Android 3x3 Pattern Lock Cracker

File name: AndroidPatternCrack.tar.gz
Size:   30,596 KB
Description: This tool is using to decrypt gesture.key into pattern lock key.
Distribution : freeware
Md5checksum: 669883014b10ce9d1e30232573b57acb
Download link: click here 

 
notes:

•  Using dictionary that avaiable to get here.
•  Running under unix/nux environment.
•  Usage = bash ./crack_pattern.sh [gesture file]
  ex.  bash ./crack_pattern.sh gesture.key 
• To get gesture.key u can obtain it by using two several way
•  Using ADB, ( adb shell && adb pull /data/system/gesture.key) *require to enabled adb debugger and rooted phone.
•  By examine backup image of NAND rom device, to get the image u can reboot and choose backup in CWM. After that u can see some file created under SDcard ( /sdcard/clockworkmod/backup/2013-0*-**.**.**.**/ ) such as .android_secure.vfat.tar, cache.yaffs2.img, data.yaffs2.img, sd-ext.ext2.tar, system.yaffs2.img. At last use yaffey or yaff2util to open data.yaffs2.img file...see u can see gesture.key under /system directory. *need CWM or another backup tool in android phone kernel.
• Using CWM, by choosin mount>>mount data>>then connect ur device to PC thru usb>>find gesture.key under system folder (*thanks to rastri to remind me about this one...^^)
•  3x3 pattern gesture.key sample files can be download here .
  
• Try it ....^^
  

related source:
- http://ezine.echo.or.id/issue27/004.txt
- http://uberskill.blogspot.com/2012/08/cracking-android-gesture-patterns.html
-  http://rossmarks.co.uk/blog/?p=609

-  http://android-forensics.com/android-forensics-study-of-password-and-pattern-lock-protection/143

-  http://forum.gsmhosting.com/vbb/f668/gesture-key-where-answered-1482897/

-  http://forum.xda-developers.com/sitesearch.php?q=yaffey

Thank to : Eric Draven (RNDC.or.id) for fix the script... ; )

Read more »

mr 3020 run pineapple jasanger ...but karma not

 find tut in: http://penturalabs.wordpress.com/2013/04/25/blue-for-the-pineapple/

main issue; 
- U need dsniff to perform dnspoof and urlsnarf
- To install dsniff u need to take it on minipwner repository, do this :

opkg update

opkg install  libpcap libnids libnet0 libopenssl libgdbm librpc

cd /tmp

wget http://www.minipwner.com/20120514/downloads.openwrt.org/snapshots/trunk/ar71xx/packages/dsniff_2.4b1-2_ar71xx.ipk

opkg install dsniff_2.4b1-2_ar71xx.ipk

- U also need autossh n other packages whose in pineapple mark4 but didn't bring on pentura tutorial...here they are :
at  autossh  chat  comgt  crda  empty  ettercap  hostapd-utils  hostapd  iptables-mod-ipopt  iptables-mod-nat-extra  kmod-ath9k-htc  kmod-button-hotplug  kmod-crypto-hash  kmod-crypto-manager  kmod-eeprom-93cx6  kmod-fs-nfs-common  kmod-fs-nfs  kmod-input-core  kmod-input-gpio-keys-polled  kmod-input-polldev  kmod-ipt-ipopt  kmod-ipt-nat-extra  kmod-lib-crc-itu-t  kmod-nls-utf8  kmod-rt2800-lib  kmod-rt2800-usb  kmod-rt2x00-lib  kmod-rt2x00-usb  kmod-rt73-usb  kmod-rtl8180  kmod-rtl8187  kmod-scsi-generic  kmod-tun  kmod-usb-net-cdc-ether  kmod-usb-net-rndis  kmod-usb-net  kmod-usb-serial  kmod-usb-uhci  libcom_err  libcurl  libelf1  libext2fs  libltdl  libnet1  libsqlite3  libusb-1.0  libusb-compat  macchanger  php4-cgi  php4  procd  sdparm  usb-modeswitch-data  usb-modeswitch  usbreset  usbutils  zoneinfo-core

- So sad...although with this all  i still can't runs karma on.... -_-' , if u can make its work please message me to this email.

Read more »

Hak4Fun: mr3020 Auto Rickroll (custumized openwrt firmware)

File name: openwrt-tl-mr3020-ricklroller.bin
Size:   3.75 MB (3,932,160 bytes)
Description: openwrt firmware for tplink MR3020 with auto rickroller feature (every link that users wants to connect will leads into local index in ur openwrt)
Distribution : freeware
Md5checksum: 1f9ec3669a24b7c4e71098fc00732032

 Download link: click here 

(copied from hak5)

 John Bebo’s Auto-Rickroll payload for the  John Bebo’s Auto-Rickroll payload for the WiFi Pineapple WiFi Pineapple is an excellent example of using   is an excellent example of using Dnsmasq Dnsmasq to  to
forward targets to a hosted site. While this site could be malicious, perhaps hosing the  forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Browser
Exploitation Framework Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to , Bebo’s payload is a safe and simple prank. Any web site a victim attempts to
browse to brings them to a  browse to brings them to a WiFi Pineapple WiFi Pineapple hosted page containing   hosted page containing Rick Astley Rick Astley ASCII Art and looping  ASCII Art and looping
audio. It uses a similar technique employed by Captive Portals something we’ll explore in more detail audio. It uses a similar technique employed by Captive Portals  something we’ll explore in more detail
soon “ except a lot more annoying.

overview :

main issue:

• Right after u flashing the router u will get "free@wifi.id" as ur SSID (Always think like a fish, no matter how weird it gets).
• There is a lot of chance if u want to inject ur own payloads on it (just edit the index.html or make something new).
• This firmware only contain some basic packages, there is no Luci there. So i remind u again...don't try if not familiar with flashing thru ssh terminal/putty or else. 

related source: 

-  http://hak5.org/hack/auto-rickrolling-wifi-pineapple

-  http://shackspace.de/wiki/doku.php?id=project:minikrebs#profilerick-roller
-  http://wiki.openwrt.org/doc/howto/obtain.firmware.generate

Read more »

MiniPwner at Derbycon 2012 (video)

Read more »

my stuff @Idsecconf 2013

download:

Paper

Presentation

firmware

source code

related post: http://semaraks.blogspot.com/2013/05/turning-tl-mr3020-into-portable-wifi.html

Read more »