[Q] Security question - network access / streamhunter.tv - Android Q&A, Help & Troubleshooting

I accidentally installed what I think is malware from this site - streamhunter.tv (BE CAREFUL!)
I did a scan (using lookout) of the apk that automatically downloads when you visit that site but there doesn't appear to be obvious damaging characteristics to the file.
Now, that apk file requested full internet access. I suppose the question is - can an application that only has internet access also read your files etc on your phone? Should I change all my passwords just in case?
Thanks

Related

SMS Database Android

Hi,
I'm trying to create a desktop (java based) application that extracts SMS from an android device and prints the SMS onto a relational database. I just have a few questions......
/*Answer Found*/
After research I found out that the SMS are stored in a database. I've been pointed in various directions, but the most common is directory is com.android.provider.telephony.SMS although I can't actually find it on my phone. My phone is rooted and I'm looking for the file using a "File manager" app from the Play store.
So my first question would be "Where is the SMS database stored"? I'm assuming it's the same place for all phones as long as it's android based. Please correct me if I'm wrong......
I'm aware the database will be encrypted. Does anyone know what type of encryption is on the database, and if so - is it easy to crack?
Thanks in advance,
Wazza
Update: OK - So it turns out the file explorer I was using was a bit......naff. I've downloaded another and am now able to see the relevant DB.
My idea was to run the developers USB debugging mode onto the computer and extract the DB like that - However, the folders / files being shown when it's plugged into the PC are those on the SDCARD. (I believe this is the level above root?).
Update 2: Seems as if I jumped the gun posting this topic. A few more hours research and I've got to where I need to be.
For those who don't know - this is how I did it.
Plugging your phone into the PC and selecting USB Debugging mode temporarily disables the "SDCARD" on your phone so you can't tamper with it whilst uploading files via the PC.
I downloaded a file manager that allows the user to view root access files / folders. I then found the mmssms.db, copied it and pasted it into a folder on the "SDCARD". I was then able to plug the phone into USB Debugging mode and transfer the database file from the phone onto my desktop.
My next challenge is viewing the database. As started in the OP, I'm aware the database is most likely encrypted. How would I go about breaking this encryption and viewing it on a database.
:good:
If you want to make backup of SMS, just use SMS Backup & Restore. It will export your database to xml file.
przemcio510 said:
If you want to make backup of SMS, just use SMS Backup & Restore. It will export your database to xml file.
Click to expand...
Click to collapse
Thanks przemcio but I'm doing it as a project. I don't want the easy way around

[Q] Android Phoenix LG help.

So call me paranoid, but I have a number of questions on security and log/ user monitoring. A while back I was using my neighbor's network via wifi and long story short I felt almost like my androids apparently were acting funny and since resetting it and using my own 3g network don't seem to have the same issues. I use a LG Phoenix I got new in late 2011. What are some foreign hacking files to look for? I found a file with es file explorer named monkey... long story short what are some log and user monitoring apks that let me see foreign controllers changes and information logs and if my data is going anywhere I can see where its going, and lets me fully secure my phone. Please even if I have to delete factory files my phone is rooted and I use es file explorer not much of a hacker for now. Please understand. Also is there a way to save directly to my Google Drive? Maybe even run apps with data via gdrive? What are some things to check if a hacker added programs to my phone what are some files apks etc to look for thanks. What I meant about downloads is changing my android download directory path to directly automatically by default download to my gdrive cloud, if there's a way please share. Thank You.

[Q] KitKat Keystore/Keychain?

I've installed the OpenVPN client on my Moto G, and imported the pkcs#12 file into the Keychain, as recommended in the doc.. Where did the file actually go - I expected it to appear in Settings -> Security -> Trusted Credentials, but it isn't there?
In Trusted Credentials under the User tab there's an entry 'Myhome changeme'. It appears to require me to do something - to change it in some way. Do I actually need to do something?
Is there an 'Idiot's Guide' to Trusted Credentials and the Keystore/Keychain for Android, that someone can point me to, please?
Jim

[Q] Windows Phone 8.1 WhatsApp backup/restore

I've seen some threads about accessing the WhatsApp messages backup database files on iPhone, Android and older Windows Phone versions (7.x). However, none of the methods seem to be compatible with the WhatsApp messages backup database file found on Windows Phone 8.1. I am looking for a way to either extract/decrypt or restore an older messages backup database. Tried so far:
- Place messages.db file on SD card and reinstall WhatsApp. WhatsApp does NOT find the backup on installation. It only restores the most recent chats (not the ones from the backup file)
- Tried available tools for iPhone/Android (Python scripts with crypto 5/7/8). Database format is incompatible
- Tried opening the database file directly in Microsoft Access, SQLite Browser. Unrecognized file format
- Tried the Zune/WP Device Manager approach. Seems to work only with Windows Phone 7.x, Windows Phone 8 is not seen by the tool
- Tried Windows Phone Power Tools to access Isolated Storage for the WhatsApp app, but access to an apps isolated storage is not possible in Windows Phone 8 anymore.
- Tried the WhatsApp Xtractor, but it contains the same iPhone/Android python scripts that don't work with the Windows Phone version
- Even tried asking WhatsApp support directly, but they have not given any response yet
Can any WhatsApp / encryption wizard please help me out. I am more than willing to reward/tip you for it if the solution works!
i have the same problem ,pls pls pls tell me about the solution thx
Given that you already enabled full FS access on your phone or have control over an app wich has the ID_CAP_OEMPUBLICDIRECTORY capability, you can extract the unencrypted sqlite database from C:\Data\SharedData\OEM\Public\WhatsApp.
The structure of the database is quite complex (I suppose it grew over the years), but not too hard to understand.
However, I have no experience in using this mechanism as a backup/restore solution.
Source: blackhat . com/docs/ldn-15/materials/london-15-DeFulgentis-Witchcraft-For-Windows-Phone-Breakers.pdf page 68f
Sorry for broken link, I'm a new member.
I realize this is a pity, I want the Microsoft support seriously and updating applications
If you do not want to unlock / flash your phone in order to enable the full FS unlock, you can try the hack as shown in the Blackhat slides posted above.
It works by replacing an apps' core files with your own, but keeping the capability restrictions of the original app. (Use http://forum.xda-developers.com/win...p-customwpsystem-patch-xaps-wpsystem-t2975419 for example)
So just target an app with ID_CAP_OEMPUBLICDIRECTORY, deploy your custom payload and use it to copy the WhatsApp files somewhere.
Given the full FS access, is there any way to access the Whatsapp key file like on Android. That's what you would need to access the backup files instead of the unencrypted current message database, which is easily opened as SQLite database?
Hello ... I'm new here ... just wondering if there is any answer to this question ... I know it's not a recent discussion, but I really need some help from you guys. I have a wp where whatsapp is installed, but it's asking for verification and I dont have no more the sim card related to that account ... I saw chats, but then I made a huge mistake (opened whatsapp while I was online) and now I cannot access to those anymore ... I have messages.db but I'm unable to retrieve the key to decrypt that ... there are tons of posts about similar issue on android or IOS, but I need the same for WP ... is it something someone can drive me through? Thanks a lot in advance
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
jumpz said:
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
Click to expand...
Click to collapse
The files in C:\Data\SharedData\OEM\Public\WhatsApp seem to be encrypted as well … Or can you just not open them with a standard SQLite viewer?
weaselmc said:
The files in C:\Data\SharedData\OEM\Public\WhatsApp seem to be encrypted as well … Or can you just not open them with a standard SQLite viewer?
Click to expand...
Click to collapse
No, these files are indeed encrypted.
The winwazzapmigrator software did a good job migrating my database to a new android phone.
Tool to access file system on Windows 8.1 mobile
jumpz said:
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
Click to expand...
Click to collapse
Can anyone help me with a tool to access the file system where app files are stored on a windows 8.1 mobile?
me too
PritiM said:
Can anyone help me with a tool to access the file system where app files are stored on a windows 8.1 mobile?
Click to expand...
Click to collapse
I do have the same request...

Security of Samsung Secure folder

Hello,
I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.
I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:
1. Kaspersky app can automatically start with the system. After restarting the phone without entering Secure Folder password, somehow Kaspersky manages to autostart itself even though the Secure Folder wasn't unlocked after starting the system. I can see it as the app is displaying its banners. How is it able to start automatically with the secure folder being locked?
2. The Kaspersky app that should run only within secure folder is able to scan system-wide settings outside of secure folder. The app has a feature called weak settings scan and it's somehow able to detect a lot of system-wide settings - like password visibility, developer options being enabled etc.It's also able to read the main, non-secure folder Google account used for the phone. How does it do this?
The above permissions given to the apparently secure folder-installed app indicates that there's a very limited isolation provided by Secure Folder.
Could you please clarify how the app is able to do the above things?
Is secure folder really secure? Would installing a malicious app in SF limit the infection to SF only?
Thanks,
Jonah

Categories

Resources