Past, Present and Future of Bettercap

Four months passed since my first blog post about bettercap, a lot of fixes have been released and a lot of new features have been implemented.
In this post I’d like to talk about some of these new features and describe them a little bit, this is basically a big changelog since the very first version, for a complete list of code changes you can read the releases github page.

Read More

Karma: How Open Source Changed My Life.

( or “How the anarchy of ideas can change things” )

This time I’ve decided to write a purely personal post, mainly because I’ve reached a stage in my life in which I believe I’ve understood a number of things that I’d like to share, in the hopes of helping someone facing similar circumstances to my own.

I don’t feel my knowledge of the English language would have allowed me to express myself accurately, so I wrote this in Italian, and had it translated from a friend of mine ( tnx! ).

Read More

Karma: Come l'Open Source Ha Cambiato La Mia Vita.

The English version of this post can be found here.

( o anche “Come l’anarchia delle idee può cambiare le cose” )

Questa volta voglio scrivere un post di carattere puramente personale, principalmente perchè sono arrivato ad un certo punto della mia vita
nel quale penso di aver capito alcune cose che mi fa piacere condividere e che magari possono aiutare tante persone nella mia stessa situazione.

In Italiano perchè, purtroppo, la mia conoscenza della lingua Inglese non è così approfondita da potermi esprimere al meglio.

Read More

How to Use Old GSM Protocols/encodings to Know if a User Is Online on the GSM Network AKA PingSMS 2.0

In the last few months I’ve been playing with Android’s low level GSM API, a few years ago the (in)famous sendRawPdu API was available, allowing a developer to manually encode a SMS message at a very low level before sending it to the GSM baseband itself and quite a few applications sending all kind of weird SMS ( flash sms, silent sms, etc ) were born ( for a brief overview of PDU encoding refer to this page ).

(Un)fortunately Google decided to remove that API, it’s still not sure if they did it for security related purposes or during some refactoring of their IPC IBinder mechanism, but nowadays it’s no more available unless you use some very old phones/firmwares ( on most devices they removed the ttyUSB serial interfaces to send AT commands to the GSM modem as well ).

Until a couple of months ago, when I found the SmsManager.sendDataMessage API which, apparently, it’s not used anywhere ( if you search for it you’ll find only a few examples, but nothing regarding how to use it with manually encoded PDUs ).
Using this API we’re able to manually encode our SMS, moreover we can specific a “port” as one of its arguments which will identify what kind of sms we’re gonna send, in this post I’ll talk about port 2948, namely the port used to send WAP PUSH notifications.

Read More

Introducing FIDO, a Minimalistic, IDE-Agnostic C/C++ Project Generator.

I don’t know you, but I always find myself performing the same kind of stuff over and over again dozens of times per month, such as:

  • Create project folder.
  • Create src and include folders.
  • Fill them with a basic main.c(pp)
  • Create the Makefile, fill tue rules.

What about remembering all the times how to set the SYSROOT variable when I’m using the Android NDK?
Or maybe create the CMakeLists.txt and try to remember each directive, which I don’t, so I find myself googling for the same kind of stuff over and over … and btw it’s funny since I happen to use CMake for years now.

So I decided that I had enough of this, when I want to test just a simple line of C/C++ code it takes me more time to create all the project folder tree than to write the code itself … and FIDO was born.

Read More

Using ARM Inline Assembly and Naked Functions to Fool Disassemblers

On this post I want to share a simple trick I learned a while ago, it’s nothing special but if you think about it, it’s quite nice :)

Sometimes we want to obfuscate/hide strings in our program to make reversing more difficult and the more common approach is to encrypt them somehow and put them inside binary buffers instead of plain ASCII strings.
One downside of this naive approach is of course, once decompiled, the access to these binary buffers will easily be noticed by a seasoned reverser, he would assume some sort of obfuscation/encryption/whatever and start reversing the algorithm to unobfuscate the strings in a matter of minutes.

One thing you can do to make his/her life harder ( but not impossible ) is embedding your encrypted data as code … how?

Read More

Dynamically Inject a Shared Library Into a Running Process on Android/ARM

If you’re familiar with Windows runtime code injection you probably know the great API CreateRemoteThread which lets us force an arbitrary running process to call LoadLibrary and load a DLL into its address space, this technique called DLL Injection is often used to perform user space API hooking, you can find a good post about it on Gianluca Braga’s blog.

Unfortunately there’s no CreateRemoteThread equivalent on Linux system, therefore we can only rely on ptrace and our brain :D
In this post I’ll explain how to perform DLL Injection on Linux systems and more specifically on Android/ARM.

Part 2 of this post on “Android Native API Hooking with Library Injection and ELF Introspection.”

Read More