Jul 30, 2011

Reverse Engineering Tools For Android

This tool was created by nelhage 
Reverse Android: Some miscellaneous Android reverse-engineering tools.

This repository contains some tools I've written for reverse-engineering Android
applications, as well as any that I may write in the future.

You can find the initial announcement of these tools on my blog:

The contents so far are:

- ddx.el: An emacs mode for working with Android assembly. Includes two related
  modes, ddx-mode and smali-mode, for working with the output of Dedexer
  (http://dedexer.sourceforge.net/) and baksmali
  (http://code.google.com/p/smali/). The mode was written for reading decompiled
  assembly, but may also be useful for people writing smali assembly.

- ddx2dot: A Python script for rendering methods in dedexer-produced assembly
  files to control-flow graphs using dot (http://www.graphviz.org/).

  Usage is 'ddx2dot FILE.ddx METHOD-NAME OUT-FILE'

  METHOD-NAME should be a prefix of the fully type-qualified name of the desired
  method. The output format will be detected from the extension on OUT-FILE; If
  auto-detection fails, the program will write dot source code.

  Sample output can be seen at

  Currently it only supports rendering a single method at a time. If there's
  interest in rendering an entire class to a giant image, I might implement
Source: https://github.com/nelhage/reverse-android 

If you like my blog, Please Donate Me
One Dollar $1.00

Howto: Wireless Ownage Video Of Securitytube.net

With over 40+ HD videos containing 12+ hours of Wireless Ownage, this DVD weighs in at around 4.2 Gigabytes!

A quick breakdown of the course topics and associated videos is available here.

Direct Download Links:

1. Mirror thanks to Mister_X from the Aircrack Team:


2. Mirror thanks to Chaos Darmstadt:


3. Mirror thanks to KokelNet.de (both IPv4 and IPv6!):


4. Mirror to the BofH of Nikhef (both IPv4 and IPv6!):


5. Mirror thanks to y0ug:



6. Mirror thanks to Bernard from Insecure.co.nz :


7. Mirror thanks to djekl :


Source: http://www.securitytube.net/downloads

If you like my blog, Please Donate Me
One Dollar $1.00

Jul 27, 2011

SSLSniff with iOS Detection

Apple has announce iOS 4.3.5 and I found something looks interesting
  • Data Security
    Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad
    Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
    Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
    CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave's SpiderLabs
 The description is the "vulnerability of BasicConstraints attack" that found by Moxie Marlinspike. So after I try to search how to simulate the attack, I found the update of sslsniff(if you want to download, please click here) that update for add iOS fingerprinting support. And in that post Moxie tried to expand this attack with easy words.

The vulnerability was that, back then, nobody really validated certificate chains correctly.  Webkit browsers, as well as the Microsoft CryptoAPI (and by extension Internet Explorer, Outlook ,etc...), validated all the signatures in a certificate chain, but failed to check whether the intermediate certificates had a valid CA BasicConstraints extension set. This meant that you could take any old CA-signed certificate and use it to sign any other certificate.
In other words, if you bought a valid certificate for your website, what you got was the equivalent of a CA certificate. You could use it to create a valid signature for any other website, and (naturally) intercept SSL traffic.

To intercept traffic from vulnerable iPhones, simply run:
sslsniff -a -c <path/to/your/certificate> -f ios -h <httpPort> -s <sslPort> -w iphone.log

So if you want to test this vulnerability of your iOS device, I think sslsniff is the best tool to test.

Source: http://blog.thoughtcrime.org/sslsniff-anniversary-edition

If you like my blog, Please Donate Me
One Dollar $1.00

Jul 26, 2011

Pwn Residential Router With Routerpwn

Routerpwn.com is a web application that helps you in the exploitation of vulnerabilities in residential routers.

It is a compilation of ready to run local and remote web exploits.
Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices.
It is only one page, so you can store it offline for local exploitation without internet connection.

== Install ==

iPhone/iTouch (JailBreak not needed):
Using Safari, browser the main url:
Select in Safari's main menu: [+]
Choose: "Add to home screen",
Enter a name or accept the default: "Routerpwn"
Click "Save".

 Source: http://www.routerpwn.com/info.html

If you like my blog, Please Donate Me