Thursday, 14 August 2014

How To Crack The Android Gesture Pattern Lock

android gesture pattern cracked

In this tutorial I am going to demonstrate that how to crack the Gesture Pattern of ROOTED android devices.
This tutorial doesn't seem very effective in attacking some victim but it is good for those who want to try it on some android device after getting a metasploit meterpreter session.

How Gesture Pattern Lock Works??

Well first of all we need to understand that how gesture pattern works. Patterns are nothing but the path traced by the fingers on the nine circles with the number starting from 1 to 9 from top-left corner to the right bottom corner as shown in the figure below.

android gesture pattern

If we select a pattern 1478, the pattern would look like the following figure.

android gesture pattern keys
Gesture pattern is encrypted as a SHA-1 hash without a salt in gesture.key file at /data/system/gesture.key .

Tools Required:

1- ADB shell
2- ROOTED android device
3- Gesture Pattern SHA-1 dictionary and script to compare those hashes

1- First of all, enable usb debugging in your mobile's settings and connect your cell phone with your pc so that we may copy the gesture.key file for decryption purpose.

2- Download ADB shell from ADB official site and extract it on your drive. Open cmd, go to adb folder and execute the following command.

gesture key copied with adb shell

3- Now download the Gesture Pattern SHA-1 dictionary and python script from the above given links and extract those on your drive. Then execute the following command.


From the above image you can see the decrypted Gesture Pattern which is 14569.

NOTE:
This attack hardly takes 1-2 seconds as total number of possible patterns are only 9,85,825.

Monday, 4 August 2014

RTLO/RLO (right to left override) technique for file extension spoofing

RTLO/RLO (right to left override technique)

Salam everyone..!!
In this tutorial i will show you RTLO/RLO (right to left override) technique which is used for file extension spoofing.
This technique is used by many infamous malwares i.e GameOverZeus With this technique you can show your exe file as pdf, ppt, docx or whatever file extension you want to show to your victim.

Tools needed:

1- unicodeinput freeware utility
2- CFF explorer (to change icon of .NET exe file)

I am using winmd5 .NET file as a sample exe for demonstration purposes in this tutorial.

Brief intro: 

The RTLO/RLO character (U+202e in unicode) is designed to support languages that are written right to left, such as Arabic and Hebrew. The problem is that this override character also can be used to make a malicious file look innocuous. An increasing number of email based attacks are taking advantage of the RTLO/RLO character to trick users who have been trained to be wary of clicking on random .exe files.
For example consider the following file name
“winmd5exe.pdf”
It is encoded with RTLO/RLO unicode character. It looks like a pdf document but in fact it is an exe file in which we have placed a unicode character in its name right after winmd5 i.e winmd5[RTLO character]fdp.exe . After that RTLO unicode character file name will be read like this exe.pdf (from right to left character by character upto dot(.) symbol, means fdp will be inverted to pdf).
I hope you got my point. Similarly, you can use the following RTLO file name to run a batch file as pdf.
"winmd5[RTLO]fdp.bat" 

NOTE: Real content type of the file can be viewed from file properties.

Watch Video Tutorial: