[Android] HushSMS got cracked again. Do I care? No! Should you? Yes! (read why)

first of all thanks to the crackers (I’m sure you’re reading this some day). You draw some more attention to my App.

So my App got cracked (again) and I simply do not care. Why you ask? Because I personaly don’t mind if you use a manipulated App from an untrusted source that can send out messages and thus costs you money. But why should you care?
To make it short: This App is developed with maximum caution to not cause you any harm or generate costs by accidently sending thousands messages that will cost you a lot of money. So if you use the cracked version of HushSMS there is no guarantee that the protection mechanisms are still valid and you will not lose money by improper code.

Additionaly a general note on using cracked Apps: Android Apps are written in Java. They can be decompiled, manipulated and recompiled easily. Thus you will never know if the cracked App you use contains malicious code or malware, and you will not become aware of because malware writers are clever too…

However, if you can’t afford the small fee for buying HushSMS (or any other App) from an official source you should simply continue to use the cracked version and risk losing money, get scammed by malicious code or get assimilated by a Borg collective 🙂

[APP] Raider – A special use case backup tool ;-)

Just finished the work on the initial release of Raider. Like I wrote in the last post this tool is inspired by p2p-adb from Kyle Osborn, so all creds go to him. This app requires root and adb installed on the device. You can find adb for arm7 here. I successfully tested Raider on my Xoom running Honeycomb 3.2 and on my Galaxy Tab running ICS. As target I used several rooted phones which all could be “backed up”.

This is the initial work I’ve done on this topic. The app is not threaded currently so if something goes wrong…

All backup files go to the devices sdcard (internal or external) and the filenames begin with raider-xxx.tar

Enjoy it and leave a comment if you like it (else just go ahead).

Grab it while it is on the play store

[Android] Work in progress: Raider – A phone to phone adb app based on @theKos’s idea

Yesterday Kyle Osborn twitted a method to use adb on an android device with usb host to connect to another android device which has debugging enabled. The scripts he kindly made available (source available at github) look promising and I decide to write an app for exactly the purpose he posted about. I already started development but am currently unable to test as I’m on a business trip and don’t have enough gadgets with me to test (lack of usb-otg cable and second android device). Looks like in the future I’ll have to carry more luggage just in case stuff like this comes out again when I’m on the road.
However, expect a first beta to be out in a week when I’m back.

[Android] btCrawler – Bluetooth Diagnostic Tool for Android released today

It’s done, finaly. I ported my Bluetooth Scanning Tool btCrawlerto Android. Sure, some features from the WinMo version are missing, but as time comes I will add more features to it.

So what is btCrawler and what can I do with it?

On startup a list of currently paired devices is shown. By touching a device entry a popup menu appears which lets you query sdp services or pair/unpair a device. There are three buttons at the top. The left lets you scan for devices arround you which are in discoverable mode. After devices have been found, you can again touch an entry and get the popup menu again. The middle button lets you change your device’s discoverable mode and make it visible to others for 300 second or make it invisible again. The right button shows you the list of currently paired devices again.

When you press the sdp query option in the popup menu a query for services will be performed for the chosen device and displayed in a popup.

I hope you enjoy this tool.



[Android] btPair – Bluetooth Pairing Helper released

Today I released btPair for Android, a helper utility for pairing and unpairing surrounding visible bluetooth devices.

Why?  U ask?

Ever sat in a rental car wanting to quickly pair your phone with the handsfree unit?
Ever bought some new BT equipment and wanted to pair ASAP?

In Android, managing bluetooth sucks. So I wrote this tool to quickly pair an unpair visible surrounding devices. If you start the tool and press scan you will be prompted with a list off visible devices and their current pairing state. Just click on a device to quickly pair or unpair with a device. A red or green icon shows the current pairing (I know, in reality it’s called bonding) state.


See a screenshot here.

[Android] HushSMS Full Version availabe

I just published the first full version release of HushSMS for Android in the Android Marketplace. You can find it here.

For a full description of the program and all message types please visit: http://www.silentservices.de/HushSMS-Android.html

This is my first Android Software, so there might still be some bugs. If you find any please report them to me so I can make the software even better.

I suggest that you first install the free Lite version to check if your device is capable of sending the different message types. After that you can decide to buy the full version or just uninstall the Lite version again. Whatever you think, please rate the app in the market enad tell me your thoughts so I can improve it.



[Android] HushSMS for Android is on it’s way

Yesterday I published the demo version of the first release of HushSMS for Android to the market. Unfortunately and even with enough testing there was a bug that prevented the sent and delivered notifications from working properly for some messages.
In this demo there is a character limit of 30 per each message. This demo is to check if it works on your device. A full version will follow soon.

Demo version message types for fully supported devices (mainly all HTC with Sense UI):

– Normal SMS
– Flash SMS (Class0)
– WAP Push SI
– WAP Push SL
– MMSN (MMS Notification)
– MWIVA (Message Waiting Indicator Voice Activation = 1 new voice msg waiting)
– MWIVD (Message Waiting Indicator Voice DeActivation)

Demo version message types for partially supported devices:

– Normal SMS
– WAP Push SI
– WAP Push SL
– MMSN (MMS Notification)

The full version will add the following message types:

– PING (Type0)

Check this blog for updates or follow me on twitter.

[iPhone] Authentication bug still present in iOS 4 (at least on my 3G)

Maybe you all have read about the authentication bug found by Bernd Marienfeldt in May 2010. I tested this against my 3G after doing the upgrade to IOS4. It worked directly using libimobiledevice under my Backtrack installation (I don’t have plain Ubuntu here). Now I thought that the device is still vulnerable because I only did an upgrade and not a full recovery. So I did the full recovery and tested my iPwn against this vuln. Guess what, it’s still vulnerable!

I get asked by my customers every now and then why I do not recommend the iPhone in an enterprise environment. My default answer is:”Because it is vulnerable as hell and iPhone is the source of all evil!” They usually ask for demo or exploit and all I can tell them is that all exploits will be kept privately because they might have the potential to be used for an unlock or jailbreak. Now this is something worth for a short demo at the customer site… harhar

iPhone 3G and iOS4 annoyances…

Short intro just to tell you WHY I got an iPhone: Well, about 2 month ago I’ve got an iPwn for security testings and such stuff. I held a presentation about iPwn (+droid) sec on our companies event “Integralis Security World 2010″ (slides are available for download, but they are in German).

I played around withit and believe me when I say I’m not an iPhone or iDevice (or Apple) Fanboy. The last 6 years I used WinMo devices mainly, but that’s another sad story…

That being said, I must admit that the iPhone is a nice device to play with. I never thougth I would use one because of this stupid apple policy of not beeing able to “legally” run whatever you want on it and because of not beeing able to “legally” use it the way I would. As I in fact don’t care about Apples stupidity, I’m happy to be able to jailbreak and unlock the phone (thx to the dev-team and George for their hard work!). Well done as said. I recently upgraded to IOS4 on my 3G, removed the jail and unleashed the baseband touse it with another provider (next time I will definately by an unlocked one). I then installed all my favority tools like Wifi Analyzer, Metasploit, nmap, etc…

After the IOS4 upgrade my 3G just started to become slow and sluggish. I had lags, low memory conditions missing config options (for APN settings, VPN option button, etc) and the worst: the battery drained about 2 times a day to zero. I googled a lot andfound that most of the users who upgraded experience the same results. I installed battery monitor software, process watchers, observed cpu usage with top but t no avail.

To make it short: the solution to all annoyances was to to a fresh recovery install of IOS4 and to not install my previous 3.1.3 backup. It was a long way to reconfigure all my options and to reinstall all of my tools but it was worth every second of it. The battery now lasts as long as before the upgrade and the device is fast and respnosive again. I have enough free mem and all of my config options like APN settings, tethering and VPN toggle are usable again. So to all folks out there having problems with their device after upgradeing to IOS4: Do a fresh full recovery and don’t install your old backups!