The Ethical Hacker Phone Blog

Obfuscapk

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscated app retains the same functionality as the original one, but the differences under the hood sometimes make the new application very different from the original (e.g., to signature based antivirus software).

Andriller

Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel formats.

Features

• Automated data extraction and decoding
• Data extraction of non-rooted without devices by Android Backup (Android versions 4.x, varied/limited support)
• Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
• Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (backup.ab files)
• Selection of individual database decoders for Android apps
• Decryption of encrypted WhatsApp archived databases (.crypt to .crypt12, must have the right key file)
• Lockscreen cracking for Pattern, PIN, Password (not gatekeeper)
• Unpacking the Android backup files
• Screen capture of a device’s display screen

SimJacker

New Simjacker vulnerability exploited by surveillance companies for espionage operation

AdaptiveMobile Security have uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. This vulnerability is currently being actively exploited by a specific private company that works with governments to monitor individuals. Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands. The location information of thousands of devices was obtained over time without the knowledge or consent of the targeted mobile phone users. During the attack, the user is completely unaware that they received the attack, that information was retrieved, and that it was successfully exfiltrated. However the Simjacker attack can, and has been extended further to perform additional types of attacks.

email2phonenumber

This tool helps automate discovering someone’s phone number by abusing password reset design weaknesses and publicly available data. It supports 3 main functions:

• scrape - scrapes websites for phone number digits by initiating password reset using the target’s email address
• generate - creates a list of valid phone numbers based on the country’s Phone Numbering Plan publicly available information
• bruteforce - iterates over a list of phone numbers and initiates password reset on different websites to obtain associated masked emails and correlate it to the victim’s one