Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Probe Digital releases a long-distance IP zoom camera solution with high-magnification resolution.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
Android Application Structure :
Fundamental background knowledge is important for building any skill, and mobile hacking is no different. Android applications are written primarily in Java, Kotlin (transpiled to Java), and C++. When distributed, they use the .apk extension which stands for Android PacKage. An APK is really just a ZIP file containing all the assets and bytecode for an app. A typical unzipped APK structure looks like this:
myapp.apk
βββ AndroidManifest.xml
βββ META-INF/
βββ classes.dex
βββ lib/
βββ res/
βββ resources.arsc
Letβs briefly cover each of these:
AndroidManifest.xml
This is a compressed version of the AndroidManifest.xml file which contains all of the basic application information such as the package name, package version, externally accessibly activities and services, minimum device version, and more. The compressed version of this file is not humanly readable, but there are a couple of tools that are able to uncompress it, most notably being apktool (more on that later).
META-INF/
The META-INF/ folder is essentially a manifest of metadata information including the developer certificate and checksums for all the files contained within an APK. If you were to try and make changes to an APK without removing and re-signing this folder, you would get an error when installing the modified version.
classes.dex
The classes.dex file (sometimes there are multiple) contains all the compiled bytecode of an Android application. Later on, this is what we will decompile into Java source files.
resources.arsc
The resources.arsc file contains metadata about the resources and the XML nodes of the compiled resource files like XML layout files, drawables, strings, and more. It also contains information about their attributes (like width, position, etc) and the resource IDs, which are used globally by both Java and XML app files in the app. This file is compressed into a binary form that is read into memory during runtime. Apktool can also decompress these files and output them into a humanly-readable format for you to explore.
res/
The βresβ folder contains compressed binary XML versions of the resource XML files that are paired with the resources.arsc file during runtime to read images, translations, etc. These XML files are in the same binary format as the AndroidManifest.xml file and can be easily decoded with apktool.
lib/
Not all Android apps contain a lib/ folder, but any app with native C++ libraries will. Within this folder, you will find different folders per-architecture, each one containing .so files specifically compiled for that target architecture such as βarmeabi-v7aβ and βx86β. This is also why you cannot install an app on an x86 device without it providing x86-compiled libs (Google for βINSTALL_FAILED_NO_MATCHING_ABISβ).
β β β Uππ»βΊπ«Δπ¬πβ β β β
Android Application Structure :
Fundamental background knowledge is important for building any skill, and mobile hacking is no different. Android applications are written primarily in Java, Kotlin (transpiled to Java), and C++. When distributed, they use the .apk extension which stands for Android PacKage. An APK is really just a ZIP file containing all the assets and bytecode for an app. A typical unzipped APK structure looks like this:
myapp.apk
βββ AndroidManifest.xml
βββ META-INF/
βββ classes.dex
βββ lib/
βββ res/
βββ resources.arsc
Letβs briefly cover each of these:
AndroidManifest.xml
This is a compressed version of the AndroidManifest.xml file which contains all of the basic application information such as the package name, package version, externally accessibly activities and services, minimum device version, and more. The compressed version of this file is not humanly readable, but there are a couple of tools that are able to uncompress it, most notably being apktool (more on that later).
META-INF/
The META-INF/ folder is essentially a manifest of metadata information including the developer certificate and checksums for all the files contained within an APK. If you were to try and make changes to an APK without removing and re-signing this folder, you would get an error when installing the modified version.
classes.dex
The classes.dex file (sometimes there are multiple) contains all the compiled bytecode of an Android application. Later on, this is what we will decompile into Java source files.
resources.arsc
The resources.arsc file contains metadata about the resources and the XML nodes of the compiled resource files like XML layout files, drawables, strings, and more. It also contains information about their attributes (like width, position, etc) and the resource IDs, which are used globally by both Java and XML app files in the app. This file is compressed into a binary form that is read into memory during runtime. Apktool can also decompress these files and output them into a humanly-readable format for you to explore.
res/
The βresβ folder contains compressed binary XML versions of the resource XML files that are paired with the resources.arsc file during runtime to read images, translations, etc. These XML files are in the same binary format as the AndroidManifest.xml file and can be easily decoded with apktool.
lib/
Not all Android apps contain a lib/ folder, but any app with native C++ libraries will. Within this folder, you will find different folders per-architecture, each one containing .so files specifically compiled for that target architecture such as βarmeabi-v7aβ and βx86β. This is also why you cannot install an app on an x86 device without it providing x86-compiled libs (Google for βINSTALL_FAILED_NO_MATCHING_ABISβ).
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
It would place a traffic limit for U.S. home broadband. Are Chinese operators going to follow up?
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Read this before you got scammed with malware's:
Graphics and Image Data Representations:
------------------------------------------ββββββ
+ 1-Bit Images
also "binary image"
+ 8-Bit Gray-Level Images
0x00 ~ 0xFF, gray scale
* Frame buffer / Video card
* Dithering
+ 24-Bit Colour Images
RGB / RGBA, where A -> alpha channel
+ 8-Bit Colour Images
+ Colour Lookup Tables
* LUTs / palette
* Devise a Color Lookup Table
* human are more sensitive to R & G than to B,
so we can shrink R & G range 0..255 into 0..7 (3bit), B 2bit.
+ GIF, Graphics Interchange Format
* Lempel-Ziv-Welch
* 8-Bit color
* GIF87a / GIF89a
_____________________
| [GIF Signature] |
| [Screen Descriptor] |
| [Global Color map] |
| ... |
| [Image descriptor] | | Repeated
| [Local colot map] | | 1 to n times.
| [Raster Data] | |
| ... |
| [GIF Terminator] |
|_____________________|
* od -c a.gif
+ JPEG
+ PNG
+ PS/PDF
+ BMP(Windows)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Read this before you got scammed with malware's:
Graphics and Image Data Representations:
------------------------------------------ββββββ
+ 1-Bit Images
also "binary image"
+ 8-Bit Gray-Level Images
0x00 ~ 0xFF, gray scale
* Frame buffer / Video card
* Dithering
+ 24-Bit Colour Images
RGB / RGBA, where A -> alpha channel
+ 8-Bit Colour Images
+ Colour Lookup Tables
* LUTs / palette
* Devise a Color Lookup Table
* human are more sensitive to R & G than to B,
so we can shrink R & G range 0..255 into 0..7 (3bit), B 2bit.
+ GIF, Graphics Interchange Format
* Lempel-Ziv-Welch
* 8-Bit color
* GIF87a / GIF89a
_____________________
| [GIF Signature] |
| [Screen Descriptor] |
| [Global Color map] |
| ... |
| [Image descriptor] | | Repeated
| [Local colot map] | | 1 to n times.
| [Raster Data] | |
| ... |
| [GIF Terminator] |
|_____________________|
* od -c a.gif
+ JPEG
+ PNG
+ PS/PDF
+ BMP(Windows)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Phil Spencer, Director of Xbox, has been named Gaming Person of the Year 2020 by international media.
#International
#International
Forwarded from UNDERCODE NEWS
Through stretching the window cache, the Google Chrome development team is seeking solutions to consistency problems. .
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEFORE HACK CCTV; What is RTSP USED FOR ANY CCTV, and what is it for :
1) Real-time streaming protocol (born real time streaming protocol, abbr RTSP..) - application protocol for use in systems that work with multimedia data (media content, media content), and allows you to remotely control the flow of data from the server, providing the ability to execute commands , such as start (start), pause (pause) and stop (stop) broadcasting (playing) of multimedia content, as well as time access to files located on the server.
2) RTSP does not perform compression, nor does it define the media encapsulation method and transport protocols. Streaming data is not itself part of the RTSP protocol. Most RTSP servers use a standard real-time transport protocol for this, which carries audio and video data.
3) Not only can RTSP be found in IP cameras, other devices can also use this protocol to stream media (video and audio).
4) To play video using the RTSP protocol, you need to know the source URL, as well as the username and password.
Β» Example address:
one
rtsp://118.39.210.69/rtsp_tunnel?h26x=4&line=1&inst=1
Some RTSP servers are configured to allow access to the media stream without a password.
The URL address of the media stream is not standard, devices send it when connected after authorization.
Usually RTSP runs on 554, 5554 and 8554 protocols.
Video from IP cameras via RTSP protocol can be opened in VLC and Mplayer . How to do it is written in the article " How to record video from an IP camera (RTSP stream) ". It also shows you how to record streaming video.
VLC and Mplayer players are able to work with this protocol thanks to the openRTSP utility , RTSP client for receiving and recording streaming media ".
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEFORE HACK CCTV; What is RTSP USED FOR ANY CCTV, and what is it for :
1) Real-time streaming protocol (born real time streaming protocol, abbr RTSP..) - application protocol for use in systems that work with multimedia data (media content, media content), and allows you to remotely control the flow of data from the server, providing the ability to execute commands , such as start (start), pause (pause) and stop (stop) broadcasting (playing) of multimedia content, as well as time access to files located on the server.
2) RTSP does not perform compression, nor does it define the media encapsulation method and transport protocols. Streaming data is not itself part of the RTSP protocol. Most RTSP servers use a standard real-time transport protocol for this, which carries audio and video data.
3) Not only can RTSP be found in IP cameras, other devices can also use this protocol to stream media (video and audio).
4) To play video using the RTSP protocol, you need to know the source URL, as well as the username and password.
Β» Example address:
one
rtsp://118.39.210.69/rtsp_tunnel?h26x=4&line=1&inst=1
Some RTSP servers are configured to allow access to the media stream without a password.
The URL address of the media stream is not standard, devices send it when connected after authorization.
Usually RTSP runs on 554, 5554 and 8554 protocols.
Video from IP cameras via RTSP protocol can be opened in VLC and Mplayer . How to do it is written in the article " How to record video from an IP camera (RTSP stream) ". It also shows you how to record streaming video.
VLC and Mplayer players are able to work with this protocol thanks to the openRTSP utility , RTSP client for receiving and recording streaming media ".
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Google "Ascending Strike": from every perspective to preserve the three-dimensional effect of illumination, 2D becomes "4D"
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Brute force RTSP-HACK CAMERA FROM IP:
As already mentioned BEFORE THIS MESSAGE, the URI ("page" address) at which the media stream is available differs from device to device. That is, if you do not have credentials for authentication using the RTSP protocol, then to get the route (URL) of the media stream, you will have to search for it by brute force.
1) You can look at the variety of addresses at https://www.ispyconnect.com/sources.aspx .
2) Program Cameradar able to search for the source address and select the user's password. As stated in the description, Cameradar hacks RTSP CCTV cameras.
Cameradar allows you to:
A) Detect open RTSP hosts on any available target host
B) Determine which device model is broadcasting
C) Launch automatic dictionary attacks to find the route of their flow (ex: /live.sdp)
D) Launch automatic dictionary attacks to guess camera username and password
E)Receive a complete and convenient report on the results
To install the program, see the page https://kali.tools/?p=6132
π¦The launch is very simple:
1) cameradar -t Π₯ΠΠ‘Π’
The " -t , --targets " option sets the target. The target can be a file listing hosts or network ranges, IP address, IP range, subnet, or a combination of both. Example: --targets = "192.168.1.72,192.168.1.74"
2) The program makes a lot of requests and if some of them fail, it displays these errors on the screen, as a result of which the output becomes cluttered, so I prefer to add " 2> / dev / null " to the command .
Examples of successful launches:
cameradar -t 201.191.170.250 2>/dev/null
cameradar -t 98.124.38.218 2>/dev/null
3) The description of the program mentions "nmap", but this is Cameradar's own library, it is written in Go and has nothing to do with the original Nmap network scanner - perhaps this is the reason for such slowness.
4) You can scan the network to collect Cameradar targets, for example, using Masscan :
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Brute force RTSP-HACK CAMERA FROM IP:
As already mentioned BEFORE THIS MESSAGE, the URI ("page" address) at which the media stream is available differs from device to device. That is, if you do not have credentials for authentication using the RTSP protocol, then to get the route (URL) of the media stream, you will have to search for it by brute force.
1) You can look at the variety of addresses at https://www.ispyconnect.com/sources.aspx .
2) Program Cameradar able to search for the source address and select the user's password. As stated in the description, Cameradar hacks RTSP CCTV cameras.
Cameradar allows you to:
A) Detect open RTSP hosts on any available target host
B) Determine which device model is broadcasting
C) Launch automatic dictionary attacks to find the route of their flow (ex: /live.sdp)
D) Launch automatic dictionary attacks to guess camera username and password
E)Receive a complete and convenient report on the results
To install the program, see the page https://kali.tools/?p=6132
π¦The launch is very simple:
1) cameradar -t Π₯ΠΠ‘Π’
The " -t , --targets " option sets the target. The target can be a file listing hosts or network ranges, IP address, IP range, subnet, or a combination of both. Example: --targets = "192.168.1.72,192.168.1.74"
2) The program makes a lot of requests and if some of them fail, it displays these errors on the screen, as a result of which the output becomes cluttered, so I prefer to add " 2> / dev / null " to the command .
Examples of successful launches:
cameradar -t 201.191.170.250 2>/dev/null
cameradar -t 98.124.38.218 2>/dev/null
3) The description of the program mentions "nmap", but this is Cameradar's own library, it is written in Go and has nothing to do with the original Nmap network scanner - perhaps this is the reason for such slowness.
4) You can scan the network to collect Cameradar targets, for example, using Masscan :
> > sudo masscan 0.0.0.0/0 --exclude 255.255.255.255 --randomize-hosts --rate 200 -p 554,5554,8554 --output-filename cameras.xml
The following commands create the β camera β directory and filter all IP addresses from cameras * .xml files into camera / hosts.txt file .
> > mkdir camera
cat cameras*.xml | grep -o -E '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}' | sort | uniq > camera/hosts.txt
Counting the number of IP addresses on which at least one port from 554, 5554 and 855 is open.
> >cat camera/hosts.txt | wc -l
> > 10955
(Don't copy our tips)β β β Uππ»βΊπ«Δπ¬πβ β β β
Telegram
UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEFORE HACK CCTV; What is RTSP USED FOR ANY CCTV, and what is it for :
1) Real-time streaming protocol (born real time streaming protocol, abbr RTSP..) - application protocol for use in systems that work with multimedia dataβ¦
π¦BEFORE HACK CCTV; What is RTSP USED FOR ANY CCTV, and what is it for :
1) Real-time streaming protocol (born real time streaming protocol, abbr RTSP..) - application protocol for use in systems that work with multimedia dataβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Bitcoin is expected to hit the longest consecutive month since 2019 since smashing the milestone.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hack bluetooth with kali :
Bluesnarfing, all modern devices have at least some kind of protection against bluesnarfing. For example, I tested this with a Samsung Galaxy s7, and it prompted be to give permission to bluesnarfer to read my contacts, make calls, etc. So at least it asked me for permission!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
To install bluesnarfer:
1) git clone https://github.com/kimbo/bluesnarfer.git
2) cd bluesnarfer
3) make
4) ./bluesnarfer.
5) First, you need to make sure you can reach the device from your computer. Connect your computer to your phone with Bluetooth, then verify you can reach it using something like l2ping:
l2ping <MAC_ADDRESS>
6) If you're having trouble finding the MAC_ADDRESS, usually you'll be able to see it in your bluetooth settings. I also like to use bluetoothctl and then devices list and it'll show you what devices have been picked up by the scanner or paired previously and what their MAC addresses are.
7) Next, you run the bluesnarfer program. The general usage is
./bluesnarfer -b <MAC_ADDR> [options]
For example, to list device info, run
./bluesnarfer -b <MAC_ADDR> -i
Once you get that working, you can test a bunch of AT commands (read contacts, read recent calls, make calls, send text messages, etc). Here's a good reference I found for AT commands: https://www.sparkfun.com/datasheets/Cellular%20Modules/AT_Commands_Reference_Guide_r0.pdf (Note that your phone may not support all of the AT commands listed in the reference guide.)
8) If running the above command doesn't work, you probably need to figure out the right channel to use. The default channel used is 17 (see src/bluesnarfer.c#L59).
To see what channels are available, I used the sdptool:
sdptool browse --tree --l2cap <MAC_ADDRESS>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hack bluetooth with kali :
Bluesnarfing, all modern devices have at least some kind of protection against bluesnarfing. For example, I tested this with a Samsung Galaxy s7, and it prompted be to give permission to bluesnarfer to read my contacts, make calls, etc. So at least it asked me for permission!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
To install bluesnarfer:
1) git clone https://github.com/kimbo/bluesnarfer.git
2) cd bluesnarfer
3) make
4) ./bluesnarfer.
5) First, you need to make sure you can reach the device from your computer. Connect your computer to your phone with Bluetooth, then verify you can reach it using something like l2ping:
l2ping <MAC_ADDRESS>
6) If you're having trouble finding the MAC_ADDRESS, usually you'll be able to see it in your bluetooth settings. I also like to use bluetoothctl and then devices list and it'll show you what devices have been picked up by the scanner or paired previously and what their MAC addresses are.
7) Next, you run the bluesnarfer program. The general usage is
./bluesnarfer -b <MAC_ADDR> [options]
For example, to list device info, run
./bluesnarfer -b <MAC_ADDR> -i
Once you get that working, you can test a bunch of AT commands (read contacts, read recent calls, make calls, send text messages, etc). Here's a good reference I found for AT commands: https://www.sparkfun.com/datasheets/Cellular%20Modules/AT_Commands_Reference_Guide_r0.pdf (Note that your phone may not support all of the AT commands listed in the reference guide.)
8) If running the above command doesn't work, you probably need to figure out the right channel to use. The default channel used is 17 (see src/bluesnarfer.c#L59).
To see what channels are available, I used the sdptool:
sdptool browse --tree --l2cap <MAC_ADDRESS>
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - kimbo/bluesnarfer: Bluetooth hack, forked from https://gitlab.com/kalilinux/packages/bluesnarfer/
Bluetooth hack, forked from https://gitlab.com/kalilinux/packages/bluesnarfer/ - kimbo/bluesnarfer
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
2020 is coming to an end and Adobe alerts consumers that Flash support will be discontinued too.
#Updates
#Updates
