applications :-

• If you want to install multiple applications in your device. Enter following command.
• Type For %f in (E:\android_apps*.apk) do adb install “%f”

• Above screenshot shows that three applications has installed into your device.

Copy Any Application From Your Phone :-

• First of all applications of your mobile. Enter adb shell pm list packages will list all the applications of your mobile.
• According to the ethical hacking researcher of iicybersecurity, you can use the to find any spy apps in your mobile phone.

• For extracting application type adb shell pm path com.package /data/app/com.sec.android.app.samsungapps-1.apk
• com.package– You can enter any package name.
• Enter the location of the application.
• For finding location. Open another cmd as administrator.
• Connect your device with adb. Type cd /data/app

• Then run below command.

• For pulling out the apk. Type adb pull /data/app/com.sec.android.app.samsungapps-1.apk E:\application

• Above screenshot that application has pulled out in your local computer.

• Above is the application which has been pulled out from device.

Gather Information about the device :-

• This command show all the details of the device. Including running services, dump of blue in screen, account details & many other details of mobile.
• Type adb shell dumpsys or type adb logcat

• Above command shows lot of information about the device. This command can be used in gathering information which can help in many phases of cyber forensics.
• For searching any particular service. For ex – Type adb shell dumpsys battery

• Above screenshot shows the information about the battery. Including its voltage with company name of the battery.

Linux Libraries/ Android Runtime :-

• Android libraries are on the top of linux kernel. Android library are responsible for playing or recording videos, audios with defined formats. Some common native libraries like – Media, Webkit, SqLite, OpenGL, FreeType etc. Android library consists of Java-based, C/C++ library.
  • Open GL Library – Its an cross platform application program used to create graphics.
  • Webkit – Its provides the function to display web content to shorten the page load.
  • Media Framework – This library provide to play or to record audio & video.
  • Secure Socket Layer (SSL) – This library is used to provide internet security.

The post ANDROID MOBILE HACKS WITH ANDROID DEBUG BRIDGE(ADB) – Part I appeared first on Information Security Newspaper | Hacking News.