My First Android application WIFI Recovery has now been published to the Android market!
Read all about it at its own page!
More apps on the way!
Tag Archives: android
Logitech Revue Unboxing
Google was nice enough to provide me with a free Google TV as part of their 10,000 free Google TVs for developers. Below is the unboxing, see the item descriptions.
The Unopened box
Back of the box
Removing the top of the box relieves the keyboard.
Removing the keyboard shows you the actual Revue itself.
All of the contents of the Logitech Revue box: Revue, Keyboard/mouse, HDMI cable, Bower cables, IR Blaster, and a welcome card.
The IR Blaster.The Revue also has 3 IR blasters built into it.
Enjoy!
The remote and Revue
Rear ports.(from left to right)Pair button, HDMI in, 2x IR out, 2x USB, network, HDMI out, Optical audio out, power.
The Application menu
The Twitter app. Very basic
OS Version/Info
The Chrome web browser with search
Yes, this is real.
This device looks promising, However I felt like it was lacking. But when Google Released the android app market for it in 2011 things should be much different. If you watched the entire sideshow you will notice that I already started tinkering with it
Android WiFi Sniffing
Android devices, while unable to put their wireless cards into monitor mode, can still be used to sniff wireless traffic. they are just limited to traffic that goes through them. So to get data to pass through your android device other than its own data we need to have it act as a rogue access point. A rogue access point is an AP that you will control and have your “clients” or *cough”victims*cough* connect to. android 2.2 has this ability to act as a mobile hotspot built in, 2.1 and earlier version will need Wireless Tether for Root Users. I actually prefer the 3rd party app the Android’s built in ability as it offers many more features. And in case this was not obvious from the start, you will need root to preform anything in this article.
The trick to make clients connect to your rogue AP is how you name it, If you are at *bucks then naming it “*bucks free wifi” might be a good idea, however *bucks and many other WiFi hotspots go through “AT&T’s global WiFi network” which is named “att wifi”, so naming your SSID “att wifi” would be even better, because you will get new connections, and you may even be able to have some existing connections re-conect to you if your signal is stronger, and it probably will be because you will be near everybody else vs. their AP somewhere in the back room.
Capturing Packets the Easy Way
If you don’t want to mother messing around with any command lines then luckily there are some nice apps that can handle packet capturing for android. First I want to mention Packet Sniffer. Packet Sniffer is a very crude app (and is in desperate need of a GUI overhaul), but is does offer the ability to sniff bluetooth, however I had no luck getting it to work.
The program that I want to praise is Shark for root. Shark utilizes tcpdump to save .pcap files of the traffic going through the phone, and it works flawlessly. the author even wrote Shark Reader to view the .pcap files on android, however you will most likely want to view them on Wireshark on a desktop.
Capturing Packets the Fun Way
If you installed Debian using this article, or some other method then you can use many more Linux tools. Once you get the traffic you want going through your phone you can install and run any Debian app you want. I will cover two.
Dsniff
Install:
apt-get install dsniff
Running:
In the above screenshot you can see dsniff capturing my username (root) and password (secret) when I logged into my router at 192.168.1.1 (I changed my password since then)
Ettercap
Ettercap is quite a bit more advanced that dsniff, and I will not teach you how to use it in this guide, you can learn more here.
Install:
apt-get install ettercap
Start:
ettercap -C
The -C option starts it in the TUI mode. (Text user interface). Ettercap can do everything dnsiff can, plus more, it was built for man-in-the-middle attacks, much like the one we are doing here with android.
Conclusion
Now that more and more people are getting smart-phones, this type of attack is becoming easier to pull off. And with everybody’s wireless devices always looking to connect to the global “linksys” or “NETGEAR” this becomes very practical. Anything that goes unencrypted over the air-waves could potentially be seen by others, even the inconspicuous guy in the corner plating on his phone
And in case this was not obvious form the start, DON’T BE AN IDIOT. This article was written for information purposes, anything stupid you may do with this information is your own doing not mine.
Update 1/04/2012:
Recently there has been an explosion of ARP mitm attack type programs for android (all require root) Some good ones are:
Install Debian on Android
This is a minimalistic how-to to get a Debian environment running on almost any (rooted) android phone. I adopted the method here: http://www.saurik.com/id/10 to be more universal and added some new features.
Preparing the Debian Image
You will need access to a computer dunning a Debian based distribution to create the image for you phone. I used Ubuntu 10.04. To create the image you need to install a program called debootstrap. debootstrap will allow you to create a mini Debian install in your image.
After installing debootstrap you will need to create a filesystem image for android to use and for debootstrap to install Debian to. You can use the dd command to create the image. In my example below I made a 800MB image. Once the image is made you need to format it to a Linux file system.
Once your image it formatted you should mount it and then run debbootstrap.
Below are my example commands, you may want/need to change them to fit your environment. Such as the Debian mirror, file size, etc.
sudo -s apt-get install debootstrap dd if=/dev/zero of=debian.img seek=838860800 bs=1 count=1 mke2fs -F debian.img mkdir debian mount -o loop debian.img debian/ debootstrap --verbose --arch armel --foreign lenny debian http://ftp.us.debian.org/debian umount debian/ rm -r debian/
Preparing the Debian boot script
Below is my Debian boot script (named bootdebian). I created it off the boot Ubuntu script for the HTC Droid Incredible, but modified it. My script includes the ability to become root if you are not already root, and it will mount your Incredible’s SD card and internal memory inside Debian so that you can easily move files in and out of your Chrooted environment. I also fixed some small errors on the other script. If you are not using the HTC Incredible you will want to change lines 38-47 to reflect your phone’s memory mount points.
EDIT 10/18/10:
Not everybody’s phone will use “/dev/block/mtdblock3″ for the /system mount point. Type the mount command to see what the proper mount point is on your device. The one used in this guide is for the HTC Incredible.
if [[ $EUID -ne 0 ]] then echo "Becoming ROOT!" su -c bootdebian exit 1 fi echo "Mounting system as R/W" mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system echo "Setting some stuff up.." export bin=/system/bin export img=/mnt/sdcard/debian.img export mnt=/data/local/debian export PATH=$bin:/usr/bin:/usr/sbin:/bin:$PATH export TERM=linux export HOME=/root if [ ! -d $mnt ] then mkdir $mnt fi echo "Mounting the Linux Image" mknod /dev/block/loop5 b 7 0 #may already exist losetup /dev/block/loop5 $img mount -t ext2 -o noatime,nodiratime /dev/block/loop5 $mnt mount -t devpts devpts $mnt/dev/pts mount -t proc proc $mnt/proc mount -t sysfs sysfs $mnt/sys echo "Setting Up Networking" sysctl -w net.ipv4.ip_forward=1 echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf echo "nameserver 8.8.4.4" >> $mnt/etc/resolv.conf echo "127.0.0.1 localhost" > $mnt/etc/hosts echo "Mounting sdcard and emmc in /mnt" if [ ! -d $mnt/mnt/emmc ] then mkdir $mnt/mnt/emmc fi busybox mount --bind /mnt/emmc/ $mnt/mnt/emmc if [ ! -d $mnt/mnt/sdcard ] then mkdir $mnt/mnt/sdcard fi busybox mount --bind /mnt/sdcard/ $mnt/mnt/sdcard echo "Entering CHROOT " echo " " chroot $mnt /bin/bash echo " " echo "Shutting down CHROOT" umount $mnt/mnt/emmc umount $mnt/mnt/sdcard sysctl -w net.ipv4.ip_forward=0 umount $mnt/dev/pts umount $mnt/proc umount $mnt/sys umount $mnt losetup -d /dev/block/loop5 mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
Now move both the above script and the debian.img file you made to your phone’s memory card.
Finishing up the Image
Now we need to finish up the install on your phone. Open the terminal app you plan to use on your phone, I recommend ConnectBot. First we will re-mount the system partition as Read/Write, them move out bootdebian script over, make it executable, then remove it from the SD card. Then we run the bootdebian script and run the second stage of debootstrap.The second stage of debootstap will take a while, it took me 15 minutes, let it run. Once debootstrap has finished we will add the official Debian repository into the system, then use apt-get to remove the files left over by debootstap. Here are the commands:
su mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system cat /sdcard/bootdebian > /system/xbin/bootdebian rm /sdcard/bootdebian chmod 777 /system/xbin/bootdebian bootdebian /debootstrap/debootstrap --second-stage echo 'deb http://ftp.us.debian.org/debian lenny main' > /etc/apt/sources.list apt-get autoclean apt-get update exit
You are done!
Now you can run “bootdebian” anytime from your phone’s terminal to enter a full Debian system. You can apt-get install any Debian package that has been compiled to armel. 
If you want to go further you can install X, and a VNC server. This would allow you to VNC into the Debian system from your phone giving you a full X environment.
Now go enjoy your full Linux distribution on your phone!
HTC Incredible Video Out
I recently got a HTC Incredible to replace my aging LG Chocolate. One feature of the Incredible was video out. Specifically the ability to output composite video to a TV. The cable was first demoed by WireFly here: http://www.youtube.com/watch?v=eJyt463AoOA And since then threads like these have started trying to hunt down the cable. And it looks like one day it may be sold Here or Here. But for the time being this cable is not being sold anywhere, and there is a rumor that it may never be commercially sold.
Luckily smokeynerd over at XDA Developers made a cable for himself and got the pinouts of the extra 7 pins in the Incredible’s Micro-USB port. See this thread: http://forum.xda-developers.com/showthread.php?p=6647344. With this information I set out to make my own cable. My first attempt was just to verify that it worked, and it was a success. I used alligator clips and needles to make the connection to the video out and ground. But this was not a practical solution because I needed to hold the needles in just the right place so that they would make contact.
Now that I knew that it worked I set out to find something a little more practical. I found a ribbon cable that was just the right size and had the correct pin alignment in an old laptop, (By old I mean it was so old it used the same processor as a desktop, think under 100Mhz). Without thinking twice I scrapped the laptop and used the cable. This ribbon cable was not enough on its own, I also used a standard micro-usb cable to hold it in place, which also allowed the Incredible to charge/sync while the video out is in use. I used two alligator clips much like I did the first time to make the connections to the TV. Below you can see the ribbon cable and micro-USB.
Here is a video of the final result:
It works, but I will still be looking into improving it, specifically removing the need for alligator clips. I also noticed that a few pixels are being cut off. This is not a limitation of my cable, this is probably software related, but could possibly have something to do with the Incredible’s video out hardware. When In landscape mode about 5 pixels are missing from the left and when in portrait, both the top and bottom are being cut off. There are also bars on the TV (At least on mine) that go around the entire image, reducing the Incredible’s viewing aria. I was also unable to get the audio to work via this connector, and the Incredible disables its speaker when using video out, however the headphone output still works.
UPDATE: I was able to fix the missing pixels and bars by adjusting my TV’s “picture size”. But I need to re-adjust it every time it switched from landscape to portrait or vise-versa. Hopefully this is just a problem with this particular TV. Below you can see the Phone’s screen without any bars or missing pixels on my TV.
More To Come Soon
Links