I've done some research into creating a simple app that could act as a Bluetooth input device, and discarded the project after finding that it would not currently be possible to use the human interface device profile without rooting the device.
However, is it possible that there is a workaround for this in direct assembly code? This may be a stupid question, and I understand that there may not be any relevant documentation even if it is possible.
But as I understand it, one should be able to access and modify RAM data directly with assembly. If you knew what to change, could you edit the signal to use a different profile?
Related
I want to use a Android Phone as a controlling unit for one of my projects.
In this the Smartphone is fixed on the hardware.
Tasks for the smartphone are:
Communication via Bluetooth
Handling User Input (e.g. PIN-Entry)
Turning on/off vibration, led ,...
So I wrote a App which does all the things I want.
Now I want that the Smartphone can only be used for this application.
Maybe you can give me some Ideas how to manage this.
I heard about 'kiosk-mode', could this be a solution.
Another option would be a custom ROM or is it possible to get a 'basic-android' without a launcher an just one single app.
I just want some ideas and usefull suggestions from you:)
If you are using Android version "L" there is a way to do that. It is called Task Locking, however it needs root access.
There is a lot of tutorials on this site. I just don't want to copy-paste it.
Take a look here: http://www.sureshjoshi.com/mobile/android-kiosk-mode-without-root/
Pretty good article about task locking and device ownership. And unlike Evgeniy said, root is not needed.
I'm a non-android-programmer who needs to employ/partner with an android developer or development team to implement a project. What I am interested in knowing is how difficult my requirements are likely to be to implement. I have already approached several developers but so far haven't got any answers beyond "sorry we don't have time now" or "we'll get back to you". I believe it would help me to find a developer if someone could give me some indication of how difficult this project will be to implement.
There are two main requirements. Firstly, the software should monitor usage of the device (it will be a tablet computer) so that usage is recorded and regularly transmitted to me (e.g. by automatic email of a datafile). By usage I mean I want to know (a) what apps are installed and when, and (b) what apps are in use (in the foreground) and when. Secondly, the software should be able to restrict usage of the device so that it can be configured to only be able to run certain apps, and only at certain times. At other times it should be unlockable. It doesn't need to be hacker-proof, just child proof.
Skeptics will want to know why I want malicious-sounding spyware written for me: my attentions are good - I'm a child psychologist and we are planning to run a study where we look at how very small children use tablet computers in an ordinary family setting. Basically I will be handing tablets out to parents of three-year-olds: the parents will know exactly what we have done to the tablets.
To avoid asking too vague a question, I guess I could specify even further: is this even possible without a rewrite of the operating system itself (in which case I guess this is a big job), or can this be done more simply? Perhaps there is already software or libraries available which do this?
Certainly it's feasible, and I don't see why it would be as expensive as has been suggested. The key is that you need this only to be child-proof: that's far easier than making it hacker-proof.
All you'd need is a system service to log and transmit various events, and a replacement home/launcher app to prevent launch of unwanted apps. Simples.
Currently involved in a University project and could use any help from members regarding rootkits designed for Android.
I have little knowledge of Android malware and the project so far has got us decompiling apks to view the java class files (if readable) and the AndroidManfiest.xml file. I have also managed to root a phone in the uni lab using various adb commands and pushing files over to it.
What I would like to know is if it's relatively easy to spot malicious rootkit code within a class file? Is there something I can look out for? Is it a case of getting su status or does it involve adding users? Assume to next stage would be to then contact a server so the developer has remote access..
Also, is there a system or service that can process an apk to spot if it contains a rootkit (not just malicious)?
reply:
hi sorry about late reply - tried responding immediately but wasn't allowed as I'm new, but then forgot!
Thanks for the info! I appreciate that I may sound naive, but I guess I have to be seeing as I don't know anything about rootkits or the way they work..
You're right, they are not asking about 3rd party scanners, that was just my interest. So on that topic, are you saying there are scanners out there that specifically look for rootkits in a sample? Or is this detection all part of the overall AV service they offer.. If specific to rootkits alone, then I would really like to know which ones, so i can research them..
Also, with regards to exploitation of a bug - I assume you mean a bug within the Android OS? Would this mean that when patch updates are pushed out from Google then the rootkit is unable to function?
Thanks
A mallicious rootkit tries its best to get certain access, secretly. So any generalisations you make about how it does its business will probably be already worked around by any good rootkit.
"setting su status" is hardly worthy of being called a 'rootkit', that's just 'using root permissions' that you seem to have given the app. A rootkit would look for a way to actually get this without permission, by exploiting some sort of bug.
Systems of services that spot those things are commonly called virus and/or mallware scanners. Yes they exist.
Not to be negative, but this seems like a naive post about the subject, and probably not a good start for a project: I'd say using a 3rd party malware scanner is probably not wat is asked?
You could, for instance, look for known exploit-methods. One that for some reason comes to mind is the overflow, but that's just a random thing. Read up on rootkits, their methods, heuristics to find them etc.
A understand that the WifiManager returns a list of access points after a scan, but is it possible to also retrieve a list of wireless clients and their strengths?
Update:
To clarify what I mean by a "wireless client", in a typical WiFi network there is a WiFi "access point" and one or more wireless clients that communicate with it.
Some comments are saying it is not technically possible without querying the Access Point, which makes sense.
I have used a tool such as airmon-ng to list all access points and every client within range. You can see there is a client, signal strength (PWR) and which access point (STATION) they're connected to in this screenshot:
For this to be possible there are a few things required. Firstly your device needs to have 'monitor' mode support. This is because all network interfaces will ignore traffic not intended for them unless otherwise told to do so, this is not needed for normal operation so not all devices support it.
Secondly you will need a rooted device as shell commands need to be executed with root (administrative) access. If your phone is not unlocked and rooted this will also not be possible for you.
Thirdly, you will require either a kernel that supports monitoring and snooping on your wireless chipset, or a kernel module that will add this support. This is a technical detail that I will not go in to here, but Googling it will help you.
Last you require a toolset such as airmon (Like you've used on your PC) for Android, there is one on the Play Store here: AirMon.
A word of warning, expect to be on your own out there. Finding a developer that writes these kind of kernel modules or hacking/penetration related tools is usually not open to hand-holding. You will have to Google and help yourself for the most part, or ask more questions on StackOverflow of course.
So the Cliff Note, TL;DR. It's possible, very possible. But you might not be able to do it on your device.
Also, I'm not aware of your skill-set but the hours and skills spent getting this sort of thing to work on a PC let alone a phone are long and vast, so it's best to use the tools others have provided, developing them yourself is going to have a steep learning curve.
I don't have the exact answer on how to do it but I seen app in Play store that does exactly what you're asking which mean it can be developed. Quick search show this one - https://play.google.com/store/apps/details?id=de.android.telnet
i had this issue a while back but unfortunately the only solution really is to query the router. now it depends if your router can do this. i wonder if 3rd party router roms like ddwrt can spit log files which then you can parse
I want to develop an app that makes use of the WiFi interface to establish cooperation amongst a subset of mobile devices, which will then allow me to exploit location information and achieve higher energy efficiency (cluster based communications).
For security reasons, I must append a digital signature (or a keyed hash) at the end of specific WiFi frames (e.g. when ARP protocol runs).
Is it possible to achieve this in Android OS?
Will I be able to update the WiFi protocol stack in Android?
Will it be feasible?
Any literature suggestions?
I'd be grateful for any directions.
Is it possible to achieve this in Android OS?
I think you would need some kind of raw sockets. For that you can look to Raw Sockets on Android
Will I be able to update the WiFi protocol stack in Android?
Android is open source so you can try to modify it and load another Android firmware to your phone. For example, you have custom firmware versiones like the one you find at http://www.cyanogenmod.com/
Will it be feasible?
In my opinion it is possible but very difficult. Probably you can find a more feasible solution for your problem.
Any literature suggestions?
You can read this threat about how to download and edit Android source code: http://groups.google.com/group/android-kernel/browse_thread/thread/6e428031c5e70417/8d99386a62f7d75e?pli=1
Good luck.