Jump to content


Photo
- - - - -

Making the most of Android


  • Please log in to reply
31 replies to this topic

#1 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 05 March 2010 - 12:10 AM

I just ditched my dumb phone for a nice new smart model, specifically the HTC Droid Eris, and like a good BinRev member my first thought was "let's hack it" - my second thought was of breaking an expensive phone and Verizon ripping me a new one, so my third thought was "let's hack... with it?"

I'm having strangely bad luck with google lately, my google-fu is usually much stronger than this, but I'm looking for good security and pen-testing apps for Android, if such apps exist. Any good suggestions for what infosec-related tools I should be carrying around on my new toy?

#2 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 05 March 2010 - 01:03 AM

I just ditched my dumb phone for a nice new smart model, specifically the HTC Droid Eris, and like a good BinRev member my first thought was "let's hack it" - my second thought was of breaking an expensive phone and Verizon ripping me a new one, so my third thought was "let's hack... with it?"

I'm having strangely bad luck with google lately, my google-fu is usually much stronger than this, but I'm looking for good security and pen-testing apps for Android, if such apps exist. Any good suggestions for what infosec-related tools I should be carrying around on my new toy?


First question is, did you install your own version of Android on it?

I do not own an Android phone, but I got trained for Android development. With some work, I'm pretty sure you could port a lot of applications to it. Normally all applications have to be written in Java, or at least partially in Java, with native code being called from JNI bindings. However, I think there's a book out there that explains how to compile binaries that do not need to be called from Java applications, but then it has to be launched from the command line (through some remote shell when it's connected to a computer). Anyway, there is a lot of space for hacking on that type of device for sure. You can compile Android from scratch if you want, so that gives you a lot of opportunities.

#3 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 05 March 2010 - 01:16 AM

No, I'm pretty much working with what Verizon gave me. There's still room to play of course, the phone is less than a day old at this point so I've barely even scratched the surface of what it came with, letalone what I could do with it.

I didn't see in your response, maybe I'm just not looking close enough, but what would the benefit be to installing my own version of Android? Is the version that came with the phone somehow locked down in ways that a reinstall would fix? There's so much information out there on jailbreaking the iPhone but there's just so little for Android aside from "top X apps for thing Y" lists.

It's good to know that most of the apps are written in Java, I'll have to look into learning a bit more Java. In the meantime do you know if there are any already existing apps that I can play with? I'm sure the hardware limits what you can do pretty harshly (i.e. I doubt the built-in wifi supports monitor mode or packet injection) but there should be something out there for wardriving, lan scanning, etc. Honestly I'd be happy enough if I could wardrive with the thing in my pocket (warwalking?)

#4 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 05 March 2010 - 01:20 AM

I was going to mention the Java thing but Aghaster beat me to it. Google <3 Java...Android, and upcoming Chrome will use it as the primary language. However, I just want to point out that if I remember correctly Android isn't running full Java but ME which is heavily reduced so compatibility might not be as obvious.

Anyway, I'm jealous you have one. I have about another year left on my Blackberry contract. They're not too bad either and they also love Java. It's relatively easy to program programs for the Blackberry but you don't have nearly as much control as you do with an Android since as Aghaster has stated you can compile your own flavor if you want.


#5 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 05 March 2010 - 07:33 AM

No, I'm pretty much working with what Verizon gave me. There's still room to play of course, the phone is less than a day old at this point so I've barely even scratched the surface of what it came with, letalone what I could do with it.

I didn't see in your response, maybe I'm just not looking close enough, but what would the benefit be to installing my own version of Android? Is the version that came with the phone somehow locked down in ways that a reinstall would fix? There's so much information out there on jailbreaking the iPhone but there's just so little for Android aside from "top X apps for thing Y" lists.

It's good to know that most of the apps are written in Java, I'll have to look into learning a bit more Java. In the meantime do you know if there are any already existing apps that I can play with? I'm sure the hardware limits what you can do pretty harshly (i.e. I doubt the built-in wifi supports monitor mode or packet injection) but there should be something out there for wardriving, lan scanning, etc. Honestly I'd be happy enough if I could wardrive with the thing in my pocket (warwalking?)


Haha, yes, the version of Android from your carrier is most likely locked. Did you try getting an adb shell yet? It's some special type of shell to access Android to run programs and copy files. Most of the time it's disabled by default, as allowing users that kind of access is not very interesting for companies used to lock their phones like crazy. You know why Android is successful, while it's not the first time Linux tries to make it to the smartphone market? It's because Google chose licensing that make it appealing to business people. People that talk in terms of $$$ are absolutely afraid of GPL, or even LGPL. However, what type of free software license do business people like? BSD-type of licenses. This is exactly what you have in Android. The only GPL left is the Linux kernel itself, and the kernel is in GPLv2, not GPLv3 (I doubt the kernel will change license, but still). The entire userland is GPL-free. They managed to do that by making a custom libc called bionic that is released under a BSD license. Ok, while all of this licensing makes Android very attractive to business people, it doesn't give you much protection of your freedoms. If you've been following the news about GPLv3, you probably know that one of the core changes is a clause to prevent "tivoization", or the process of complying to the rules of GPLv2 by giving users the ability to obtain the source code and modify it, but you add a mechanism to your device that will prevent modified code from running, effectively making the thing non-free. BSD licenses won't protect you against that, and GPLv2 was written at a time where they didn't think people would think of doing that. This is why your phone is most likely locked, as there is nothing that legally prevents carriers from trying to do so, and carriers love to lock their phones to keep tight control over their users.

One of my geeky friends owns an Android phone, and he installed he compiled the version of Android he is running on his phone. He bought his phone without a contract, and then got a service contract at Rogers Canada. Obviously, Rogers provide their own version of Android that they try to force on their users as it contains some additional crap to try to make them buy ringtones. Well, figure out that he's been spammed by Rogers for a couple of weeks (daily text messages) telling him that he needed to upgrade his firmware (Android). Obviously, he did not comply, until they blocked him from making calls (every call would just be redirected to Roger's help line). Here's the story: for MONTHS (since around October of November) a serious bug in the Rogers firmware was known to disable 911 calls when GPS was enabled. They only released a fix recently, and you know why? Because they thought that while taking the time to update the update the firmware of all the affected users, they could spend a little more time to add a new signing mechanism that is harder to get around in order to install your own custom version of Android. This is serious bullshit, as it looks like they prefer locking people down while not caring about putting their users lives at stake. My friend, having his own version of Android, had a fixed version long before a fix/lock from Rogers was released. Needless to say he was furious when they blocked him from making calls. He called the support line and argued with them. They told him that the government would be forcing him to upgrade his firmware and crap like that. It doesn't even make sense: Canadian law forces Rogers to provide 911 service to all their users, and they've been failing to properly do so in order to take the time to add new locking mechanisms in the update that would fix the 911 problem. Also, my friend didn't buy the phone with a contract, he bought the phone without contract and then just got a service contract with them. They can't force him to install particular software on a device they do not own. After some angry arguing, he finally won and he got his service back. This just proves that if you truly want your freedom with an Android phone, you must claim it, otherwise those companies won't wait long to try to lock you down as much as they can.

#6 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 05 March 2010 - 11:28 AM

I haven't rooted my Droid yet but I can recommend a few programs from the market.

G-Mon is a Netstumbler type program for Android. I haven't played with it much but you are supposed to be able to map WiFi access points with it.

Network Discovery finds hosts and shows open ports on WiFi networks.

WiFi Buddy helps you find and connect to WiFi access points.

I also recommend PdaNet for free tethering. It saves me $30 a month vs the Verizon tethering option. You can get PdaNet here.
http://www.junefabri...droid/index.php

#7 Colonel Panic

Colonel Panic

    Hakker addict

  • Members
  • 607 posts
  • Gender:Male
  • Location:IN YR BROWSER, SAYIN SUM SHIT

Posted 06 March 2010 - 06:02 PM

Just got a Nexus One, and I have to say it's a great phone. Several people (mostly iPhone owners) cautioned me against buying a 'first-generation device,' but the Nexus One is not really 1st-gen. It's running Android 2.1, an OS that has been tweaked and optimized over the course of several years now. Even the hardware is the result of years of development and expertise. HTC has been making mobile phones far longer than Apple has, and is the most prolific manufacturer of Android devices. Nexus differs from other Android phones mostly in specs and design. It's slightly smaller and lighter than the iPhone, and has even more potential.

The Nexus One's hardware is impressive. Straight out of the box, it's probably the most powerful smartphone on the market, and the OS is fantastic. The Nexus touchscreen UI isn't quite as sleek as the iPhone's, relying occasionally on menu navigation (something the iPhone has practically done away with), but it's nevertheless intuitive and fun to use. Android's integration with Google technologies (Voice, Mail, Maps, Earth, Docs, Translation etc.) is seamless. Android may not be able to boast as many apps as Apple, but anybody who's ever switched from Windows to Linux will tell you that when it comes to software applications, quality trumps quantity. There are a lot of very good programs, including a lot of ports from the iPhone side.

Because it strikes a comfortable balance between commercially-available functionality and user-modifiability, this device is a real hacker's dream. The Android SDK is free, apps can be developed in Java (a well-documented and well-supported language) and developers can distribute and monetize their apps without the absurd restrictions imposed by the Apple Store. Unlike the iPhone, you can even download and install various apps (Google-approved and otherwise) via the Internet. Best of all, it runs Linux so you can "root" it and install whatever custom firmware you like.

The only thing that really baffles me about this phone is, what the fuck is up with this goofy little trackball?

Here's a list of the apps I have installed on my Nexus:

  • Amazon (shopping)
  • Android IRC
  • Advanced Task Killer
  • Astro (file manager)
  • Barcode Scanner (get info on products and find locations for buying them, by scanning their UPC code)
  • BeerCloud (read information and reviews about commercial beers, and judge them yourself)
  • Bitblocks (like Tetris)
  • Brewzor (a calculator for brewing calculations)
  • Scientific Calculator
  • Google Earth
  • Facebook Contact (auto-import phone numbers, email, etc. from your Facebook friends directly into your phone contacts)
  • G-Mon (find and map WiFi network usage)
  • G-Mote (control media on your computer like a TV remote)
  • Google Goggles (snap a picture of objects in the real world - it'll identify and Google them. The name is an allusion to Todd Browning's Freaks)
  • Google Sky Map (augmented-reality astronomical night sky map that works with your phone's camera)
  • iTranslate (voice translation)
  • Labyrinth (roll-the-little-ball-through-the-maze-by-tilting-the-phone game)
  • Layar (augmented-reality platform with a number of different apps)
  • LED scroller (a scrolly-ticker thing with big lettering for displaying messages to people far away)
  • Listen (a podcast aggregator and player)
  • Meridian (a media player)
  • Movies (see reviews of movies, showtimes and locations)
  • Network Discovery (find and portscan wireless networks)
  • Nimbuzz (universal IM client)
  • NPR News (listen to touchy-feely NPR News in streaming audio ;) )
  • OpenTable (book restaurant reservations)
  • PdaNet (tether your phone to a computer--VERY useful!)
  • Photoshop.com (free, limited-function p-shop for mobile devices)
  • Portscan (take a wild guess...)
  • Ringdroid (edit audio files and export as ringtones)
  • Shazam (play it a song and it'll identify it, then help you buy the mp3 or album)
  • SNESdroid (SNES emulator -- not so great on a touchscreen interface, but still OK for certain games)
  • StopWatch
  • TrekKing (nationwide route planner for commuter trains and public transit systems)
  • Voice Search (Google-search spoken words)
  • WeatherBug Elite
  • Yelp (find entertainment, food and drink, read reviews, and locate the places on a map)

Edited by Colonel Panic, 06 March 2010 - 06:34 PM.


#8 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 07 March 2010 - 01:27 AM

You guys should give Swype a try. It is a faster and easier method of inputting text. Its a really sweet app. Its currently in beta so its not in the market, get it from the Swype web site. Download and check out videos of the app here.

http://www.swypeinc.com/

Edited by johnnymanson, 07 March 2010 - 01:35 AM.


#9 lattera

lattera

    Underground Shizzleness

  • Members
  • 511 posts
  • Gender:Male

Posted 08 March 2010 - 02:41 PM

The Droid Eris hasn't been rooted, yet. I've owned a G1 and a MyTouch 3G. I currently use my Nexus One. I bricked my G1, but I still have my MyTouch 3G, rooted. I Rooted my Nexus One as well. I love Android, and some would say I'm an Android fanboy.

Once rooting is an option for the Droid Eris, I'd definitely root it.

#10 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 935 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 09 March 2010 - 03:08 PM

you mean google didnt release a dev version of android for the eris? as if they did you could probbaly use the flashing utility for the g1, and press camera when you turn the phone on to access the bois to let you flash the rom. and apparantly you can get apt/dpackage for android and at that point theres no point in using the android aps.

#11 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 13 March 2010 - 03:58 AM

press camera when you turn the phone on to access the bois to let you flash the rom.


No physical camera button on the Eris :p

Thanks for the help folks, I've installed quite a lot of apps now and I'm loving it. I think I'll wait for a proven rooting tool to roll my own, it's actually doing pretty much what I was hoping it would now and I'm absolutely loving it. Had to tweak things a bit to get decent battery life out of the beastie but it's running like a charm now. And yeah, WTF is up with that trackball? You press it to snap a picture and it'll switch between your home screens but I've yet to see anything else actually use the stupid thing...

#12 Colonel Panic

Colonel Panic

    Hakker addict

  • Members
  • 607 posts
  • Gender:Male
  • Location:IN YR BROWSER, SAYIN SUM SHIT

Posted 14 March 2010 - 11:22 PM

You guys should give Swype a try. It is a faster and easier method of inputting text. Its a really sweet app. Its currently in beta so its not in the market, get it from the Swype web site. Download and check out videos of the app here.

http://www.swypeinc.com/

Thanks for recommending this, johnnymanson. I installed Swype and have found it a joy to use! Swiping words in the form of broad finger gestures is much easier than pecking at the virtual Android keyboard. The only time I find it to be a pain is when I'm entering all numerics like a phone or cc number. In those cases, all I have to do is touch-and-hold on the specific input field until the little menu pops up asking for my preferred input method. Then I just click "Android" and can jump back into a regular Android keyboard for entering that field. After I'm done entering the funky string, I simply touch-hold the next field and choose "Swype," and I'm back to swiping in words just as before.

If you have a Nexus One, or if you prefer using your phone's touchscreen keys (hell, this might be even easier and faster than typing on a physical keyboard) then I urge you to give this app a try.

#13 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 15 March 2010 - 12:21 AM


You guys should give Swype a try. It is a faster and easier method of inputting text. Its a really sweet app. Its currently in beta so its not in the market, get it from the Swype web site. Download and check out videos of the app here.

http://www.swypeinc.com/

Thanks for recommending this, johnnymanson. I installed Swype and have found it a joy to use! Swiping words in the form of broad finger gestures is much easier than pecking at the virtual Android keyboard. The only time I find it to be a pain is when I'm entering all numerics like a phone or cc number. In those cases, all I have to do is touch-and-hold on the specific input field until the little menu pops up asking for my preferred input method. Then I just click "Android" and can jump back into a regular Android keyboard for entering that field. After I'm done entering the funky string, I simply touch-hold the next field and choose "Swype," and I'm back to swiping in words just as before.

If you have a Nexus One, or if you prefer using your phone's touchscreen keys (hell, this might be even easier and faster than typing on a physical keyboard) then I urge you to give this app a try.


The Eris doesn't have a physical keyboard either, I'm going to go install this now, hopefully it's as awesome as y'all think it is :)

#14 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 15 March 2010 - 12:59 AM

swype doesn't appear to be available in the Market app... is this something I need to root my eris for?

#15 Belenos

Belenos

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts

Posted 15 March 2010 - 10:01 AM

swype doesn't appear to be available in the Market app... is this something I need to root my eris for?


Reread johnnymanson's post. Since the app is in beta, it's only available through the website, which is

http://www.swypeinc.com

And that should be enough to set you on the path. You don't need to root your phone for. Also, just a side note, I picked up the Droid, and my friend the Eris, and found both of them completely open, no rooting required. Are you sure your phone is locked up?

Edited by Belenos, 15 March 2010 - 10:01 AM.


#16 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 15 March 2010 - 11:17 AM

The Swype beta was closed when by friend tried to get in on Saturday morning. But there is a link to register for when it becomes available again.

I'm using a Droid which has a physical keyboard, but I don't use it anymore.

#17 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 935 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 15 March 2010 - 12:44 PM

No physical camera button on the Eris :p


thats the main problem with touchscreen devices lol.

#18 lattera

lattera

    Underground Shizzleness

  • Members
  • 511 posts
  • Gender:Male

Posted 15 March 2010 - 09:38 PM

The Droid Eris has finally been rooted. Good luck and have fun!

#19 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 16 March 2010 - 03:13 AM

Woot! I guarantee you I will have quite a bit of fun... Next weekend when I'm not too busy working XD

#20 Enmaku

Enmaku

    SUP3R 31337

  • Members
  • 163 posts
  • Country:
  • Gender:Male
  • Location:Las Vegas, NV

Posted 16 March 2010 - 03:50 AM

Well ADB works but I get the dreaded $ and su does not get me a # :p

That's OK, for most of what I want to do I don't really think I'll need root. I've got HTC Sync set up so I can install from APK files and I don't really feel like installing a whole new OS on this thing, at least not the buggy leaked 2.1 that those folks are working with. I'll just be happy with the ability to develop simple Apps that meet my needs and install them :)

Thanks!




BinRev is hosted by the great people at Lunarpages!