12 November 2015

screen atas pfsense

get command line

sekali seumur hidup
 - pkg

- pkg install screen

perlu logout dan login sebelum :
 - screen

20 August 2015

gevent not so parallel

2 issue here.

1) gevent.pool is not so perfect. It would not start new thread untill all running thread exit.
Perfect implementation should start a thread immediately when there is a vacant in the pool.

2) the thread seem not execute parallel. In below example, function do_work_function clearly not running in parallel.

Really feel been bluffing all this while..... thanx 0xpcode :)

from gevent.pool import Pool
import time
import logging

rows = range(10)
pool = Pool(CONCURRENCY)

def do_work_function(param1):
print "start" , str(param1 )
    print "--finish" , str(param1 )
for row in rows:
  pool.spawn(do_work_function,row) # blocks here when pool size == CONCURRENCY
  print "spawn thread %s" % str(row)

print "start join"
pool.join(timeout=1) #blocks here until the last 10 are complete
print "end join" 

13 August 2015

python package

install location (ubuntu 14.04)

email test

HELO local.domain.name

MAIL FROM: mail@domain.ext

RCPT TO: mail@otherdomain.ext

Subject:-type subject here-

ref: http://www.yuki-onna.co.uk/email/smtp.html

06 August 2015

smtplib handle non-ascii

email_body_msg = "victim’s reach"

char between m and s is non ascii character.

smtplib (python) cannot handle this. So what is the solution?

Simple solution, Just convert all the email_body_msg to base64. 

1) Use another python lib:
     from email.mime.text import MIMEText

2) Use UTF-8
     message = MIMEText(email_body_msg, _charset="UTF-8")

3) convert MIMEText back to string
    smtplib.SMTP.sendmail(self.mfrom, receivers, message.as_string())

good read:

02 July 2015

26 June 2015

calling import function ( IAT )

Import Address Table.

Section: .data
IAT in section idata
During Application loading into memory by Windows, all value at IAT will be resolve.
Import Address has been populated in IAT 

Assembly code:
Call to Windows API(GetVersion)
Reffering at 0x004012c8:

  • FF 15 :    indirect call
  • 38604000  >> 0x00046038  : contains 0x775944c7(address of GetVersion function)
  • EIP will jump to GetVersion().
  • Since its a CALL, execution will return to 0x004012CE afterwords

ref: http://win32assembly.programminghorizon.com/pe-tut6.html

24 June 2015

Entry Point

PE.ImageBase + PE.AddressOfEntryPoint = Virtual Address

Entry point adalah dalam salah satu windows dll.
Kemudian akan sambung ke pre main function(hasil kerja compiler)
Last, baru masuk main().

Immunity Debugger boleh pilih 3 option: pause pada salah satu di atas.

18 June 2015


Key Type

  • Symmetric
    • same key to encrypt/decrypt
    • fast
    • Algorithms:
      • DES
      • 3DES
      • Blowfish
      • RC4, RC5, RC6
      • AES
  • Asymmetric
    • slow
    • public key
      • to encrypt
      • share to others/world
    • private key
      • to decrypt
      • keep by owner
    • Algorithms:
      • RSA
      • ECC
      • Diffie-Hellman
      • El Gamal
      • DSA

Methods Of Encryption
  • Block Cipher
    • use symmetric encryption
    • fix-length
      • pad added to short blocks

  • Stream Cipher
    • use symmetric encryption
    • 1 bit/byte at a time
    • should use different IV
  • Attributes
    • Confusion
      • cant determine the key based on ciphertext(encrypted data)
    • Diffusion
      • 1 change in plain text would output result at least 50% diff

Block Mode 

  • Mode is needed when data is larger than block size
  • Modes
    • ECB - Electronic Code Block
      • Weak
        • same chipher text for same block
          • refer https://www.youtube.com/watch?v=uPiqyQOMH1E , at 1:05
          • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:ECB_encryption.svg
    • CBC - Cipher Block Chaining
      • has additional parameter
        • use IV for first block
        • use ciphertext for the next block
      • usually just XOR the block with the extra param before encrypt using the key
      • ref: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:CBC_decryption.svg
    • CFB - Cipher Feedback
    • OFB - Output Feedback
    • CTR - Counter
Types of Symmetric

04 June 2015

steghide (stegonography)

tools: steghide:

1) http://steghide.sourceforge.net/documentation/manpage.php

03 June 2015

Virtual Memory for Linux Process

Perbandingan Linux dan Windows:

Linux Virtual Process:

1)  http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/

29 May 2015

Virtual Address Space

Paged system

Pay Attention at 'Page Table'. This is how the translation from virtual address to physical address.

1) http://wiki.osdev.org/Paging

26 May 2015

volatility tips

to omit profile and memory_dump location

$ export VOLATILITY_LOCATION=file:///path/to/MEMORY.DMP

$ python vol.py imageinfo

Connections/conscan/sockets/sockscan are for Windows XP/2003 only.
netscan plugin for anything Vista/2008/Win7

ref : 
1) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&cad=rja&uact=8&ved=0CFUQFjAO&url=http%3A%2F%2Fkromer.pl%2Fmalware-analysis%2Fmemory-forensics-using-volatility-toolkit-to-extract-malware-samples-from-memory-dump%2F&ei=rEFkVa6xJsytuQSn0IHIBg&usg=AFQjCNEeYqBZ6ya72XwBSQ5NAoe7oGuELw&bvm=bv.93990622,d.c2E

22 May 2015

ARP Broadcast: how ipscan gather all ip n mac address

ARP Broadcast

ARP Broadcast

To send packet to an IP,

  • Get MAC address of the destination
    • Through ARP Broadcast
  • MAC and IP sender is included in the arp broadcast packet.

IPScan will receive all arp broadcast in the segment, and keep the list.
If there are any unregistered MAC address, it will spoof the IP own by the MAC Address.

19 May 2015



Launch an interactive command prompt on \\workstation64, the CMD prompt window will appear locally:
psexec \\workstation64 cmd
Execute a program that is already installed on the remote system:
psexec \\workstation64 "c:\Program Files\test.exe"
Connect to workstation64 and run IPCONFIG to display the remote PC's IP address:
psexec \\workstation64 ipconfig
Connect to workstation64 and list a directory:
psexec \\workstation64 -s cmd /c dir c:\work
Connect to workstation64 and copy a file from another server:
psexec \\workstation64 -s cmd /c copy \\server21\share45\file.ext c:\localpath
Execute IpConfig on the remote system, and display the output locally:
psexec \\workstation64 ipconfig /all
Copy the program test.exe to the remote system and execute it interactively, running under the account DannyGlover:
psexec \\workstation64 -c test.exe -u DannyGlover -p Pa55w0rd
Run Internet Explorer on the local machine but with limited-user privileges:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
Run Regedit on the local machine with SYSTEM privileges:
psexec -s -i regedit.exe
From PowerShell, run a VBscript on a remote workstation and pass some parameters:
PS C:> $script='C:\Program Files\demo.vbs'
PS C:> $args = "some more text"
PS C:> psexec -s \\workstation64 c:\windows\system32\cscript.exe $script $args

ref -> http://ss64.com/nt/psexec.html

21 April 2015

flask login form csrf

hidden_tag() to generate csrf_token in flask form:

    user_manager = current_app.user_manager
    login_form = user_manager.login_form(request.form)
    token = login_form.hidden_tag()

18 April 2015

div idiv

   div ebx     ;     eax = edx:eax  /  ebx  .   remainder will be put in edx

   mov edx, 0
   mov eax, 0xd
   mov ebx, 5
   div ebx
   ;; result:   eax=2,  edx=3

#somehow my immunity debugger not accept 'div 0x75' instruction

   signed version of div

inline hook

a) distance to jump, will be use at (d)
b) copy original instruction at original function to new area in memory.
c) put 'jmp' at original function
d) put (a) at (original_function +1). as parameter to jmp in (c)

17 April 2015

repne scasb, rep movsb

a) to count string length. Looks at how ECX is used, 'neg ecx' 
b) to copy string to somewhere in memory


   cmp al, [edi]
   ##add esi, 1
   add edi, 1

repne scasb:
  repeat 'not equal' or 'ECX times',

  mov byte [edi], [esi]
  add esi, 1     ; depending on direction flag, might be decreased
  add edi, 1

  repeat ECX times

rep movsb:
   repeat while ecx not 0;
   sub ecx, 1
   (#repeat ecx times)

   'repne scasb' to count string lenght;
    'rep movsb' to copy string  


  mul ebx ;     edx:eax =  eax * ebx
                 ;     decimal: 5,000,000,000
                 ;         edx          |   eax
                 ;     00000001     | 2A05F200

    imul eax, ecx, 0x2    ;    eax = ecx * 0x2

    imul ecx, 0x2           ;   imul ecx, ecx, 0x2  

16 April 2015

15 April 2015

loopw x86

mov  edi, DWORD_00406904
mov  ecx, 0x0d
xor  [edi], 0x9C
inc  edi
loopw LOC_04010682

  jump if ecx != 0

30 March 2015


  1. beza route vs push "route x.x.x x.x.x."
  2. isu client-to-client (ccd) 
  3. iroute


  • route
    • add to vpnserver routing table
    • Label on pfsense vpnServer -> IPv4 Remote Network/s
  • push "route x.x.x.x   "
    • add to client routing table
    • put all subnet on all client side
    • iroute will reconcile the 'local subnet' for each client
    • Label on pfsense vpnServer ->  IPv4 Local Network/s

Last but not least, thanks to 'very friendly' pfsense openvpn interface, which has menu sorting:
  • Server
  • Client
  • Client Specific Override 
Client Specific Override should be under Server. 

16 March 2015

virtual environtment for flask

workon drill

bower update --production

06 March 2015

Ubuntu Desktop Ringan/Light/Minimal

  1. Install server distro
  2. Minimal Gnome Core Desktop
    1. sudo apt-get install ubuntu-gnome-desktop
    1. Lightweight Desktop Manager 
      1. sudo apt-get install xorg gnome-core gnome-system-tools gnome-app-install 
  3.  Unity Based Ubuntu Server GUI
    1. sudo apt-get install --no-install-recommends ubuntu-desktop
      (will exclude LibreOffice and others)

26 January 2015

Full-Duplex Ethernet

Asal, Ethernet hanya boleh hantar atau terima, tak boleh serentak.

Kenapa: Utk Detect Collision.
Masa Ethernet hantar, dia kena listen juga. Jika yg diterima(listen) sama dengan yg dihantar, maksudnya tiada collision. Tapi jika tak sama, maksudnya ada node lain yg hantar serentak(collision). So Ethernet kena ulang hantar semula.

Bila guna switch, satu segment hanya ada satu node. PC - switch sahaja. Jadi potensi utk collision tiada. Maka Node boleh hantar, dan terima dari switch serentak.

ref:  http://computer.howstuffworks.com/ethernet15.htm

09 January 2015

getInstalledApplications vs getInstalledPackages

  • PackageManager.getInstalledPackages(int flags)on the other hand, will provide you information regarding all AndroidManifest's elements, such as declared activities, services, receivers, meta-data
    • Returns: A List of PackageInfo objects
    • PackageInfo contains ApplicationInfo

  • PackageManager.getInstalledApplications(int flags)  will provide you information regarding the AndroidManifest's Application tag, and just about it. Forget about activities, receivers, services and go on.
    • Returns: Returns a List of ApplicationInfo
    • ApplicationInfo 

PackageInfo properties:
  • applicationInfo - ApplicationInfo
  • packageName - String
  • versionName - String
  • versionCode - int
  • permissions - PermissionInfo[] : (.GET_PERMISSIONS )
ApplicationInfo properties:
  • className - String
  • packageName - String
  • processName - String (The name of the process this application should run in. From the "process" attribute or, if not set, the same as packageName)
  • permission(needed by other to call this app) - String
  • dataDir
  • sourceDir
  • publicSourceDir
  • nativeLibraryDir
  • sharedLibraryFiles - String[]  : (GET_SHARED_LIBRARY_FILES )

05 January 2015



file: android_source_code/frameworks/base/core/res/res/layout/simple_list_item_1.xml

<?xml version="1.0" encoding="utf-8"?>
<TextView xmlns:android="http://schemas.android.com/apk/res/android"


PackageManager beri maklumat berdasarkan file: /data/system/packages.xml
[sangkaan yg kuat :)]

fileName: /data/system/packages.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<last-platform-version internal="18" external="18" />
<permission-trees />
<item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" package="android" protection="1" />
<item name="android.permission.WRITE_CALL_LOG" package="android" protection="1" />
<item name="android.permission.CLEAR_APP_CACHE" package="android" protection="1" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" package="android" protection="1" />
<item name="android.permission.ASEC_ACCESS" package="android" protection="2" />
<item name="com.dolphin.browser.permission.RECOGNIZE_GUESTURE" package="mobi.mgeek.TunnyBrowser" protection="18" />
<item name="android.permission.VIBRATE" package="android" />
<item name="android.permission.READ_CELL_BROADCASTS" package="android" protection="1" />
<package name="com.android.soundrecorder" codePath="/system/app/SoundRecorder.apk" nativeLibraryPath="/data/app-lib/SoundRecorder" flags="572997" ft="14039055328" it="14039055328" ut="14039055328" version="18" userId="10024">
<sigs count="1">
<cert index="0" key="308204a830820390a003020102020900936eacbe07f201df300d06092a864886f70d0101050500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303232393031333334365a170d3335303731373031333334365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87a94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f020103a381fc3081f9301d0603551d0e04160414485900563d272c46ae118605a47419ac09ca8c113081c90603551d230481c13081be8014485900563d272c46ae118605a47419ac09ca8c11a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900936eacbe07f201df300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007aaf968ceb50c441055118d0daabaf015b8a765a27a715a2c2b44f221415ffdace03095abfa42df70708726c2069e5c36eddae0400be29452c084bc27eb6a17eac9dbe182c204eb15311f455d824b656dbe4dc2240912d7586fe88951d01a8feb5ae5a4260535df83431052422468c36e22c2a5ef994d61dd7306ae4c9f6951ba3c12f1d1914ddc61f1a62da2df827f603fea5603b2c540dbd7c019c36bab29a4271c117df523cdbc5f3817a49e0efa60cbd7f74177e7a4f193d43f4220772666e4c4d83e1bd5a86087cf34f2dec21e245ca6c2bb016e683638050d2c430eea7c26a1c49d3760a58ab7f1a82cc938b4831384324bd0401fa12163a50570e684d" />
<package name="com.example.myfirstapp" codePath="/data/app/com.example.myfirstapp-1.apk" nativeLibraryPath="/data/app-lib/com.example.myfirstapp-1" flags="572998" ft="14979020968" it="14979020b03" ut="14979020b03" version="1" userId="10050">
<sigs count="1">
<cert index="3" />
<perms />
<package name="com.android.browser" codePath="/system/app/Browser.apk" nativeLibraryPath="/data/app-lib/Browser" flags="638533" ft="140390733a0" it="140390733a0" ut="140390733a0" version="18" userId="10016">
<sigs count="1">
<cert index="0" />
<package name="com.android.widgetpreview" codePath="/data/app/WidgetPreview.apk" nativeLibraryPath="/data/app-lib/WidgetPreview" flags="572996" ft="1403904f568" it="1403904f568" ut="1403904f568" version="18" userId="10045">
<sigs count="1">
<cert index="0" />
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<package name="android" codePath="/system/framework/framework-res.apk" flags="4767241" ft="14038ffe870" it="14038ffe870" ut="14038ffe870" version="18" sharedUserId="1000">
<sigs count="1">
<cert index="1" />
<package name="com.siperdana.memo" codePath="/data/app/com.siperdana.memo-1.apk" nativeLibraryPath="/data/app-lib/com.siperdana.memo-1" flags="572996" ft="14a9f955a48" it="14a9f955d48" ut="14a9f955d48" version="1" userId="10046">
<sigs count="1">
<cert index="6" key="3082036b30820253a00302010202043077d7f6300d06092a864886f70d01010b05003066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f301e170d3134313233313039303035325a170d3339313232353039303035325a3066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f30820122300d06092a864886f70d01010105000382010f003082010a0282010100acd2c4ea085f15b7b62cf6ba8b26f598dd047a663177f621aec5c7618f3c0e5640bddc7f0881ed77a3898b0a6cbbc9e955099b07781eee46a6ab408bc549ee5c2f1b1afe0f0dd4cf105426d386b700be25dfd59c7b887538d500f6bf7145dd77c86d5cffc327207e10dcf9f072f876a88d47f2db903a739d35aea2becea429d6901f14f2eca376a2beb80d8a1aa362962ab1c9867ecfe97db0d5494fd35fb3b4df6d6845bb166dfbb21d57388e2c02ab9ff4db5ee056fb131f818665a10e5b92066b2bb1b99cb2d929b2bf1a49167206990cef438ecf902b759cd977cbf8ea1be21e90b9bb97b37a2a12dea1cddd0372d8ed7948f2af3ae0900d1c03bb5bf8c90203010001a321301f301d0603551d0e04160414cba489189cb76aaeb1793f99002f33c20f85fc87300d06092a864886f70d01010b0500038201010072da3a24c2dd719b46dbc050952d9706a8f15812fcc04eb6413f8d5c2511e136f3df56113d566c9c16ceea6fdb9e914418e4fc89cbeca7ec6d22f423b05eead8079cde3beec81b3359fdbdaa78e9297b59917710f9835ae10bc17a48fc98fef8c466b7381041eb02e6f084fe5cea8dc7c390a112f3f9eb62deec1a30cfc5df5c65cc2c105594ce358aa6e57dffe85aaeb9b22fcfcd1dc3422cb64d6cbb5f0aae18512548bb5db7161b044f9157d6794e15accc2a42e6be9a9d309805c521d0f9a5bc8a0e6efd719221f4ab6edfe368e50c6d3f4817f947a7b48ad2f171a946caf6373e4770cc66c151322043f305ddedd9056e4601e731493f890c6ac3161734" />
<perms />

<updated-package name="com.android.vending" codePath="/data/app/com.android.vending-1.apk" ft="1497e21d1d0" it="1497e0d4729" ut="1497e21d749" version="80280020" nativeLibraryPath="/data/app-lib/com.android.vending-1" userId="10052">
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.NFC" />
<item name="com.android.launcher.permission.INSTALL_SHORTCUT" />
<item name="android.permission.USE_CREDENTIALS" />
<item name="com.android.vending.permission.C2D_MESSAGE" />
<item name="android.permission.GET_TASKS" />
<item name="android.permission.SEND_SMS" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.ACCESS_COARSE_LOCATION" />
<item name="android.permission.GET_ACCOUNTS" />
<item name="android.permission.CLEAR_APP_CACHE" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" />
<item name="android.permission.READ_PHONE_STATE" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="com.android.vending.BILLING" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="com.android.vending.billing.IN_APP_NOTIFY.permission.C2D_MESSAGE" />
<item name="android.permission.MANAGE_ACCOUNTS" />
<item name="com.android.vending.TOS_ACKED" />
<item name="android.permission.CHANGE_NETWORK_STATE" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.WAKE_LOCK" />
<shared-user name="android.uid.log" userId="1007">
<perms />
<shared-user name="android.media" userId="10013">
<sigs count="1">
<cert index="4" />
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
<item name="android.permission.RECEIVE_WAP_PUSH" />
<item name="android.permission.SET_WALLPAPER" />
<item name="android.permission.ACCESS_CACHE_FILESYSTEM" />
<item name="android.permission.WRITE_MEDIA_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
<item name="android.permission.ACCESS_MTP" />
<item name="android.permission.READ_SMS" />
<item name="android.permission.MANAGE_USERS" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="android.permission.CAMERA" />
<item name="android.permission.ACCESS_ALL_DOWNLOADS" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="android.permission.INTERACT_ACROSS_USERS" />
<item name="android.permission.CONNECTIVITY_INTERNAL" />
<item name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
<item name="android.permission.UPDATE_DEVICE_STATS" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.RECORD_AUDIO" />
<item name="android.permission.WAKE_LOCK" />

Tambahan :
fileName: /data/system/packages.list
com.android.soundrecorder 10024 0 /data/data/com.android.soundrecorder release
com.android.sdksetup 10005 0 /data/data/com.android.sdksetup platform
com.android.launcher 10012 0 /data/data/com.android.launcher shared
com.android.defcontainer 10002 0 /data/data/com.android.defcontainer platform
com.android.smoketest 10041 0 /data/data/com.android.smoketest default
com.android.quicksearchbox 10006 0 /data/data/com.android.quicksearchbox shared
com.android.contacts 10004 0 /data/data/com.android.contacts shared
com.android.inputmethod.latin 10030 0 /data/data/com.android.inputmethod.latin shared
com.android.calculator2 10033 0 /data/data/com.android.calculator2 release

adb cheat sheet

1) pull files recursively

  • add /.    >>  adb pull /data/data/com.whatsapp/. downloadDir

02 January 2015

android obfuscated

Dalam project.properties:

dan berikut:
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider

-keep public class * extends android.view.View {
    public (android.content.Context);
    public (android.content.Context, android.util.AttributeSet);
    public (android.content.Context, android.util.AttributeSet, int);
    public void set*(...);

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet);

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet, int);

-keepclassmembers class * extends android.content.Context {
   public void *(android.view.View);
   public void *(android.view.MenuItem);

-keepclassmembers class * implements android.os.Parcelable {
    static ** CREATOR;

-keepclassmembers class **.R$* {
    public static ;

-keepclassmembers class * {
    @android.webkit.JavascriptInterface ;

Dan perlu sign apk(kalau tak sign, tiada obfuscated)
[RightClick Project -> Android Tools -> Export Signed Application Package]

1) http://stackoverflow.com/questions/22322061/how-can-i-obfuscate-my-code-in-eclipse-android
2) http://proguard.sourceforge.net/#manual/examples.html