12 November 2015

screen atas pfsense


get command line

sekali seumur hidup
 - pkg

kemudian
- pkg install screen


perlu logout dan login sebelum :
 - screen

20 August 2015

gevent not so parallel

2 issue here.

1) gevent.pool is not so perfect. It would not start new thread untill all running thread exit.
Perfect implementation should start a thread immediately when there is a vacant in the pool.

2) the thread seem not execute parallel. In below example, function do_work_function clearly not running in parallel.

Really feel been bluffing all this while..... thanx 0xpcode :)



from gevent.pool import Pool
import time
import logging

rows = range(10)
CONCURRENCY = 4
pool = Pool(CONCURRENCY)

def do_work_function(param1):
print "start" , str(param1 )
    time.sleep(4)
    print "--finish" , str(param1 )
 
for row in rows:
  #logging.info(count)
  pool.spawn(do_work_function,row) # blocks here when pool size == CONCURRENCY
  print "spawn thread %s" % str(row)

print "start join"
pool.join(timeout=1) #blocks here until the last 10 are complete
print "end join" 

13 August 2015

python package

install location (ubuntu 14.04)
/usr/local/lib/python2.7/dist-packages/secfeed-0.1-py2.7.egg/secfeed/

email test


HELO local.domain.name

MAIL FROM: mail@domain.ext

RCPT TO: mail@otherdomain.ext

Subject:-type subject here-





ref: http://www.yuki-onna.co.uk/email/smtp.html

06 August 2015

smtplib handle non-ascii

email_body_msg = "victim’s reach"

char between m and s is non ascii character.

smtplib (python) cannot handle this. So what is the solution?


Simple solution, Just convert all the email_body_msg to base64. 

Steps:
1) Use another python lib:
     from email.mime.text import MIMEText

2) Use UTF-8
     message = MIMEText(email_body_msg, _charset="UTF-8")

3) convert MIMEText back to string
    smtplib.SMTP.sendmail(self.mfrom, receivers, message.as_string())



good read:
http://betterexplained.com/articles/unicode/

02 July 2015

26 June 2015

calling import function ( IAT )

Import Address Table.


Section: .data
IAT in section idata
During Application loading into memory by Windows, all value at IAT will be resolve.
Import Address has been populated in IAT 



Assembly code:
Call to Windows API(GetVersion)
Reffering at 0x004012c8:

  • FF 15 :    indirect call
  • 38604000  >> 0x00046038  : contains 0x775944c7(address of GetVersion function)
  • EIP will jump to GetVersion().
  • Since its a CALL, execution will return to 0x004012CE afterwords

ref: http://win32assembly.programminghorizon.com/pe-tut6.html



24 June 2015

Entry Point


PE.ImageBase + PE.AddressOfEntryPoint = Virtual Address



ps:
Entry point adalah dalam salah satu windows dll.
Kemudian akan sambung ke pre main function(hasil kerja compiler)
Last, baru masuk main().

Immunity Debugger boleh pilih 3 option: pause pada salah satu di atas.

18 June 2015

Cryptography

Key Type

  • Symmetric
    • same key to encrypt/decrypt
    • fast
    • Algorithms:
      • DES
      • 3DES
      • Blowfish
      • RC4, RC5, RC6
      • AES
  • Asymmetric
    • slow
    • public key
      • to encrypt
      • share to others/world
    • private key
      • to decrypt
      • keep by owner
    • Algorithms:
      • RSA
      • ECC
      • Diffie-Hellman
      • El Gamal
      • DSA


Methods Of Encryption
  • Block Cipher
    • use symmetric encryption
    • fix-length
      • pad added to short blocks

  • Stream Cipher
    • use symmetric encryption
    • 1 bit/byte at a time
    • should use different IV
  • Attributes
    • Confusion
      • cant determine the key based on ciphertext(encrypted data)
    • Diffusion
      • 1 change in plain text would output result at least 50% diff



Block Mode 


  • Mode is needed when data is larger than block size
  • Modes
    • ECB - Electronic Code Block
      • Weak
        • same chipher text for same block
          • refer https://www.youtube.com/watch?v=uPiqyQOMH1E , at 1:05
          • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:ECB_encryption.svg
    • CBC - Cipher Block Chaining
      • has additional parameter
        • use IV for first block
        • use ciphertext for the next block
      • usually just XOR the block with the extra param before encrypt using the key
      • ref: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#/media/File:CBC_decryption.svg
    • CFB - Cipher Feedback
    • OFB - Output Feedback
    • CTR - Counter
Types of Symmetric

04 June 2015

steghide (stegonography)

tools: steghide:



ref:
1) http://steghide.sourceforge.net/documentation/manpage.php

03 June 2015

Virtual Memory for Linux Process

Perbandingan Linux dan Windows:






Linux Virtual Process:




ref:
1)  http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/

29 May 2015

Virtual Address Space

Paged system



Pay Attention at 'Page Table'. This is how the translation from virtual address to physical address.



ref:
1) http://wiki.osdev.org/Paging

26 May 2015

volatility tips

to omit profile and memory_dump location

1)
$ export VOLATILITY_PROFILE=Win7SP1x64
$ export VOLATILITY_LOCATION=file:///path/to/MEMORY.DMP

$ python vol.py imageinfo



Connections/conscan/sockets/sockscan are for Windows XP/2003 only.
netscan plugin for anything Vista/2008/Win7





ref : 
1) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&cad=rja&uact=8&ved=0CFUQFjAO&url=http%3A%2F%2Fkromer.pl%2Fmalware-analysis%2Fmemory-forensics-using-volatility-toolkit-to-extract-malware-samples-from-memory-dump%2F&ei=rEFkVa6xJsytuQSn0IHIBg&usg=AFQjCNEeYqBZ6ya72XwBSQ5NAoe7oGuELw&bvm=bv.93990622,d.c2E




22 May 2015

ARP Broadcast: how ipscan gather all ip n mac address

ARP Broadcast


ARP Broadcast


To send packet to an IP,

  • Get MAC address of the destination
    • Through ARP Broadcast
  • MAC and IP sender is included in the arp broadcast packet.


IPScan will receive all arp broadcast in the segment, and keep the list.
If there are any unregistered MAC address, it will spoof the IP own by the MAC Address.

19 May 2015

psexec

Examples:

Launch an interactive command prompt on \\workstation64, the CMD prompt window will appear locally:
psexec \\workstation64 cmd
Execute a program that is already installed on the remote system:
psexec \\workstation64 "c:\Program Files\test.exe"
Connect to workstation64 and run IPCONFIG to display the remote PC's IP address:
psexec \\workstation64 ipconfig
Connect to workstation64 and list a directory:
psexec \\workstation64 -s cmd /c dir c:\work
Connect to workstation64 and copy a file from another server:
psexec \\workstation64 -s cmd /c copy \\server21\share45\file.ext c:\localpath
Execute IpConfig on the remote system, and display the output locally:
psexec \\workstation64 ipconfig /all
Copy the program test.exe to the remote system and execute it interactively, running under the account DannyGlover:
psexec \\workstation64 -c test.exe -u DannyGlover -p Pa55w0rd
Run Internet Explorer on the local machine but with limited-user privileges:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
Run Regedit on the local machine with SYSTEM privileges:
psexec -s -i regedit.exe
From PowerShell, run a VBscript on a remote workstation and pass some parameters:
PS C:> $script='C:\Program Files\demo.vbs'
PS C:> $args = "some more text"
PS C:> psexec -s \\workstation64 c:\windows\system32\cscript.exe $script $args


ref -> http://ss64.com/nt/psexec.html

21 April 2015

flask login form csrf

hidden_tag() to generate csrf_token in flask form:


    user_manager = current_app.user_manager
    login_form = user_manager.login_form(request.form)
    token = login_form.hidden_tag()

18 April 2015

div idiv

div:
   div ebx     ;     eax = edx:eax  /  ebx  .   remainder will be put in edx


example:
   mov edx, 0
   mov eax, 0xd
   mov ebx, 5
   div ebx
   ;; result:   eax=2,  edx=3

#somehow my immunity debugger not accept 'div 0x75' instruction

idiv:
   signed version of div

inline hook




a) distance to jump, will be use at (d)
b) copy original instruction at original function to new area in memory.
c) put 'jmp' at original function
d) put (a) at (original_function +1). as parameter to jmp in (c)
 

17 April 2015

repne scasb, rep movsb




a) to count string length. Looks at how ECX is used, 'neg ecx' 
b) to copy string to somewhere in memory



NOTES

scasb:
   cmp al, [edi]
   ##add esi, 1
   add edi, 1


repne scasb:
  repeat 'not equal' or 'ECX times',



movsb:
  mov byte [edi], [esi]
  add esi, 1     ; depending on direction flag, might be decreased
  add edi, 1


rep:
  repeat ECX times

rep movsb:
   repeat while ecx not 0;
   sub ecx, 1
   (#repeat ecx times)





usually:
   'repne scasb' to count string lenght;
    'rep movsb' to copy string  

imul

mul:
  mul ebx ;     edx:eax =  eax * ebx
                 ;     decimal: 5,000,000,000
                 ;         edx          |   eax
                 ;     00000001     | 2A05F200


imul:
    imul eax, ecx, 0x2    ;    eax = ecx * 0x2

    imul ecx, 0x2           ;   imul ecx, ecx, 0x2  

16 April 2015

15 April 2015

loopw x86


mov  edi, DWORD_00406904
mov  ecx, 0x0d
LOC_4010682
xor  [edi], 0x9C
inc  edi
loopw LOC_04010682




loopw:
  ecx--
  jump if ecx != 0
 

30 March 2015

openvpn


  1. beza route vs push "route x.x.x x.x.x."
  2. isu client-to-client (ccd) 
  3. iroute

https://community.openvpn.net/openvpn/wiki/RoutedLans



  • route
    • add to vpnserver routing table
    • Label on pfsense vpnServer -> IPv4 Remote Network/s
  • push "route x.x.x.x   "
    • add to client routing table
    • put all subnet on all client side
    • iroute will reconcile the 'local subnet' for each client
    • Label on pfsense vpnServer ->  IPv4 Local Network/s

Last but not least, thanks to 'very friendly' pfsense openvpn interface, which has menu sorting:
  • Server
  • Client
  • Client Specific Override 
Client Specific Override should be under Server. 



16 March 2015

virtual environtment for flask


1)virtualenvwrapper
------------------
mkproject
cdproject
deactivate
rmvirtualenv
workon drill
setvirtualenvproject
cdvirtualenv




extra
bower update --production




06 March 2015

Ubuntu Desktop Ringan/Light/Minimal

  1. Install server distro
  2. Minimal Gnome Core Desktop
    1. sudo apt-get install ubuntu-gnome-desktop
    1. Lightweight Desktop Manager 
      1. sudo apt-get install xorg gnome-core gnome-system-tools gnome-app-install 
  3.  Unity Based Ubuntu Server GUI
    1. sudo apt-get install --no-install-recommends ubuntu-desktop
      (will exclude LibreOffice and others)

26 January 2015

Full-Duplex Ethernet

Asal, Ethernet hanya boleh hantar atau terima, tak boleh serentak.

Kenapa: Utk Detect Collision.
Masa Ethernet hantar, dia kena listen juga. Jika yg diterima(listen) sama dengan yg dihantar, maksudnya tiada collision. Tapi jika tak sama, maksudnya ada node lain yg hantar serentak(collision). So Ethernet kena ulang hantar semula.

Bila guna switch, satu segment hanya ada satu node. PC - switch sahaja. Jadi potensi utk collision tiada. Maka Node boleh hantar, dan terima dari switch serentak.



ref:  http://computer.howstuffworks.com/ethernet15.htm

09 January 2015

getInstalledApplications vs getInstalledPackages


  • PackageManager.getInstalledPackages(int flags)on the other hand, will provide you information regarding all AndroidManifest's elements, such as declared activities, services, receivers, meta-data
    • Returns: A List of PackageInfo objects
    • PackageInfo contains ApplicationInfo


  • PackageManager.getInstalledApplications(int flags)  will provide you information regarding the AndroidManifest's Application tag, and just about it. Forget about activities, receivers, services and go on.
    • Returns: Returns a List of ApplicationInfo
    • ApplicationInfo 


PackageInfo properties:
  • applicationInfo - ApplicationInfo
  • packageName - String
  • versionName - String
  • versionCode - int
  • permissions - PermissionInfo[] : (.GET_PERMISSIONS )
ApplicationInfo properties:
  • className - String
  • packageName - String
  • processName - String (The name of the process this application should run in. From the "process" attribute or, if not set, the same as packageName)
  • permission(needed by other to call this app) - String
  • dataDir
  • sourceDir
  • publicSourceDir
  • nativeLibraryDir
  • sharedLibraryFiles - String[]  : (GET_SHARED_LIBRARY_FILES )

05 January 2015

simple_list_item_1

R.layout.simple_list_item_1

file: android_source_code/frameworks/base/core/res/res/layout/simple_list_item_1.xml



<?xml version="1.0" encoding="utf-8"?>
<TextView xmlns:android="http://schemas.android.com/apk/res/android"
    android:id="@android:id/text1"
    android:layout_width="match_parent"
    android:layout_height="wrap_content"
    android:textAppearance="?android:attr/textAppearanceListItemSmall"
    android:gravity="center_vertical"
    android:paddingStart="?android:attr/listPreferredItemPaddingStart"
    android:paddingEnd="?android:attr/listPreferredItemPaddingEnd"
    android:minHeight="?android:attr/listPreferredItemHeightSmall"
/>

packages.xml


PackageManager beri maklumat berdasarkan file: /data/system/packages.xml
[sangkaan yg kuat :)]


fileName: /data/system/packages.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<packages>
<last-platform-version internal="18" external="18" />
<permission-trees />
<permissions>
<item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" package="android" protection="1" />
<item name="android.permission.WRITE_CALL_LOG" package="android" protection="1" />
<item name="android.permission.CLEAR_APP_CACHE" package="android" protection="1" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" package="android" protection="1" />
<item name="android.permission.ASEC_ACCESS" package="android" protection="2" />
<item
...
...
...
.
<item name="com.dolphin.browser.permission.RECOGNIZE_GUESTURE" package="mobi.mgeek.TunnyBrowser" protection="18" />
<item name="android.permission.VIBRATE" package="android" />
<item name="android.permission.READ_CELL_BROADCASTS" package="android" protection="1" />
</permissions>
<package name="com.android.soundrecorder" codePath="/system/app/SoundRecorder.apk" nativeLibraryPath="/data/app-lib/SoundRecorder" flags="572997" ft="14039055328" it="14039055328" ut="14039055328" version="18" userId="10024">
<sigs count="1">
<cert index="0" key="308204a830820390a003020102020900936eacbe07f201df300d06092a864886f70d0101050500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303232393031333334365a170d3335303731373031333334365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87a94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f020103a381fc3081f9301d0603551d0e04160414485900563d272c46ae118605a47419ac09ca8c113081c90603551d230481c13081be8014485900563d272c46ae118605a47419ac09ca8c11a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900936eacbe07f201df300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007aaf968ceb50c441055118d0daabaf015b8a765a27a715a2c2b44f221415ffdace03095abfa42df70708726c2069e5c36eddae0400be29452c084bc27eb6a17eac9dbe182c204eb15311f455d824b656dbe4dc2240912d7586fe88951d01a8feb5ae5a4260535df83431052422468c36e22c2a5ef994d61dd7306ae4c9f6951ba3c12f1d1914ddc61f1a62da2df827f603fea5603b2c540dbd7c019c36bab29a4271c117df523cdbc5f3817a49e0efa60cbd7f74177e7a4f193d43f4220772666e4c4d83e1bd5a86087cf34f2dec21e245ca6c2bb016e683638050d2c430eea7c26a1c49d3760a58ab7f1a82cc938b4831384324bd0401fa12163a50570e684d" />
</sigs>
</package>
<package name="com.example.myfirstapp" codePath="/data/app/com.example.myfirstapp-1.apk" nativeLibraryPath="/data/app-lib/com.example.myfirstapp-1" flags="572998" ft="14979020968" it="14979020b03" ut="14979020b03" version="1" userId="10050">
<sigs count="1">
<cert index="3" />
</sigs>
<perms />
</package>
<package name="com.android.browser" codePath="/system/app/Browser.apk" nativeLibraryPath="/data/app-lib/Browser" flags="638533" ft="140390733a0" it="140390733a0" ut="140390733a0" version="18" userId="10016">
<sigs count="1">
<cert index="0" />
</sigs>
</package>
<package name="com.android.widgetpreview" codePath="/data/app/WidgetPreview.apk" nativeLibraryPath="/data/app-lib/WidgetPreview" flags="572996" ft="1403904f568" it="1403904f568" ut="1403904f568" version="18" userId="10045">
<sigs count="1">
<cert index="0" />
</sigs>
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
</perms>
</package>
<package name="android" codePath="/system/framework/framework-res.apk" flags="4767241" ft="14038ffe870" it="14038ffe870" ut="14038ffe870" version="18" sharedUserId="1000">
<sigs count="1">
<cert index="1" />
</sigs>
</package>
<package name="com.siperdana.memo" codePath="/data/app/com.siperdana.memo-1.apk" nativeLibraryPath="/data/app-lib/com.siperdana.memo-1" flags="572996" ft="14a9f955a48" it="14a9f955d48" ut="14a9f955d48" version="1" userId="10046">
<sigs count="1">
<cert index="6" key="3082036b30820253a00302010202043077d7f6300d06092a864886f70d01010b05003066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f301e170d3134313233313039303035325a170d3339313232353039303035325a3066310b3009060355040613026d793111300f0603550408130873656c616e676f72310e300c06035504071305616e67656c310f300d060355040a13066d7963657274310c300a060355040b13036d7263311530130603550403130c6a6f686e204d616b656e726f30820122300d06092a864886f70d01010105000382010f003082010a0282010100acd2c4ea085f15b7b62cf6ba8b26f598dd047a663177f621aec5c7618f3c0e5640bddc7f0881ed77a3898b0a6cbbc9e955099b07781eee46a6ab408bc549ee5c2f1b1afe0f0dd4cf105426d386b700be25dfd59c7b887538d500f6bf7145dd77c86d5cffc327207e10dcf9f072f876a88d47f2db903a739d35aea2becea429d6901f14f2eca376a2beb80d8a1aa362962ab1c9867ecfe97db0d5494fd35fb3b4df6d6845bb166dfbb21d57388e2c02ab9ff4db5ee056fb131f818665a10e5b92066b2bb1b99cb2d929b2bf1a49167206990cef438ecf902b759cd977cbf8ea1be21e90b9bb97b37a2a12dea1cddd0372d8ed7948f2af3ae0900d1c03bb5bf8c90203010001a321301f301d0603551d0e04160414cba489189cb76aaeb1793f99002f33c20f85fc87300d06092a864886f70d01010b0500038201010072da3a24c2dd719b46dbc050952d9706a8f15812fcc04eb6413f8d5c2511e136f3df56113d566c9c16ceea6fdb9e914418e4fc89cbeca7ec6d22f423b05eead8079cde3beec81b3359fdbdaa78e9297b59917710f9835ae10bc17a48fc98fef8c466b7381041eb02e6f084fe5cea8dc7c390a112f3f9eb62deec1a30cfc5df5c65cc2c105594ce358aa6e57dffe85aaeb9b22fcfcd1dc3422cb64d6cbb5f0aae18512548bb5db7161b044f9157d6794e15accc2a42e6be9a9d309805c521d0f9a5bc8a0e6efd719221f4ab6edfe368e50c6d3f4817f947a7b48ad2f171a946caf6373e4770cc66c151322043f305ddedd9056e4601e731493f890c6ac3161734" />
</sigs>
<perms />
</package>

.
.
.
<updated-package name="com.android.vending" codePath="/data/app/com.android.vending-1.apk" ft="1497e21d1d0" it="1497e0d4729" ut="1497e21d749" version="80280020" nativeLibraryPath="/data/app-lib/com.android.vending-1" userId="10052">
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.NFC" />
<item name="com.android.launcher.permission.INSTALL_SHORTCUT" />
<item name="android.permission.USE_CREDENTIALS" />
<item name="com.android.vending.permission.C2D_MESSAGE" />
<item name="android.permission.GET_TASKS" />
<item name="android.permission.SEND_SMS" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.ACCESS_COARSE_LOCATION" />
<item name="android.permission.GET_ACCOUNTS" />
<item name="android.permission.CLEAR_APP_CACHE" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" />
<item name="android.permission.READ_PHONE_STATE" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="com.android.vending.BILLING" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="com.android.vending.billing.IN_APP_NOTIFY.permission.C2D_MESSAGE" />
<item name="android.permission.MANAGE_ACCOUNTS" />
<item name="com.android.vending.TOS_ACKED" />
<item name="android.permission.CHANGE_NETWORK_STATE" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.WAKE_LOCK" />
</perms>
</updated-package>
<shared-user name="android.uid.log" userId="1007">
<perms />
</shared-user>
<shared-user name="android.media" userId="10013">
<sigs count="1">
<cert index="4" />
</sigs>
<perms>
<item name="android.permission.READ_EXTERNAL_STORAGE" />
<item name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
<item name="android.permission.RECEIVE_WAP_PUSH" />
<item name="android.permission.SET_WALLPAPER" />
<item name="android.permission.ACCESS_CACHE_FILESYSTEM" />
<item name="android.permission.WRITE_MEDIA_STORAGE" />
<item name="android.permission.WRITE_EXTERNAL_STORAGE" />
<item name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
<item name="android.permission.ACCESS_MTP" />
<item name="android.permission.READ_SMS" />
<item name="android.permission.MANAGE_USERS" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" />
<item name="android.permission.CAMERA" />
<item name="android.permission.ACCESS_ALL_DOWNLOADS" />
<item name="android.permission.INTERNET" />
<item name="android.permission.WRITE_SETTINGS" />
<item name="android.permission.ACCESS_FINE_LOCATION" />
<item name="android.permission.INTERACT_ACROSS_USERS" />
<item name="android.permission.CONNECTIVITY_INTERNAL" />
<item name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
<item name="android.permission.UPDATE_DEVICE_STATS" />
<item name="android.permission.ACCESS_NETWORK_STATE" />
<item name="android.permission.RECORD_AUDIO" />
<item name="android.permission.WAKE_LOCK" />
</perms>
</shared-user>
</packages>








Tambahan :
fileName: /data/system/packages.list
com.android.soundrecorder 10024 0 /data/data/com.android.soundrecorder release
com.android.sdksetup 10005 0 /data/data/com.android.sdksetup platform
com.android.launcher 10012 0 /data/data/com.android.launcher shared
com.android.defcontainer 10002 0 /data/data/com.android.defcontainer platform
com.android.smoketest 10041 0 /data/data/com.android.smoketest default
com.android.quicksearchbox 10006 0 /data/data/com.android.quicksearchbox shared
com.android.contacts 10004 0 /data/data/com.android.contacts shared
com.android.inputmethod.latin 10030 0 /data/data/com.android.inputmethod.latin shared
com.android.calculator2 10033 0 /data/data/com.android.calculator2 release
           
       
   

adb cheat sheet

1) pull files recursively

  • add /.    >>  adb pull /data/data/com.whatsapp/. downloadDir

02 January 2015

android obfuscated

Dalam project.properties:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt

dan berikut:
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider

-keep public class * extends android.view.View {
    public (android.content.Context);
    public (android.content.Context, android.util.AttributeSet);
    public (android.content.Context, android.util.AttributeSet, int);
    public void set*(...);
}

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembers class * {
    public (android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers class * extends android.content.Context {
   public void *(android.view.View);
   public void *(android.view.MenuItem);
}

-keepclassmembers class * implements android.os.Parcelable {
    static ** CREATOR;
}

-keepclassmembers class **.R$* {
    public static ;
}

-keepclassmembers class * {
    @android.webkit.JavascriptInterface ;
} 

Dan perlu sign apk(kalau tak sign, tiada obfuscated)
[RightClick Project -> Android Tools -> Export Signed Application Package]



ref:
1) http://stackoverflow.com/questions/22322061/how-can-i-obfuscate-my-code-in-eclipse-android
2) http://proguard.sourceforge.net/#manual/examples.html