Muridin: 2015

19 November 2015

OpenBSD remove alias IP

ifconfig   delete

ifconfig re0 192.168.10.199 delete

12 November 2015

screen atas pfsense

get command line

sekali seumur hidup
- pkg

kemudian
- pkg install screen

perlu logout dan login sebelum :
- screen

21 October 2015

12 October 2015

20 August 2015

2 issue here.

1) gevent.pool is not so perfect. It would not start new thread untill all running thread exit.
Perfect implementation should start a thread immediately when there is a vacant in the pool.

2) the thread seem not execute parallel. In below example, function do_work_function clearly not running in parallel.

Really feel been bluffing all this while..... thanx 0xpcode :)

from gevent.pool import Pool
import time
import logging

rows = range(10)
CONCURRENCY = 4
pool = Pool(CONCURRENCY)

def do_work_function(param1):
print "start" , str(param1 )
time.sleep(4)
print "--finish" , str(param1 )

for row in rows:
#logging.info(count)
pool.spawn(do_work_function,row) # blocks here when pool size == CONCURRENCY
print "spawn thread %s" % str(row)

print "start join"
pool.join(timeout=1) #blocks here until the last 10 are complete
print "end join"

13 August 2015

python package

install location (ubuntu 14.04)
/usr/local/lib/python2.7/dist-packages/secfeed-0.1-py2.7.egg/secfeed/

email test

HELO local.domain.name

MAIL FROM: mail@domain.ext

RCPT TO: mail@otherdomain.ext

Subject:-type subject here-

ref: http://www.yuki-onna.co.uk/email/smtp.html

06 August 2015

smtplib handle non-ascii

email_body_msg = "victim’s reach"

char between m and s is non ascii character.

smtplib (python) cannot handle this. So what is the solution?

Simple solution, Just convert all the email_body_msg to base64.

Steps:

1) Use another python lib:

from email.mime.text import MIMEText

2) Use UTF-8

message = MIMEText(email_body_msg, _charset="UTF-8")

3) convert MIMEText back to string

smtplib.SMTP.sendmail(self.mfrom, receivers, message.as_string())

good read:
http://betterexplained.com/articles/unicode/

02 July 2015

pfsense openvpn

ref:
1) https://chubbable.com/setup-pfsense-as-openvpn-client

26 June 2015

calling import function ( IAT )

Import Address Table.

Section: .data

IAT in section idata

During Application loading into memory by Windows, all value at IAT will be resolve.

Import Address has been populated in IAT

Assembly code:

Call to Windows API(GetVersion)

Reffering at 0x004012c8:

FF 15 : indirect call
38604000 >> 0x00046038 : contains 0x775944c7(address of GetVersion function)
EIP will jump to GetVersion().
Since its a CALL, execution will return to 0x004012CE afterwords

ref: http://win32assembly.programminghorizon.com/pe-tut6.html

24 June 2015

Entry Point

PE.ImageBase + PE.AddressOfEntryPoint = Virtual Address

ps:
Entry point adalah dalam salah satu windows dll.
Kemudian akan sambung ke pre main function(hasil kerja compiler)
Last, baru masuk main().

Immunity Debugger boleh pilih 3 option: pause pada salah satu di atas.

18 June 2015

Cryptography

Key Type

Symmetric

same key to encrypt/decrypt
fast
Algorithms:

DES
3DES
Blowfish
RC4, RC5, RC6
AES

Asymmetric

slow
public key

to encrypt
share to others/world

private key

to decrypt
keep by owner

Algorithms:

RSA
ECC
Diffie-Hellman
El Gamal
DSA

Methods Of Encryption

Block Cipher

use symmetric encryption
fix-length

pad added to short blocks

Stream Cipher

use symmetric encryption
1 bit/byte at a time
should use different IV

Attributes

Confusion

cant determine the key based on ciphertext(encrypted data)

Diffusion

1 change in plain text would output result at least 50% diff

Block Mode

Mode is needed when data is larger than block size
Modes

ECB - Electronic Code Block

Weak

same chipher text for same block

refer https://www.youtube.com/watch?v=uPiqyQOMH1E , at 1:05
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:ECB_encryption.svg

CBC - Cipher Block Chaining

has additional parameter

use IV for first block
use ciphertext for the next block

usually just XOR the block with the extra param before encrypt using the key
ref: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:CBC_decryption.svg

CFB - Cipher Feedback
OFB - Output Feedback
CTR - Counter

Types of Symmetric

04 June 2015

steghide (stegonography)

tools: steghide:

ref:
1) http://steghide.sourceforge.net/documentation/manpage.php

03 June 2015

Virtual Memory for Linux Process

Perbandingan Linux dan Windows:

Linux Virtual Process:

ref:
1) http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/

29 May 2015

Virtual Address Space

Paged system

Pay Attention at 'Page Table'. This is how the translation from virtual address to physical address.

ref:
1) http://wiki.osdev.org/Paging

26 May 2015

volatility tips

to omit profile and memory_dump location

1)

$ export VOLATILITY_PROFILE=Win7SP1x64
$ export VOLATILITY_LOCATION=file:///path/to/MEMORY.DMP

$ python vol.py imageinfo

Connections/conscan/sockets/sockscan are for Windows XP/2003 only.

netscan plugin for anything Vista/2008/Win7

ref :

1) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&cad=rja&uact=8&ved=0CFUQFjAO&url=http%3A%2F%2Fkromer.pl%2Fmalware-analysis%2Fmemory-forensics-using-volatility-toolkit-to-extract-malware-samples-from-memory-dump%2F&ei=rEFkVa6xJsytuQSn0IHIBg&usg=AFQjCNEeYqBZ6ya72XwBSQ5NAoe7oGuELw&bvm=bv.93990622,d.c2E

22 May 2015

ARP Broadcast: how ipscan gather all ip n mac address

ARP Broadcast

To send packet to an IP,

Get MAC address of the destination

Through ARP Broadcast

MAC and IP sender is included in the arp broadcast packet.

IPScan will receive all arp broadcast in the segment, and keep the list.
If there are any unregistered MAC address, it will spoof the IP own by the MAC Address.

19 May 2015

psexec

Examples:

Launch an interactive command prompt on \\workstation64, the CMD prompt window will appear locally:

psexec \\workstation64 cmd

Execute a program that is already installed on the remote system:

psexec \\workstation64 "c:\Program Files\test.exe"

Connect to workstation64 and run IPCONFIG to display the remote PC's IP address:

psexec \\workstation64 ipconfig

Connect to workstation64 and list a directory:

psexec \\workstation64 -s cmd /c dir c:\work

Connect to workstation64 and copy a file from another server:

psexec \\workstation64 -s cmd /c copy \\server21\share45\file.ext c:\localpath

Execute IpConfig on the remote system, and display the output locally:

psexec \\workstation64 ipconfig /all

Copy the program test.exe to the remote system and execute it interactively, running under the account DannyGlover:

psexec \\workstation64 -c test.exe -u DannyGlover -p Pa55w0rd

Run Internet Explorer on the local machine but with limited-user privileges:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Run Regedit on the local machine with SYSTEM privileges:

psexec -s -i regedit.exe

From PowerShell, run a VBscript on a remote workstation and pass some parameters:

PS C:> $script='C:\Program Files\demo.vbs'
PS C:> $args = "some more text"
PS C:> psexec -s \\workstation64 c:\windows\system32\cscript.exe $script $args

ref -> http://ss64.com/nt/psexec.html

21 April 2015

flask login form csrf

hidden_tag() to generate csrf_token in flask form:

    user_manager = current_app.user_manager
    login_form = user_manager.login_form(request.form)
    token = login_form.hidden_tag()

18 April 2015

div idiv

div:
   div ebx     ;     eax = edx:eax / ebx . remainder will be put in edx

example:
   mov edx, 0
   mov eax, 0xd
   mov ebx, 5
   div ebx
   ;; result:   eax=2, edx=3

#somehow my immunity debugger not accept 'div 0x75' instruction

idiv:
   signed version of div

inline hook

a) distance to jump, will be use at (d)
b) copy original instruction at original function to new area in memory.
c) put 'jmp' at original function
d) put (a) at (original_function +1). as parameter to jmp in (c)

17 April 2015

repne scasb, rep movsb

a) to count string length. Looks at how ECX is used, 'neg ecx'
b) to copy string to somewhere in memory

NOTES

scasb:
   cmp al, [edi]
   ##add esi, 1
   add edi, 1

repne scasb:
repeat 'not equal' or 'ECX times',

movsb:
mov byte [edi], [esi]
add esi, 1     ; depending on direction flag, might be decreased
add edi, 1

rep:
repeat ECX times

rep movsb:
   repeat while ecx not 0;
   sub ecx, 1
   (#repeat ecx times)

usually:
   'repne scasb' to count string lenght;
    'rep movsb' to copy string

imul

mul:
mul ebx ; edx:eax = eax * ebx
                 ;     decimal: 5,000,000,000
                 ;         edx          |   eax
                 ;     00000001     | 2A05F200

imul:
imul eax, ecx, 0x2    ;    eax = ecx * 0x2

imul ecx, 0x2           ; imul ecx, ecx, 0x2

16 April 2015

rep movsd

rep movsd

repeat for ecx times
cp 4bytes from [esi] to [edi]

15 April 2015

loopw x86

mov edi, DWORD_00406904
mov ecx, 0x0d
LOC_4010682
xor [edi], 0x9C
inc edi
loopw LOC_04010682

loopw:
ecx--
jump if ecx != 0

30 March 2015

openvpn

beza route vs push "route x.x.x x.x.x."
isu client-to-client (ccd)
iroute

https://community.openvpn.net/openvpn/wiki/RoutedLans

route

add to vpnserver routing table
Label on pfsense vpnServer -> IPv4 Remote Network/s

push "route x.x.x.x "

add to client routing table
put all subnet on all client side
iroute will reconcile the 'local subnet' for each client
Label on pfsense vpnServer -> IPv4 Local Network/s

Last but not least, thanks to 'very friendly' pfsense openvpn interface, which has menu sorting:

Server
Client
Client Specific Override

Client Specific Override should be under Server.

16 March 2015

virtual environtment for flask

1)virtualenvwrapper
------------------
mkproject
cdproject
deactivate
rmvirtualenv
workon drill
setvirtualenvproject
cdvirtualenv

extra
bower update --production

06 March 2015

Ubuntu Desktop Ringan/Light/Minimal

Install server distro
Minimal Gnome Core Desktop

sudo apt-get install ubuntu-gnome-desktop

Lightweight Desktop Manager

sudo apt-get install xorg gnome-core gnome-system-tools gnome-app-install

Unity Based Ubuntu Server GUI

sudo apt-get install --no-install-recommends ubuntu-desktop
(will exclude LibreOffice and others)

26 January 2015

Full-Duplex Ethernet

Asal, Ethernet hanya boleh hantar atau terima, tak boleh serentak.

Kenapa: Utk Detect Collision.
Masa Ethernet hantar, dia kena listen juga. Jika yg diterima(listen) sama dengan yg dihantar, maksudnya tiada collision. Tapi jika tak sama, maksudnya ada node lain yg hantar serentak(collision). So Ethernet kena ulang hantar semula.

Bila guna switch, satu segment hanya ada satu node. PC - switch sahaja. Jadi potensi utk collision tiada. Maka Node boleh hantar, dan terima dari switch serentak.

ref: http://computer.howstuffworks.com/ethernet15.htm

09 January 2015

getInstalledApplications vs getInstalledPackages

PackageManager.getInstalledPackages(int flags), on the other hand, will provide you information regarding all AndroidManifest's elements, such as declared activities, services, receivers, meta-data

Returns: A List of PackageInfo objects
PackageInfo contains ApplicationInfo

PackageManager.getInstalledApplications(int flags) will provide you information regarding the AndroidManifest's Application tag, and just about it. Forget about activities, receivers, services and go on.

Returns: Returns a List of ApplicationInfo
ApplicationInfo

PackageInfo properties:

applicationInfo - ApplicationInfo
packageName - String
versionName - String
versionCode - int
permissions - PermissionInfo[] : (.GET_PERMISSIONS )

ApplicationInfo properties:

className - String
packageName - String
processName - String (The name of the process this application should run in. From the "process" attribute or, if not set, the same as packageName)
permission(needed by other to call this app) - String
dataDir
sourceDir
publicSourceDir
nativeLibraryDir
sharedLibraryFiles - String[] : (GET_SHARED_LIBRARY_FILES )

05 January 2015

simple_list_item_1

R.layout.simple_list_item_1

file: android_source_code/frameworks/base/core/res/res/layout/simple_list_item_1.xml

<?xml version="1.0" encoding="utf-8"?>
<TextView xmlns:android="http://schemas.android.com/apk/res/android"
android:id="@android:id/text1"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:textAppearance="?android:attr/textAppearanceListItemSmall"
android:gravity="center_vertical"
android:paddingStart="?android:attr/listPreferredItemPaddingStart"
android:paddingEnd="?android:attr/listPreferredItemPaddingEnd"
android:minHeight="?android:attr/listPreferredItemHeightSmall"
/>

packages.xml

PackageManager beri maklumat berdasarkan file: /data/system/packages.xml
[sangkaan yg kuat :)]

fileName: /data/system/packages.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<packages>
<last-platform-version internal="18" external="18" />
<permission-trees />
<permissions>
<item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" package="android" protection="1" />
<item name="android.permission.WRITE_CALL_LOG" package="android" protection="1" />
<item name="android.permission.CLEAR_APP_CACHE" package="android" protection="1" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" package="android" protection="1" />
<item name="android.permission.ASEC_ACCESS" package="android" protection="2" />
<item
...
...
...
.
<item name="com.dolphin.browser.permission.RECOGNIZE_GUESTURE" package="mobi.mgeek.TunnyBrowser" protection="18" />
<item name="android.permission.VIBRATE" package="android" />
<item name="android.permission.READ_CELL_BROADCASTS" package="android" protection="1" />
</permissions>
<package name="com.android.soundrecorder" codePath="/system/app/SoundRecorder.apk" nativeLibraryPath="/data/app-lib/SoundRecorder" flags="572997" ft="14039055328" it="14039055328" ut="14039055328" version="18" userId="10024">
<sigs count="1">
<cert index="0" key="308204a830820390a003020102020900936eacbe07f201df300d06092a864886f70d0101050500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303232393031333334365a170d3335303731373031333334365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87a94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f020103a381fc3081f9301d0603551d0e04160414485900563d272c46ae118605a47419ac09ca8c113081c90603551d230481c13081be8014485900563d272c46ae118605a47419ac09ca8c11a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900936eacbe07f201df300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007aaf968ceb50c441055118d0daabaf015b8a765a27a715a2c2b44f221415ffdace03095abfa42df70708726c2069e5c36eddae0400be29452c084bc27eb6a17eac9dbe182c204eb15311f455d824b656dbe4dc2240912d7586fe88951d01a8feb5ae5a4260535df83431052422468c36e22c2a5ef994d61dd7306ae4c9f6951ba3c12f1d1914ddc61f1a62da2df827f603fea5603b2c540dbd7c019c36bab29a4271c117df523cdbc5f3817a49e0efa60cbd7f74177e7a4f193d43f4220772666e4c4d83e1bd5a86087cf34f2dec21e245ca6c2bb016e683638050d2c430eea7c26a1c49d3760a58ab7f1a82cc938b4831384324bd0401fa12163a50570e684d" />
</sigs>
</package>
<package name="com.example.myfirstapp" codePath="/data/app/com.example.myfirstapp-1.apk" nativeLibraryPath="/data/app-lib/com.example.myfirstapp-1" flags="572998" ft="14979020968" it="14979020b03" ut="14979020b03" version="1" userId="10050">
<sigs count="1">
<cert index="3" />
</sigs>
<perms />
</package>
<package name="com.android.browser" codePath="/system/app/Browser.apk" nativeLibraryPath="/data/app-lib/Browser" flags="638533" ft="140390733a0" it="140390733a0" ut="140390733a0" version="18" userId="10016">
<sigs count="1">
<cert index="0" />
</sigs>
</package>
<package name="com.android.widgetpreview" codePath="/data/app/WidgetPreview.apk" nativeLibraryPath="/data/app-lib/WidgetPreview" flags="572996" ft="1403904f568" it="1403904f568" ut="1403904f568" version="18" userId="10045">
<sigs count="1">
<cert index="0" />
</sigs>
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
</perms>
</package>
<package name="android" codePath="/system/framework/framework-res.apk" flags="4767241" ft="14038ffe870" it="14038ffe870" ut="14038ffe870" version="18" sharedUserId="1000">
<sigs count="1">
<cert index="1" />
</sigs>
</package>
<package name="com.siperdana.memo" codePath="/data/app/com.siperdana.memo-1.apk" nativeLibraryPath="/data/app-lib/com.siperdana.memo-1" flags="572996" ft="14a9f955a48" it="14a9f955d48" ut="14a9f955d48" version="1" userId="10046">
<sigs count="1">
<cert index="6" key="3082036b30820253a00302010202043077d7f6300d06092a864886f70d01010b05003066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f301e170d3134313233313039303035325a170d3339313232353039303035325a3066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f30820122300d06092a864886f70d01010105000382010f003082010a0282010100acd2c4ea085f15b7b62cf6ba8b26f598dd047a663177f621aec5c7618f3c0e5640bddc7f0881ed77a3898b0a6cbbc9e955099b07781eee46a6ab408bc549ee5c2f1b1afe0f0dd4cf105426d386b700be25dfd59c7b887538d500f6bf7145dd77c86d5cffc327207e10dcf9f072f876a88d47f2db903a739d35aea2becea429d6901f14f2eca376a2beb80d8a1aa362962ab1c9867ecfe97db0d5494fd35fb3b4df6d6845bb166dfbb21d57388e2c02ab9ff4db5ee056fb131f818665a10e5b92066b2bb1b99cb2d929b2bf1a49167206990cef438ecf902b759cd977cbf8ea1be21e90b9bb97b37a2a12dea1cddd0372d8ed7948f2af3ae0900d1c03bb5bf8c90203010001a321301f301d0603551d0e04160414cba489189cb76aaeb1793f99002f33c20f85fc87300d06092a864886f70d01010b0500038201010072da3a24c2dd719b46dbc050952d9706a8f15812fcc04eb6413f8d5c2511e136f3df56113d566c9c16ceea6fdb9e914418e4fc89cbeca7ec6d22f423b05eead8079cde3beec81b3359fdbdaa78e9297b59917710f9835ae10bc17a48fc98fef8c466b7381041eb02e6f084fe5cea8dc7c390a112f3f9eb62deec1a30cfc5df5c65cc2c105594ce358aa6e57dffe85aaeb9b22fcfcd1dc3422cb64d6cbb5f0aae18512548bb5db7161b044f9157d6794e15accc2a42e6be9a9d309805c521d0f9a5bc8a0e6efd719221f4ab6edfe368e50c6d3f4817f947a7b48ad2f171a946caf6373e4770cc66c151322043f305ddedd9056e4601e731493f890c6ac3161734" />
</sigs>
<perms />
</package>

.
.
.
<updated-package name="com.android.vending" codePath="/data/app/com.android.vending-1.apk" ft="1497e21d1d0" it="1497e0d4729" ut="1497e21d749" version="80280020" nativeLibraryPath="/data/app-lib/com.android.vending-1" userId="10052">
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.NFC" />
<item name="com.android.launcher.permission.INSTALL_SHORTCUT" />
<item name="android.permission.USE_CREDENTIALS" />
<item name="com.android.vending.permission.C2D_MESSAGE" />
<item name="android.permission.GET_TASKS" />
<item name="android.permission.SEND_SMS" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.ACCESS_COARSE_LOCATION" />
<item name="android.permission.GET_ACCOUNTS" />
<item name="android.permission.CLEAR_APP_CACHE" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" />
<item name="android.permission.READ_PHONE_STATE" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="com.android.vending.BILLING" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="com.android.vending.billing.IN_APP_NOTIFY.permission.C2D_MESSAGE" />
<item name="android.permission.MANAGE_ACCOUNTS" />
<item name="com.android.vending.TOS_ACKED" />
<item name="android.permission.CHANGE_NETWORK_STATE" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.WAKE_LOCK" />
</perms>
</updated-package>
<shared-user name="android.uid.log" userId="1007">
<perms />
</shared-user>
<shared-user name="android.media" userId="10013">
<sigs count="1">
<cert index="4" />
</sigs>
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
<item name="android.permission.RECEIVE_WAP_PUSH" />
<item name="android.permission.SET_WALLPAPER" />
<item name="android.permission.ACCESS_CACHE_FILESYSTEM" />
<item name="android.permission.WRITE_MEDIA_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
<item name="android.permission.ACCESS_MTP" />
<item name="android.permission.READ_SMS" />
<item name="android.permission.MANAGE_USERS" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="android.permission.CAMERA" />
<item name="android.permission.ACCESS_ALL_DOWNLOADS" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="android.permission.INTERACT_ACROSS_USERS" />
<item name="android.permission.CONNECTIVITY_INTERNAL" />
<item name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
<item name="android.permission.UPDATE_DEVICE_STATS" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.RECORD_AUDIO" />
<item name="android.permission.WAKE_LOCK" />
</perms>
</shared-user>
</packages>

Tambahan :
fileName: /data/system/packages.list
com.android.soundrecorder 10024 0 /data/data/com.android.soundrecorder release
com.android.sdksetup 10005 0 /data/data/com.android.sdksetup platform
com.android.launcher 10012 0 /data/data/com.android.launcher shared
com.android.defcontainer 10002 0 /data/data/com.android.defcontainer platform
com.android.smoketest 10041 0 /data/data/com.android.smoketest default
com.android.quicksearchbox 10006 0 /data/data/com.android.quicksearchbox shared
com.android.contacts 10004 0 /data/data/com.android.contacts shared
com.android.inputmethod.latin 10030 0 /data/data/com.android.inputmethod.latin shared
com.android.calculator2 10033 0 /data/data/com.android.calculator2 release

adb cheat sheet

1) pull files recursively

add /. >> adb pull /data/data/com.whatsapp/. downloadDir

02 January 2015

android obfuscated

Dalam project.properties:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt

dan berikut:

-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider

-keep public class * extends android.view.View {
    public (android.content.Context);
    public (android.content.Context, android.util.AttributeSet);
    public (android.content.Context, android.util.AttributeSet, int);
    public void set*(...);
}

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers class * extends android.content.Context {
   public void *(android.view.View);
   public void *(android.view.MenuItem);
}

-keepclassmembers class * implements android.os.Parcelable {
    static ** CREATOR;
}

-keepclassmembers class **.R$* {
    public static ;
}

-keepclassmembers class * {
    @android.webkit.JavascriptInterface ;
}

Dan perlu sign apk(kalau tak sign, tiada obfuscated)
[RightClick Project -> Android Tools -> Export Signed Application Package]

ref:
1) http://stackoverflow.com/questions/22322061/how-can-i-obfuscate-my-code-in-eclipse-android
2) http://proguard.sourceforge.net/#manual/examples.html