Related
Hello,
I am curious how easy it is to compile a linux based app for various versions of android.
Is this possible?
I am interested in compiling the reaver tool.
Thanks,
Matt
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A
As noone is answering you, i'll give it a try
I am not very familiar in this topic and only able to do get very simple apps compiled and running... so after having a quick glimpse on this one ( http://talk.maemo.org/showthread.php?t=81219 ) i think that the problem is not the reaver code but a) the promiscuous mode wireless driver (device depending) and b) the other dependencies like aircrack.
I would say as long as you dont find an aircrack port its senseless to ask for a reaver-droid
(Devs please correct me)
looks like you will just have to port aircrack too.. however, I do feel as if this would be a wonderfully malicous tool... I also think that it would also be best used on a computer as I would assume this software would eat your battery alive..
So.. 2 things to consider.. First, reaver on a cellphone is like giving rufees to satan for distribution and trusting him not to rape anyone.. second... how well would your hardware hold up to the several hour attack, and how much longer would it take on a cellphone compared to an actual computer?
any news on this?
i'm also interested
+1
I want this
I need this so bad. anybody know if there is a app like this available?
hammerlock13 said:
looks like you will just have to port aircrack too.. however, I do feel as if this would be a wonderfully malicous tool... I also think that it would also be best used on a computer as I would assume this software would eat your battery alive..
So.. 2 things to consider.. First, reaver on a cellphone is like giving rufees to satan for distribution and trusting him not to rape anyone.. second... how well would your hardware hold up to the several hour attack, and how much longer would it take on a cellphone compared to an actual computer?
Click to expand...
Click to collapse
The WPS vulnerability the reaver exploits requires little calculations. It just keeps brute forcing the WPS access point(if enabled), until the AP responds "hey you got it right, you are now my WPS registrar. You now have access to retrieve/set my wireless settings including pre-shared key."
It would still take lots of time in most cases and therefore battery. But it's not like you are actually cracking the encryption key.
I have taken the key off the bottom of an access point I had laying around and used my phone's built-in wpa_cli to plug that pin in and retrieve the pre shared key. That much is already possible with wpa_supplicant found on Linux OSes including android.
Air crack or similar would need to be ported to put the wifi device in promiscuous mode and I would assume that the device drivers would have to support that. This is, I believe, the biggest hurdle.
Sent from my Galaxy Nexus using Tapatalk 2
Hi all.
I've been interested in Reaver for mobile for a long time now, as it works perfectly on a pc. I managed to hack several routers with it (all of them are mine...), and it does give you the wifi password (pass key) in the end. So having this kind of tool on your mobile would be outstanding.
As for the time it takes - Reaver allows pausing attacks, and it stores the data collected so far locally, so it's possible to restart the attack later.
Don't know if you guys looked into this:
http://forum.xda-developers.com/showthread.php?t=1255203
I tried a different build of Backtrack a while ago, but I haven't got into the above one so far, but will try soon. Wonder if aircrack will work. It didn't before, since there was a problem with the drivers (HTC Sensation). If aircrack works, then reaver should also...
How about the micro android PC ?? and ras pi??
Hi guys,
Was just searching for reaver tool for mobiles, then I came across a micro android pc and that made me think of my ras pi....
has anyone tried running reaver on a ras pi ??
also, has anyone thought about reaver tool for a micro android PC ??
that sure wud be interesting.... and... for power, we can use OTG cable to power up micro PC and ras pi....
any thoughts??
tomer1981 said:
Hi all.
I've been interested in Reaver for mobile for a long time now, as it works perfectly on a pc. I managed to hack several routers with it (all of them are mine...), and it does give you the wifi password (pass key) in the end. So having this kind of tool on your mobile would be outstanding.
As for the time it takes - Reaver allows pausing attacks, and it stores the data collected so far locally, so it's possible to restart the attack later.
Don't know if you guys looked into this:
http://forum.xda-developers.com/showthread.php?t=1255203
I tried a different build of Backtrack a while ago, but I haven't got into the above one so far, but will try soon. Wonder if aircrack will work. It didn't before, since there was a problem with the drivers (HTC Sensation). If aircrack works, then reaver should also...
Click to expand...
Click to collapse
If you goto the link below in my signature.
It has black Ubuntu 12.04 with reaver and aircrack-ng for android.
You just need to know your screen size for your device and get drivers for your wifi or a external wireless card.
For some reason I stopped receiving updates on this thread, and thought it was dead.
I just wantd to mention that beyond the backtrack ports, there is also WPSPin.
I've been on the iphone for several months now (after the EVO) and am surprisingly disappointed with the lack of control (even when jailbroken). I just bought a Galaxy Tab 2 7", and will be getting back into Android shortly and look forward to messing around with backtrack.
reaver for Android
No problem do for android, but you must enabled wifi monitor mode
I tested it on my LG OPTIMUS 3D P920. Wash works well,reaver runs but does not work on my device(very slowly capturing packets and difficult to capture a beacons frame).
Install:
reaver.db --> in /sdcard/reaver/reaver.db
binaries reaver and wash from bin/ to somewhere where you can execute(you_path).
you must have enabled monitor mode!!!
example execution:
#/you_path/wash -i mon0 -C
or
#/you_path/reaver -i mon0 -b 00:00:00:0F:0F:0F -vv --dh-small
how one puts wlan0 in monitoring mode?
UPDATE have you compiled .ko? What ROM you are on? I'm on V30A (original 4.04)
lg optimus 3d
solnyshok said:
how one puts wlan0 in monitoring mode?
UPDATE have you compiled .ko? What ROM you are on? I'm on V30A (original 4.04)
Click to expand...
Click to collapse
I have V30A original too.
1) #sh airmon-ng start wlan0
OR
2)#iw dev wlan0 interface add mon0 type monitor
#ifconfig mon0 up
Both methods work on lg optimus 3d (V30a original driver),but you must have root.
unzip tools.zip,droped into /data and in terminal
$cd /data/tools
$export PATH=/data/tools:$PATH
$su
fann95 said:
I have V30A original too.
1) #sh airmon-ng start wlan0
OR
2)#iw dev wlan0 interface add mon0 type monitor
#ifconfig mon0 up
Both methods work on lg optimus 3d (V30a original driver),but you must have root.
tools.zip also includes new versions reaver and wash (compeled with new lib supplicant and last pcap lib +libnl-2)
very well captures the packets, but I did not fully test had, little WiFi points around with enabled wps
Click to expand...
Click to collapse
Thank you for quick reply @fann95. Do you mean that there is no need to compile kernel module for Optimus 3d, because original wifi driver is enough?
monitor mode
solnyshok said:
Thank you for quick reply @fann95. Do you mean that there is no need to compile kernel module for Optimus 3d, because original wifi driver is enough?
Click to expand...
Click to collapse
Yes. SE Xperia Mini,LG P920,Sony Xperia GO and other devices with wl12xx drivers no need to compile kernel module or instal addtional software
you can check $ iw list
and see what modes are supported by your driver
my port reaver for wl1271 chip (tested on lg optimus 3d with original ICS 4.0.4 (30a-EUR-XX) )
View attachment reaver_for_LGP920.zip
do not forget to disconnect all active WiFi connection (delete saved point) before using.
start without "-i mon0" option, to automatically activate the monitor mode (need root)
example:
$su
#reaver -b 00:11:22:33:44:55 -vv
can someone post a guide how to use reaver in android icecream sandwich smartphone?
all we need is the tools.zip file and the reaver.zip file and a terminal emulator??
eDIT: i did it but my card is not compatible and unable to work in monitor mode :/
I looking for someone with a guide to test reaver on my android.
thanks in advance!:good:
Hi There
Im looking for an Android app that is able to start an application on a Windows box
What im looking for is that im having a surveillance system at home based on Windows 8 and ContaCam with outdoor
IP cams. I want to set up some indoor cams based on some of our old Android phones. (No problem)
The thing is that I dont want them to record when we are at home. So im looking for at way to automate this!
My idea:
A Android app that uses wifi to locate if an android phone is on home network or away.
When home this app sends a heatbeat perhaps every 2 min to a server software on windows.
If this server software recieves a heartbeat from me or my wifes phone or both, it should shut down the ContaCam or any other software selected. (Could be other software) If already shut down it should do nothing.
If no heartbeat is recieved within perhaps 10min it should start Contacam or any other selected software.
If already started it should do nothing.
An advanced version could be that you recieved an feedback that the Process had been started.
This software could be developed very basic to that with the server software you choose what exe or Bat file to launch.
And what process to shutdown.
I haven't been able to locate any software out there. Maybe it already exist. If not i hope somebody
would use my idea and develop this software
It would be nice if there could be a linux server software too.
Best Regards
helskov said:
Hi There
Im looking for an Android app that is able to start an application on a Windows box
What im looking for is that im having a surveillance system at home based on Windows 8 and ContaCam with outdoor
IP cams. I want to set up some indoor cams based on some of our old Android phones. (No problem)
The thing is that I dont want them to record when we are at home. So im looking for at way to automate this!
My idea:
A Android app that uses wifi to locate if an android phone is on home network or away.
When home this app sends a heatbeat perhaps every 2 min to a server software on windows.
If this server software recieves a heartbeat from me or my wifes phone or both, it should shut down the ContaCam or any other software selected. (Could be other software) If already shut down it should do nothing.
If no heartbeat is recieved within perhaps 10min it should start Contacam or any other selected software.
If already started it should do nothing.
An advanced version could be that you recieved an feedback that the Process had been started.
This software could be developed very basic to that with the server software you choose what exe or Bat file to launch.
And what process to shutdown.
I haven't been able to locate any software out there. Maybe it already exist. If not i hope somebody
would use my idea and develop this software
It would be nice if there could be a linux server software too.
Best Regards
Click to expand...
Click to collapse
You can use this one:
http://owtroid.com/remotelauncher/mediawiki/index.php?title=Remote_Launcher
with combination of Tasker or Lllama.
Just write two batch files or shell scripts to start and stop surveillance.
bg_man said:
You can use this one:
http://owtroid.com/remotelauncher/mediawiki/index.php?title=Remote_Launcher
with combination of Tasker or Lllama.
Just write two batch files or shell scripts to start and stop surveillance.
Click to expand...
Click to collapse
Thanks for your kind reply. It works just fine! :good:
Hello everyone,
It's been a long time since I have viewed the XDA forums. A brief background of what I was working to accomplish was to activate and use an Android wear device without pairing to a phone. I did not find any articles online or procedures for this. What this method allows you to do is pair, fetch software, and get notifications (email etc.), via your PC. The basic test setup is running Android x86 v4.4-RC2 as a virtual machine under Parallels on a Macbook Pro. Steps are listed below. Hope this helps in others endeavors.
1. Initially install Parallels desktop. (Virtualbox was tested but would not work with the Bluetooth hardware_
2. Run the pre-configured experimental Android VM from Parallels initially creating the virtual machine.
3. After successfully installing the new Android VM bundled download Android x86 v4.4-RC2 iso.
4. Shutdown the initially created VM and mount the iso to a virtual cd drive. Set boot order to start with cd first.
5. After startup in grub go to the install Android option (last one)
6. During the install allow formatting of the virtual drive and overwrite the initial operating system that was installed with the new version.
7. After startup of the new virtual machine with the correct image setup your Google account to access the play store.
8. Download Google Wear and install.
9. Go to the vm settings while running and check to share both Bluetooth and web cam USB devices.
10. Go to settings in the Android VM and then Bluetooth. Attempt to pair with the watch.
11. A prompt will come up in the actual OS to pair with the watch, this is ok click on pair in the main os.
12. The main os will say the watch is not connected but the guest Android VM will now recognize the watch and start the pairing process.
13. Once pairing is complete simply use all functions that would normally be used in the virtual machine.
13a. In order to receive text message notifications by your computer when paired use a carriers text app such as Verizons connect app.
Mac OS X Yosemite Parallels Android Virtual Machine Smart watch Bluetooth Pairing
matrixfatalerror said:
Hello everyone,
It's been a long time since I have viewed the XDA forums. A brief background of what I was working to accomplish was to activate and use an Android wear device without pairing to a phone. I did not find any articles online or procedures for this. What this method allows you to do is pair, fetch software, and get notifications (email etc.), via your PC. The basic test setup is running Android x86 v4.4-RC2 as a virtual machine under Parallels on a Macbook Pro. Steps are listed below. Hope this helps in others endeavors.
1. Initially install Parallels desktop. (Virtualbox was tested but would not work with the Bluetooth hardware_
2. Run the pre-configured experimental Android VM from Parallels initially creating the virtual machine.
3. After successfully installing the new Android VM bundled download Android x86 v4.4-RC2 iso.
4. Shutdown the initially created VM and mount the iso to a virtual cd drive. Set boot order to start with cd first.
5. After startup in grub go to the install Android option (last one)
6. During the install allow formatting of the virtual drive and overwrite the initial operating system that was installed with the new version.
7. After startup of the new virtual machine with the correct image setup your Google account to access the play store.
8. Download Google Wear and install.
9. Go to the vm settings while running and check to share both Bluetooth and web cam USB devices.
10. Go to settings in the Android VM and then Bluetooth. Attempt to pair with the watch.
11. A prompt will come up in the actual OS to pair with the watch, this is ok click on pair in the main os.
12. The main os will say the watch is not connected but the guest Android VM will now recognize the watch and start the pairing process.
13. Once pairing is complete simply use all functions that would normally be used in the virtual machine.
13a. In order to receive text message notifications by your computer when paired use a carriers text app such as Verizons connect app.
Click to expand...
Click to collapse
Hi! I registered just to say thanks, and this post gives me hope.
However, my Android install still refuses to turn on the bluetooth and it flips back to off whenever I turn it on.
Im using 4.4 R2 on Parallells 10 (the latest update). I've selected Webcams and Bluetooth in the Parallels config settings, but my Pebble software still cant connect.
Could you give a bit more detail (Steps 9, 10 and 11) on how to turn on the bluetooth? (maybe with a couple screenshots).
I'm using a Summer 2012 13" macbook pro 2.5GHz Core I5 with 16gb RAM Yosemite. My VM has 2GB RAM
Cheers!
I want to make sure this works before I go out and actually buy an LG G Watch R (The dopest looking smartwatch in existence)
---------- Post added at 08:44 AM ---------- Previous post was at 08:31 AM ----------
I restarted the VM and the BlueTooth is working now!!
WTF!!!
I first Paired the Pebble to the Macbook Pro, then the VM found it in the bluetooth menu and now I'm connected!
Awesome!!
ummm, am I missing something or will this just allow connection via Bluetooth to a computer that sits at home and will never leave so your watch will never connect more than 50ft away? I love the idea but what does this accomplish? Not bashing, more curious
swyner said:
ummm, am I missing something or will this just allow connection via Bluetooth to a computer that sits at home and will never leave so your watch will never connect more than 50ft away? I love the idea but what does this accomplish? Not bashing, more curious
Click to expand...
Click to collapse
Well, Debugging for one. Second, I only own an iPhone, but I love the LG G Watch R, and there is no way in hell I'm buying an Android phone. So I use the VM to activate it and load watch faces, and now I have a cool watch on my wrist with various faces.
The Idea that I HAVE to use it with my phone is ridiculous. I can use it however I want to! Like the iPod Nano 6th gen I still own with a Lunatik watch strap, it's the cool factor for me right now, until I can use android wear with my iPhone
Hi, I am able to install, and run Android 4.4 on parallels on my mac. However, once I enable bluetooth for the android OS it does not find my watch, let alone any of the other bluetooth devices in my apartment. Do you know if there is any way to force the OS to find a device? Or perhaps it really isn't connecting with my computer's bluetooth device at all?
I purchased an LG G Watch R and I started it up by pairing with an android in the store, and I was able to pair the watch to the macbook itself, but not through the android OS running on parallels. Am I missing anything here?
Thank you!
how you install apk to watch?)
Pairing problems
smartwatchLG said:
Hi, I am able to install, and run Android 4.4 on parallels on my mac. However, once I enable bluetooth for the android OS it does not find my watch, let alone any of the other bluetooth devices in my apartment. Do you know if there is any way to force the OS to find a device? Or perhaps it really isn't connecting with my computer's bluetooth device at all?
I purchased an LG G Watch R and I started it up by pairing with an android in the store, and I was able to pair the watch to the macbook itself, but not through the android OS running on parallels. Am I missing anything here?
Thank you!
Click to expand...
Click to collapse
Hi there,
I'm started reading this forum and this thread cause I also have no android device. I've the same problems connecting a moto 360 to the Android VM on parallels.
My Mac is paired with the watch but the VM not.
Did anyone has a hint how to share the Mac Bluetooth with the Android VM so the smart watch is in the Android VM?
@smartwatchLG Could you connect your watch now?
same problem as others. I get everything installed and moto paired with macbook, but it wont connect to vm. I know bluetooth is working on vm because it detetects my iphone but not my watch for some reason.
Ok, something I found out is that if you are like me and previously synced your watch with another device then you must reset the watch for this to work.
@matrixfatalerror
Thanks a lot mate, got the Moto 360 up and running.
Only 1 Question left. Did you manage to get the "Moto Connect App" working? Every time I open it and try to change the Watch Face Settings it keeps crashing. Would love to use personalized custom Watch Faces.
Best
faymus said:
same problem as others. I get everything installed and moto paired with macbook, but it wont connect to vm. I know bluetooth is working on vm because it detetects my iphone but not my watch for some reason.
Click to expand...
Click to collapse
i have some question
my parallel can't show any bluetooth .. my lg g watch or iPhone
what setting i must change
thanks for this howto - work for me on a macbook air with yosemite. Only challenge was to get bluetooth connection established but took a while until I had it connected through the VM with passcode given in OSX.
Installation of shiitakeo android for ios worked as well as the motorola extras
Have you gone into settings and turned Bluetooth on inside your parallels android install.
Here is a video tutorial that I made based off of your instructions. Great job on figuring this out BTW.
https://www.youtube.com/watch?v=0VzWq4BiOEE
Hope you like.
Having problems embedding the video.. Anyone know why? I'm using the [ youtube ] tags.
dabears said:
@matrixfatalerror
Thanks a lot mate, got the Moto 360 up and running.
Only 1 Question left. Did you manage to get the "Moto Connect App" working? Every time I open it and try to change the Watch Face Settings it keeps crashing. Would love to use personalized custom Watch Faces.
Best
Click to expand...
Click to collapse
I'm having the same problem Anyone know of a fix?
Could I use this update my Moto360 software??
Thanks
Root s6
Hello.
For a few years now I've been wondering whether there is some app or guide for that would allow to use your Android phone only as a client for accessing a virtual Android device running on a Windows/Linux PC. I have a decent PC with a few spare GB of RAM, a good internet access, and a crappy Android phone, so I thought this would be a great thing if some solution that works properly existed.
I know you could for example "just" start an Android emulator with Android Studio on a separate account on Windows, make it fullscreen or near fullscreen, and use something like Microsoft Remote Desktop or TeamViewer to access it, but then the emulator wouldn't have access to the real device's sensors. Is there something that would also let the emulator access my device's camera, proximity sensor, GPS, NFC, connect to bluetooth devices via my device, etc.? Or at least some of these.
Also it'd be important for everything on the "real", client, device to feel as native as possible. For example when I swipe from the top it'd be nice to get the notification bar from the virtual device, not the real device. But I'd be happy to try to find some solutions for issues like these myself if no one tested anything.
I'll be grateful for any ideas or links.
Have a nice day
Picked up a Moto G8 Power off Ebay and I havent touched an Android since I flashed a HTC Desire with Cyanogen Mod years ago.
Product/Variant: sofair XT2041-3 64GB PVT
?BootLoader? BL:MBM-3.0-sofiar-reteu-0f8934adaf8-210928
BaseBand: M6125_43.45.03.48R Sofia_rowdsds_cust
Recovery mode shows: RPES31.Q4U-47-35-9/54bc43
oem_locked
Spent all of today going around in circles.
Google Locked = it wants a pin to verify. Ebay ad stated it was google locked house clearance and not stolen. Nothing shows up in CheckAmend.com
On an offline PC
Android Studio installed - strangely ADB nowhere to be found.
ADB installed separately.
Got Magisk apk
Got from lolinet mirrors
XT2041-3_SOFIAR_RETEU_11_RPES31.Q4U-47-35-9_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml
blankflash_sofiar_RPE31.Q4U-47-35
From Motorola
Motorola_Mobile_Drivers_64bit
Rescue_and_Smart_Assistant_v6.3.2.12_setup - This will not install and I find this error in the Windows eventlog
MDM Declared Configuration: Function (checkNewInstanceData) operation (Read isNewInstanceData) failed with (The parameter is incorrect.)
Motorola support cant help until monday, but it might be a ASLR or some other MS security thing.
TWRP is missing the Motorola G8 on their website, G7 and G9 and others exist, so this is not an option.
Followed some of those youtube videos showing how to bypass the FRP, which appear to use a variety of tricks to either disable the Google Play Service or use an app to launch another app, a bit like getting the 2nd dial tone by calling a business freephone number, and hacking their phone system to get an onward outbound dial tone in the 80's.. Showing my age!
Before I put the device online using wifi and no sim for mobile data, I could get access to the Androids settings, where I could list apps, set permissions and other things so I'd tried to disable the play store, but these tricks wouldnt work. Put it online and it appears Android has been updated so those previous tricks for getting all the apps listed and makiing changes to their permission etc is no longer there. One of them was using the emergency phone, getting to the contact detail and then choosing a pic to gain access to other apps and that also stopped working and has disappeared which is why I say I think its been updated in all but version number!
I can access a fat32 sd card in recovery mode, but the apk files I put on it dont show, just the folders Android created on blank Fat32 partitions.
USB and ADB dont detect this device so I cant use the Wireshark USB to watch what is going over the USB connection.
AFAIK Android DeveloperMode/Debugging Mode is disabled.
I havent touched an android since the HTC Desires appeared and then I ported it Cyanogen Mod, but I subsequently learnt the UK Police had access to my phone even back then!
Not taking it apart to get access to the JTAG (just yet), I bought a few broke Pixel4A to see what I could learn about them when they arrive as well.
I see in fastboot, the mention of a "console [NULL]:null" is this the fastboot.exe alongside adb.exe in android tools, or something else?
So is there any other way or suggestion to get root for this device?
I fancied looking at LineageOS, or maybe some other OS like an unofficial port of GrapheneOS. I've found the device tree info put up by someone on here which would suggest its possible to port from Android 10Q to an Android11 distro/os, but my first hurdle is my stumbling block, I cant get the USB to work and have not found any other way to get beyond this stage to poke around with the OS and phone.
So any pointers, suggestions, advice, will be much appreciated!
TIA
Edit. It looks like Android/Google/Motorola have done a good job at locking down this OS and phone.
Edit2
Saw this thread here about making sure the Motorola drivers are installed properly.
[HELP] I seem to have bricked my Moto G Power and not it's stuck on bootloader.
This is what it looks like, and if I try to boot into recovery or system it just says "no operating OS found." Windows won't recognize it when trying to connect via USB. Any way to fix this? Help would be greatly appreciated.
forum.xda-developers.com
On Win10x64 I've been into c:\windows\system32\DriverStore\FileRepository, sorted the subfolders by todays date/time and can see a number of subfolders like
motoandroid.inf_amd64_dd80f24dcfb3dc931
motoandroid2.inf_...
motodrv.inf_....
motousbnet.inf....
and when inspecting one of the .inf files in notepad I can see there appears to be a service linked to the driver, but when I check the services, there isnt any services installed.
So I'm starting to think maybe Motorola's installation software doesnt work on windows with the default windows security settings, like exploit protection running.
More investigations...
Edit4
In the Control Panel (yes its still there in Win10), Device Manager, Other Devices are a couple of entries which the latest attempt to install the Motorola USB x64 msi installer created.
These are:
Mot Composite ADB Interface
Motorola ADB Interface
In c:\Windows\system32\drivers are a couple of 0KB wdf files (Windows Driver Foundation) files:
Msft_Kernel_WinUSB_01009.Wdf
MSft_Kernel_motoandroid_01009.wdf
Msft_User_WpdFs_01_11_00.wdf
So when looking at the c:\windows\system32\DriverStore\FileRepository I think the driver that needs to be installed can be found in the subfolder:
motoandroid.inf_amd64_dd80f24dcfb3dc931
However opening the motoandroid.inf file inside I can see lines like
DriverVer=03/25/2013, 1.3.0.0
As this folder was created about 30mins+ earlier, am I correct to believe the actual motorola driver was created back in 25th March 2013 and is version 1.3?
I know its possible to edit inf files to make drivers W2k and XP drivers work on later versions of windows, but the motorola website has the version number 6.4 but is this 6.4 the version number of the installation program?
Anyway scrolling further down the motoandroid.inf I can see towards the bottom instructions to install a service
"Mot ADB Interface Installation Driver" and it needs to find the actual driver in %root%\System32\Drivers\motoandroid.sys
Various paramaters, like a transfer size 4096bytes, a debug level of 2 and plenty of guids which will be found in the registry.
Anyway uninstalling the software as now removed these subfolders from the DriverStore\FileRepository, so a reboot and another attempt to see where its failing.
I just hope it doesnt need an internet connection, as this offline pc is a dev machine.
Onwards and upwards....
Edit 5
So the Windows 10 setting which prevents the Lenevo Rescue and Smart assist from installing is the Windows App and Browser Control > Exploit Protection > Force randomisation for images (Mandatory ASLR) when its on.
You can have every other windows setting on, like ransomware protection, normal ASLR, DEP etc etc and LMSA installs fine, right now its downloading an image to flash from FastBoot, but its not got the Developer mode/USB debug enable in android to make this possible.
Now lets see if I can get the Motorola USB drivers to work with ADB...
Got to say these forums are excellent cheap intelligence gathering tools for manufacturers and software companies to harden their products.
So tried lots and lots of these types of YouTube videos which are exploiting an SE Linux "vulnerabilities/design flaw" by getting access to enough of the system in order to disable/force stop certain apps in order to get past FRP block.
Some of these are less than a month old with less than 100 views, but I also suspect some of them of doing a bit of camera editing. I guess its a way of bunking up the number of views for a youtube account, before it gets rebranded, if thats even possible!?!
Now I managed to get the Lenovo Rescue and Smart Assist program to work, once I realised it will not install when Windows Exploit protection/Mandatory ASLR is enabled (which is a give away as to what the installer is doing on my system as well), and the give away information which suggests it might be worth downloading wireshark and installing the USB "packet" sniffer is the fact that when LMSA is running and you plug your usb cable into the Motorola phone, the phone displays the battery power as a xx% inside a swirling circle of sorts.
So there is some sort of USB communication taking place?
The other thing that gives it away is when you type in your IMEI number into the LMSA Rescue section, its detecting the version of firmware and wants to download the latest version.
LMSA did this to me last night as it downloaded
SOFIAR_RETEU_RPES31.Q4U_47_35_12_subsidy_DEFAULT__regulatory_DEFAULT_CFC.XML.zip
which I guess I can search for on this computer, or at least search for files on my windows hard drive created within a certain date/time frame, as the filename might be scrambled/obfuscated in some temp folder.
So is it just Firmware level communication, or is there some sort of Android communication taking place as well?
If its just firmware, then what could be elucidated/deduced from attacking the firmware? Perhaps its time to get the Wireshark USB sniffer out after all.
As I can also put an SD card into the phone (the start of a potential side channel attack) and the phone will load the SD card, I could explore different routes like some "malware" embedded using a picture to attach to the Emergency Contact details, maybe some PHP embedded in the pictures EXIF data or something that could trigger some other secondary app/process in Android into action.
It might pay for me to lookup the Google Android source if its open source, and look at the Android project source which is open source for any vulnerabilities. Anything mentioned in Github could give away clues
Configure on-device developer options | Android Studio | Android Developers
Learn how to configure system behaviors that help you profile and debug your app performance.
developer.android.com
So are there any issues listed here which doesn't just affect Android 13, but maybe earlier versions as well?
Google Issue Tracker
issuetracker.google.com
So lots of less obvious or not publicly mentioned intelligent sources of potential attack vectors in plain sight.
Seeing if I can alter the cpu clock speed and quantum could also help to introduce some instability, Linux has a wider range of cpu schedulers than windows, but this route tends to hang systems and I have to get enough access to this phone in order to change the route.
The recovery msg logs seen when selecting different bootloader options give away info, I think this is DMesg output of sorts. I'm not a linux programmer, just a boring old windows programmer.
I could explore what else could be loaded from the SD card, using the Bootloader menu options. I was surprised the APK packages dont appear in SD card in the "Recovery Mode > Apply updates from SD card" option. Maybe its not expecting a APK file extension? Mybe its expecting a different file of sorts like a .bin file or .img file. Is this where BlankFlash comes into play?
I have to admit, buying a second hand phone like this with FRB enabled off Ebay from a guy purporting to be in Salisbury home of Noivchok, is also a great way of spreading the latest and greatest malware to unsuspecting hackers and also to phish those who could potentially get around the FRB restriction with the minimum of effort. The UK civil service have their own internal postal system so has something been posted internally down the M5 motorway from Cheltenham, for some intelligence gathering or a cheap way of outsourcing some device cracking?
Oh well the silence is deafening.
So Motorola Support Centre have been in touch and stated:
I am really sorry to say that the kill switch feature, which is known as "Google Lock" is not bypassable by anyone other than the repair center.
So they are stating the Android Factory Reset Protection (FRP) can be bypassed which is another way of saying it can be undone, so the next challenge is finding out where on the device this flag or flags resides.
Is it something like the RaspberryPi One Time Programmable (OTP) switch's that may not be One Time Programmable but like the dip switches seen on the motherboards of early 8086/286/386/etc personal computers, or something else like a file on the main storage device with the rest of android.
I think the first thing to do is get Wireshark and the USB sniffer to see what information is being sent over the USB cable.
And as its possible to get the device online via wifi, it's probably a good idea to see what information is being sent over wifi, so using wireshark on a raspberrypi masquerading as an access point might be useful as well.
So the first thing to do is have a look at the Android documents
Android
Android has 74 repositories available. Follow their code on GitHub.
github.com
https://developer.android.com/reference/android/app/admin/FactoryResetProtectionPolicy
The factory reset protection policy determines which accounts can unlock a device that has gone through untrusted factory reset.
So it looks like Android are also stating the Factory Reset Protection can be undone. It seems a that a single user setup and a corporate setup exist, where a corporate account could be used to remotely wipe a device and then reenable the device, I guess if the user hands it back to the company.
https://developer.android.com/about/versions/marshmallow/android-6.0-changes API 23
EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS is removed so NFC bump provisioning cannot programmatically unlock a factory reset protected device.
You can now use the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra to pass data to the device owner app during NFC provisioning of the managed device.
Interestingly, NFC can be used to unlock FRP in earlier versions of Android. and its possible to use NFC to potentially configure and more other devices using NFC. As NFC is just a low power and thus low range frequency in the RFID range of frequencies alot of other things could be possible. NFC to me is just like any other form of communication method, beit a usb cable, telephone wire, wifi, ultrasonic sounds, or Infrared.
Radio-frequency identification - Wikipedia
en.wikipedia.org
NFCIP-1 and NFCIP-2
Near-field communication - Wikipedia
en.wikipedia.org
As NFC can communicate a request and response, and Android is using NFC to configure devices, using NFC may be a novel attack vector for peoples android devices, without them knowing about it unless they capture on a personal webcam everyone and every NFC device they come in to close contact with. Maybe using payment terminals could become a new attack vector at your favorite local retail outlet?
Well if Covid doesnt make people socially distanced, then maybe an NFC attack vector might if it works beyond the claimed 4cm operating range! Unfortunately this phone does not come with NFC, but others do.
I've got to find the source code....
Android (operating system) - Wikipedia
en.wikipedia.org
Most versions of Android are proprietary. The core components are taken from the Android Open Source Project (AOSP), which is free and open-source software (FOSS) primarily licensed under the Apache License.
Search results for "factory reset protection" | Android Open Source Project
source.android.com
The default implementation of Test Harness Mode uses the same storage mechanism as Factory Reset Protection to store the ADB keys temporarily in a persistent partition.
So it looks like I need to gain access to this "persistent partition" and try to find this ADB for starters.
Seems a bit sneeky of Google and Android here. https://source.android.com/docs/security/bulletin/2016-02-01
At the bottom of the Android webpage is a link to Factory Images of the Google Nexus and Pixel phones which jumps you to Google web page. No indication what so ever I'm leaving Android and going to Google!
Flashing devices | Android Open Source Project
source.android.com
To enable OEM unlocking on the device:
In Settings, tap About phone, then tap Build number seven times.
When you see the message You are now a developer!, tap the back button.
In Settings, tap System, then tap Developer options and enable OEM unlocking and USB debugging. (If OEM unlocking is disabled, connect to the internet so the device can check in at least once. If it remains disabled, your device might be SIM locked by your carrier and the bootloader can't be unlocked.)
Reboot into the bootloader and use fastboot to unlock it.
For newer devices (2015 and higher):
fastboot flashing unlock
For older devices (2014 and lower):
fastboot oem unlock
Tip: if you're seeing `adb devices` output before reboot but fastboot or the flash script are misbehaving, it might be issues with your USB cable. Try a different port and/or switching connectors. If you are using a USB C port on your computer try a USB A port instead.
Confirm the unlock onscreen.
Well the instructions I've seen only talk about the gaining access to settings and the doing 7 taps on the Build Number. Lets see if the rest of the instructions work.
Onwards and upwards....
Well sent the phone back the Ebay seller claiming to be a house clearance business wouldnt provide any paperwork to back up his claims of how he came to be in possession of the phone. So as I planned to do some computer forensics on it, like retrieve the files wiped by a Factory Reset, and the perverse interpretation of the law in this UK, I wasnt prepared to go any further with the phone. So its been sent back. The banks have already shown how untouchable they are, other big businesses are also in the same position and finding illegal stuff on a phone is not a risk I'm not prepared to take without paperwork.