How I turned my phone into a hacking machine

There are probably hundreds (if not thousands) of tutorials on this, but since I wanted a portable, non rooted, disposable hacking device which has the ability to take calls (a.k.a a cellphone/smartphone), I decided to mod an android based device. I have done this earlier (probably 5 years back) by installing arch on my android phone on a separate partition and booting it. This can be done today as well but since I do not want to root my cellphone, and do not want to use proot/LibSDL, I decided to see what can be done in a non rooted environment.

Intended audience for this piece - anyone having a bit hands experience on linux. Consider this as my personal cliffnotes in case I have to do it again. Let me even include an age old Disclaimer (taken from XDA aeons ago):
I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed. Please do some research before running commands. YOU are choosing to make these modifications, and if you point your finger at me for messing up your device, I will laugh at you.
My iPhone recently went kaput during a fated trip to Jubail, KSA, and I zeroed on an inexpensive, capable device (Motorola G4 Play for around ~120 USD) for which I won't feel bad in case it gets lost or breaks into a million pieces.

Well, the device specs are average, the phone feels rugged and the battery can be taken out by simply removing the cover (which is EXTREMELY important for me). It comes with Android 6.0 and probably will never get updated to Android 7.0 (owing to Lenovo's shitty firmware update cadence), but once I disabled a lot of applications, the phone feels quick and is a joy to use.

First things first -
Disabled : Chrome, Cloud Print, Device Help, Drive, File Manager, FM Radio, Google Japanese/Korean/Pinyin/Zhuyin Input, Google Play Movies, Google Play Music, Google Hangouts, Messenger, Photos, other motorola bloatware.

Doublecheck device administrators. I would have removed a lot more software but then, I will also be using this phone for making calls and for light personal use as well.

Installed : Firefox (with Ublock), ESFile Explorer, Termux, Hacker's Keyboard, Textra (for SMS), Quickpic, OpenVPN, SMS Backup+, FastHub (or Github), Fing (quick GUI based network discovery), Flud (Torrents), Google Authenticator, AndFTP, drozer agent, Packet Capture (Application specific packet capture), TOR and Phonograph (lightweight music application).

Once the device's innards are replaced with a bit more capable/lightweight software, I launched Termux which is probably the most important terminal emulator written for android. From its website
"Termux is an Android terminal emulator and Linux environment app that works directly with no rooting or setup required. A minimal base system is installed automatically; Additional packages are available using the APT package manager. "
Onwards we go.
  • I started by updating Termux and its inherent environment - apt update && apt upgrade
  • Installed python2, python3, nmap, openssh, git, python-pip,htop through relevant apt commands.
  • Installed metasploit through (turns out this script has been stolen by a lot of folks, like this guy over here, and this one for youtube likes).
  • Installed scapy.
  • Generated OpenSSH keys, configured OpenSSH to run into server mode so that I can login into my cellphone if required. Make sure you check the username with whoami before generating keys. Putty aficionados may want to convert id_rsa keys using puttygen before loading it.

  • Configured OpenVPN application to connect to my remote server. Added TOR support.
  • Authenticated Fasthub Application with my Github account through a personal access token.
  • Tested everything.
  • Generated a list of packages for later use by running the following command "dpkg --get-selections | cut -f1 > bkup_pack.txt". 
  • Took tar backup of current Termux installation for later use, I admit it is a quick and dirty hack but it works. Yes, I tested it.
cd /data/data/com.termux/files
tar -cvzf /sdcard/Download/termux.tgz --owner=0 --group=0 home usr
For more adventurous souls, you can go ahead with a rootfs option - A simple tutorial for this would be here, however during my experiments, I found it to be buggy and some applications do not work properly. Since I value stability and security over everything, I promptly reverted back to my old fs.

Does everything works? Hell yeah.

Turn your phone into a hacking machine - Device statistics

Turn your phone into a hacking machine - Metasploit and python HTTP server

Turn your phone into a hacking machine - Running scapy

Turn your phone into a hacking machine - access github

To do : 
  1. Something about postgre stability, the sucker generally has connection issues.
  2. Improve documentation
  3. Harden device (CIS/STIG)

Download Kinect Virtual Dressing Room - Weekend project

It was getting hot at Doha, Qatar and I was thoroughly bored. And tired.

Out of blue a creative request came by one of my seniors that if I have ever worked on Unity 3D. Though I have some experience with game engines and modeling tools, i though it would be worth a try. As an absolute beginner, I tried my hands on Unity 3D and was able to compile Virtual Dressing Room for Kinect (code courtesy Anthony heckmann - Github). I updated some code and calls (for instance  gettrianglestrip and settrianglesstrip to gettriangles and settriangles) for compatibility with latest release of Unity. As of now, have not tested it with a real Kinect although the executable works fine. Thanks to this project, I also got my hands on

You can download the executable from here . As usual, expect no support if you experience bugs as :

  1. Its my weekend project
  2. I have not tested it with a real Kinect.
  3. I have too much on my plate right now.
Password is Prohack

An Introduction to SwiftNET - An overview you always wanted

An Introduction to SwiftNET - An overview you always wanted
Due to recent onslaught of attacks on SWIFT network, I thought why not to release a small introduction on the same. Here it is then gentlemen -An Introduction to SwiftNET you always wanted. I have tried to keep it as simple as possible whilst ensuring the information is complete and relevant. Hope you will find it userful.

As usual, comments, questions and critique are welcome.

Fortigate SSH Backdoor Password Calculator

Recently Fortinet confirmed there was a backdoor in their firewalls which impacted FortiGate OS Version 4.x -  5.0.7. An exploit was released in the wild but it took some efforts to work with (I am looking at you : paramiko/termios/msvcrt). So I ported the code to create a quick and dirty password calculator that will help in pwning Fortinet firewalls with vulnerable versions.

Tested it on test firewalls and it works like a charm : )