Warning: include(../config/config.php): failed to open stream: No such file or directory in /web/htdocs/www.nothink.org/home/misc/android.php on line 3 Warning: include(../config/config.php): failed to open stream: No such file or directory in /web/htdocs/www.nothink.org/home/misc/android.php on line 3 Warning: include(): Failed opening '../config/config.php' for inclusion (include_path='.:/php5.3/lib/php/') in /web/htdocs/www.nothink.org/home/misc/android.php on line 3 NoThink!

Some casual notes on my 'old' Android phone

WARNING! You are responsible for your phone!

Samsung GT-i9001 Galaxy S Plus

Samsung: link Wikipedia: link XDA-developers: link

Hardware

Manufacturer: Samsung Release Date: April, 2011 Operating System: Android Dimensions: 122.4 x 64.2 x 9.9 millimetres Weight: 119 grams (battery included) Networks: GSM850, GSM900, GSM1800, GSM1900, UMTS850, UMTS1900 / CSD, GPRS, EDGE, UMTS, HSDPA, HSUPA Display: Super AMOLED, 4.0" (10.2cm), 480 x 800, 16 million colors Chipset: Qualcomm MSM8255T Snapdragon S2 with 1.4 GHz Scorpion CPU and Adreno 205 GPU Wifi: Wi-Fi 802.11 b/g/n, DLNA, Wi-Fi hotspot Bluetooth: Bluetooth 3.0 with A2DP GPS: Yes, with A-GPS Camera: 5.0 MP (2592 x 1944 pixel), no LED flash, 720p video capture @30fps Secondary Camera: yes, 0.3 MP VGA Internal Memory: 8 GB internal SD-Card Memory Card: microSD, microSDHC, TransFlash, SDIO Battery: 1650 mAh Additional Features: FM radio (87.5-108MHz) with RDS, TV-Out

Links

Android SDK http://developer.android.com/tools/help/adb.html ADB http://developer.android.com/tools/help/adb.html Android security list http://code.google.com/p/android-security-list/wiki/AndroidSecurityList APK pentest http://adbtoolkit.com/apps/apk/pentest/ Debian Kit for Android http://sven-ola.dyndns.org/repo/debian-kit-en.html Debian In Android http://wiki.debian.org/HowtoDebianInAndroid Python and Android http://sajjad.in/content/python_on_android_pycon2011.pdf Samsung firmware http://www.samfirmware.com/

Applications and utilities

Androguard http://code.google.com/p/androguard/ Android-apktool http://code.google.com/p/android-apktool/ Android-scripting http://code.google.com/p/android-scripting/ Androrat https://github.com/RobinDavid/androrat Anubis http://anubis.iseclab.org Apkinspector http://code.google.com/p/apkinspector/ Are https://redmine.honeynet.org/projects/are/wiki Dex2jar http://code.google.com/p/dex2jar/ Droidbox http://code.google.com/p/droidbox/ DroidSheep http://droidsheep.de/ dSploit http://dsploit.net/ FaceNiff http://faceniff.ponury.net/ Linuxonandroid http://linuxonandroid.org/ Mercury http://labs.mwrinfosecurity.com/ Mobile Sandbox http://mobilesandbox.org/ MobWorm http://www1.informatik.uni-erlangen.de/ OWASP Mobile https://www.owasp.org/index.php/OWASP_Mobile_Security_Project Phonegap http://phonegap.com/ Proxydroid http://code.google.com/p/proxydroid/ TaintDroid http://appanalysis.org/ Whispersys tools http://www.whispersys.com

ADB

Enable USB debugging: settings/applications/development/debug USB -> attach USB cable cd "c:\Program Files\Android\android-sdk\platform-tools" or "android-sdk-linux/tools" adb devices adb -s 0123456789ABCDEF shell Copying Files to or from an Emulator/Device Instance: adb pull adb push adb push foo.txt /sdcard/foo.txt Installing and uninstall an Application: adb install file.apk adb uninstall package.name.apk Enabling logcat Logging: adb logcat adb logcat > log.txt Forwarding Ports: adb forward tcp:6100 tcp:7100 adb forward tcp:6100 local:logd Shell Commands: adb shell ls /system/bin Debug / Version info using adb: adb bugreport | more adb bugreport | find "build.version.release" or adb bugreport | grep "build.version.release App list: pm list packages -f or cat /data/system/packages.list cat /data/system/packages.xml Backup and restore: adb backup -apk -shared -all -f /backup/mybackup.ab adb restore C:\backup\mybackup.ab

Galaxy Essentials Codes

Thanks to http://android-dls.com/wiki/index.php?title=Galaxy_Essentials#Codes *#*#4636#*#* -> Battery information *2767*3855# -> Reset Factory format: Remove SIM and microSD cards (This deletes all files, including those on the 7GB internal storage, and reinstalls the firmware. This will not affect the camera firmware.) *#*#7780#*#* -> Factory data reset (same as Settings -> SD card & phone storage -> Factory data reset) *#*#INFO#*#* -> Info and phone settings *#*#34971539#*#* -> Camera Firmware *#*#123580#*#* -> TSP Firmware *#*#0283#*#* -> Packet Loopback *#*#0*#*#* -> "LCD TEST": red/green/blue screen, melody, vibration, dimming, megacam, sensor, touch, sleepmode *#*#0673#*#* or *#*#0289#*#* -> Melody test *#*#0842#*#* -> Vibration + BackLight test. *#*#2663#*#* -> Shows touch screen version. *#*#2664#*#* -> Touch screen test (different from test in LCD Test). *#*#0588#*#* -> Proximity sensor test. *#*#3264#*#* -> Show RAM version. *#*#232339#*#* or *#*#526#*#* or *#*#528#*#* -> WLAN test *#*#232338#*#* -> WLAN test #*#1472365#*#* -> GPS test application. *#*#1575#*#* -> another GPS test application. Can show SV info and Position info once you get a GPS fix. *#*#232331#*#* -> BlueTooth RF test mode (doesn't seem to do anything) *#*#232337#*#* -> show Bluetooth Device Address *#*#197328640#*#* -> Service Mode Applications *#*#0011#*#* -> show GSM info *#*#0228#*#* -> show Antenna and ADC test. Press Menu then choose "Back" for more options: Basic, MM, RR, GPRS, SIM Information, GSM Neighbour Cell, Handover, Phone control *#*#32489#*#* -> Cipher ? *#*#2580#*#* -> Integrity ? *#*#0782#*#* -> RTCTimeRead *#*#9090#*#* -> UART Diag *#*#7284#*#* -> UART Diag *#*#4238378#*#* -> setting *#*#2263#*#* -> Set GSM/UMTS band *#*#2264#*#* -> WCDMA Settings *#*#6984125*#*#* -> auto answer *#*#2886#*#* -> auto answer *#*#2767*2878#*#* -> NV reset & rebuild (must reboot the phone) *#*#147852#*#* or *#*#369852#*#* or *#*#1478963#*#* -> TestApnSettings *#*#02280#*#* -> Battery Read *#*#03#*#* -> show Nand Flash Unique Number *#*#0589#*#* -> show light sensor information *#*#745#*#* -> Ril Log. You can view this log, or save to internal sdcard. *#*#9900#*#* -> SysDump. You can run dumpstate/logcat, Copy kernel.log to external SD, Enable/Disable *#*#7594#*#* -> ShutDown.App *#*#4986*2650468#*#* -> Versions: PDA, Phone, H/W, RFCallDate, and (in newer firmware, e.g. I7500XXIH8) CSC *#*#1234#*#* -> Versions: PDA and Phone only *#*#1111#*#* -> FTA SW Version *#*#2222#*#* -> FTA HW Version *#*#44336#*#* -> Hidden Version: PDA and Phone *#*#8255#*#* -> GTalk Service Monitor *#*#273283*255*663282*#*#* -> File Copy Key combinations: Most recent applications : Hold the Home key (located between Back and End Call/Power). Power off / shutdown phone : Hold End Call / Power, then choose Power off. Once the phone is powered off, you get access to fastboot, recovery mode etc. Fastboot : With the phone powered off, press and hold the Call and End Call/Power keys Download mode : With the phone powered off, press and hold Volume down, OK and End Call/Power [2]. This is used to install new firmware, e.g. when using Odin. Recovery mode : With the phone powered off, press and hold Volume down, Call and End Call/Power Factory reset : In recovery mode, when the alert triangle appears, press the Menu key Recovery menu : In recovery mode, press Home and End Call/Power. Exit recovery mode : Press Home + Back. Download mode: La Download Mode serve per flashare nuove ROM o Custom ROM (Vedi guida Come Flashare con ODIN ) Per entrare in download mode, spegnete il telefono, attendete la vibrazione e poi tenete premuto il tasto VOLUME GIU + TASTO HOME + POWER fino al comparire della scritta "Samsung". Se fatto correttamente entro 1-2 secondi dovreste vedere una schermata con un Android Verde con la scritta "Downloading.. Do not turn off target!". Premendo il tasto Power per almeno 8 secondi il vostro telefono poi si riavvieràSe non riuscite neanche ad entrare in Download mode puòsere che il vostro telefono sia Soft-Bricked Recovery mode: Per entrare in Recovery Mode bisogna , da cellulare spento, tenere premuto il tasto VOLUME SU + POWER fino alla scritta "Samsung". Se fatto correttamente il telefono vedrete apparire prima la scritta "SAMSUNG" e poi "Galaxy S Plus" per poi alla fine visualizzare una schermata con "un Android fuori dalla scatola" come in figura. Ora premete Menu per entrare nella recovery mode. Se non ci siete riusciti potete sempre ripetere la procedura anche provando a collegare il cell al cavo USB e poi spegnendolo. Non e' sempre facile al primo tentativo.

How to Change Android Phone Version

Go to /system/build.prop and open it in an editor. Now look for the following lines: ro.product.model=PHONE-MODEL ro.build.version.release=2.1 Save, and restart the phone.

Info

/system/app/ : base applications /data/app/ : user applications /data/data/ : config files and application databases /dbdata/database/ : sms, mms, contact and phones databases Accounts : /data/system/accounts.db Apk : /data/app MMS/SMS : /data/data/com.android.providers.telephony/databases/mmssms.db WiFi : /data/misc/wifi/wpa_supplicant.conf

Droid VNC Server

Thanks to http://opensourceexcedio.wordpress.com/2010/10/28/droid-vnc-server/ home = home right-click = home, also pg up = menu pg down = call pg down long press = redial most recent esc = back del = back, also end = phone sleep type = from the home screen random typing will initiate google search VNC through USB: adb forward tcp:5901 tcp:5901 adb forward tcp:5801 tcp:5801 Using your preferred VNC Viewer, connect to: localhost:5901

Android forensic

http://steve.deftlinux.net/download/android_forensic.pdf http://www.academia.edu/1632597/Android_Forensic_Capability_and_Evaluation_of_Extraction_Tools http://blog.opensecurityresearch.com/2012/04/acquiring-volatile-memory-from-android.html?m=1 http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Riley%20Hassell%20-%20Exploiting%20Androids%20for%20Fun%20and%20Profit.pdf http://www.ssddfj.org/papers/SSDDFJ_V4_1_Lessard_Kessler.pdf http://tthtlc.wordpress.com/ http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/

Mobile Security For Android

Thanks to http://www.whispersys.com/index.html WhisperCore : Device and data security for Android WhisperMonitor : Network security for Android Flashback : Encrypted backups for Android RedPhone : Encrypted voice for Android TextSecure : Encrypted texts for Android

How to recover deleted SMS on Android

Thanks to http://android.stackexchange.com/questions/25948/recover-deleted-content-from-userdata-partition 0. Not plug in USB cable yet 1. Reboot into ClockWorkmod Recovery 2. Go into Mounts and Storage 3. Select mount /data 4. Plug in the USB 5. From the windows command shell or terminal, adb shell 6. Since you are in ClockworkMod Recovery, you are root by default, now do this cp /data/data/com.android.providers.telephony/databases/mmssms.db /sdcard/MySmsDatabase.db 7. exit out of the adb shell by typing in this: exit 8. Now your database is copied to the SD-Card 9. Back out of ClockworkMod recovery and just reboot, the recovery will unmount /data for you. 10. At this stage your database is now copied across. And can be safely extracted via using something like SqliteMan or adb -s 0123456789ABCDEF shell su - cp /data/data/com.android.providers.telephony/databases/mmssms.db /sdcard/MySmsDatabase.db adb push MySmsDatabase.db /sdcard/MySmsDatabase.db and open MySmsDatabase.db in raw mode using a good editor ;)

From APK to JAR to JAVA Code

mkdir analysis mv app.apk analysis/app.zip unzip app.zip sh dex2jar.sh analysis/*.dex (http://code.google.com/p/dex2jar/) ./jd-gui NAME.jar (http://java.decompiler.free.fr/?q=jdgui)

Old malware analysis

http://contagiodump.blogspot.com/2010/08/trojan-sms-for-android-courtesy-of.html http://securitybananas.com/?p=574 http://www.inreverse.net/?p=1272 http://computer-forensics.sans.org/blog/2011/06/09/android-mobile-malware-analysis-article http://vrt-blog.snort.org/2011/11/android-malware-analysis-how-to.html http://vrt-blog.snort.org/2010/08/malware-on-android-big-deal.html http://extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html http://blog.mylookout.com/droiddream/ http://globalthreatcenter.com/wp-content/uploads/2010/06/Android-Market-Threat-Analysis-6-22-10-v1.pdf

Easy ROOT/UNROOT from Recovery Mode on Samsung Galaxy S Plus i9001

Thanks to http://forum.xda-developers.com/showthread.php?t=1253707 [ WARNING! You are responsible for your Phone! ] To ROOT 1) Put Root-i9001-Signed.zip into internal sdcard 2) Reboot into Recovery mode* 3) Use Volume buttons to choose apply update from sdcard in Recovery Menu. 4) Press Home button to submit. 5) Use Volume buttons to choose Root-i9001-Signed.zip on sdcard 6) Press Home button to start update. 7) 2 seconds and Root is installed. 8) Choose reboot system now and press Home button to reboot your phone. To UNROOT 1) Put UnRoot-i9001-Signed.zip into internal sdcard 2) Reboot into Recovery mode 3) Use Volume buttons to choose apply update from sdcard in Recovery Menu. 4) Press Home button to submit. 5) Use Volume buttons to choose UnRoot-i9001-Signed.zip on sdcard 6) Press Home button to start update. 7) 1 second and Root is gone. 8) Choose reboot system now and press Home button to reboot your phone.

Useful applications list

Adobe Reader Adobe Systems Analizzatore Wifi farproc Android Assistant(18 funzioni) Aaron. Android Terminal Emulator Jack Palevich AntiVirus FREE AVG Mobile technologies Antivirus Gratis Creative Apps App 2 SD (app manager) Sam Lu avast! Mobile Security AVAST Software BusyBox Stephen (Stericson) Complete Linux Installer ZPwebsites ConnectBot Kenny Root and Jeffrey Sharkey droid VNC server Joséereira GPS Status & Toolbox MobiWIA - EclipSim History Eraser(italiano) INFOLIFE LLC JuiceDefender - battery saver Latedroid Mac Address Ghost diewland Office Talk Free Midnight Deadline Photaf Panorama (Free) Oren Bengigi Quick Cache Cleaner QuiHand Studio Root Browser Lite JRummy Apps Inc. Shark for Root Elviss Ku.tans Smart App Protector(App Lock) sputnik SSHDroid Berserker Superuser ChainsDD Twitter Twitter, Inc. VNC per Android androidVNC team + antlersoft WiFi Key Recovery (needs root) Alexandros Schillings

Fix GPS

Thanks to http://forum.xda-developers.com/showthread.php?t=906576 This fix is only for European users and need to have root privilege. You have to edit the file gps.conf located at /system/etc. I have used root explorer to edit the file. You have to change the server like this: NTP_SERVER=europe.pool.ntp.org instead of NTP_SERVER=north-america.pool.ntp.org You can create a new gps.conf in /sdcard in move in /system/etc with "Root Browser Lite".

Android screenshot

Hold the "Back" key Press the "Home" key (/mnt/sdcard/ScreenCapture)