Archive

Posts Tagged ‘Android’

tcpdump on Android

September 11, 2011 2 comments

I’m interested in intercepting the data my Android device is sending – I use Wireshark under windows, using winPcap to capture packets.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers.

http://www.winpcap.org

WinPcap is based on libpcap, a linux tool that’s been ported to Windows.

porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed

http://en.wikipedia.org/wiki/Porting

Linux Kernel, Linux tools?

Android has a linux kernel, so surely there must be a libpcab based tool out there to capture packets?

tcpdump is a command line tool for linux that can capture and analyse packets from the console, or write them to a file. Luckily, the files generated are compatible with Wireshark, being based on the same packet capture software.
The only issue now is to find a version made for Android.. I know some basic shell command like cat, grep, ls, but not enough to do my own Android cross compile..

Strazzere.com

So I was searching around for a tool and came across Strazzere.com – A site about Android and software engineering, and very kindly they host an Android version of tcpdump. It’s based on

tcpdump version 3.9.8 libpcap version 0.9.8

and the latest versions are 4.1.1 and 1.1.1 respectively, so it’s a little out of date, but fully functional.

Installation

So this probably only works if you have root – I have root, and I’m afraid I’m not going back to stock to test it. I have VillainRom 2.4.2 and these instructions are based on the steps I’ve taken to get packet capture working.

You need the Terminal Emulator installed, or you can run the same commands from the ADB shell on your computer, but this post is specifically about the terminal.

Download the file from your phone, so now the tcpdump file is on the handset. In this example, the file is stored in /sdcard/data/

The commands, file and directory names are all case sensitive, so tcpdump is NOT the same as TCPdump.

Terminal

Just cp file to bin and chmod

Now, in the terminal type;

  1. su
  2. mount -o remount,rw /system
  3. cp /sdcard/data/tcpdump system/bin
  4. cd system/bin
  5. chmod 777 tcpdump
  6. mount -o remount,ro /system

To explain the commands; you need to request root, set /system as read-write, copy tcpdump to /system, give it read/write/exec permissions and finally remount /system as read-only.

Packet Capture

Finally, you’re ready to capture some packets. In terminal window, type;

tcpdump -vv -s 0 -w /sdcard/tcp.cap

-vv puts tcpdump into verbose mode – to give us some extra information
-s 0 sets the size of sender to look for to zero, telling the program to grab all packets
-w /sdcard/output.cap will let us set the packets grabbed to be written to the sdcard for analysis later.

http://strazzere.com/blog/?p=286

and all packets will be logged to tcp.cap – Ctrl+C ends capture. This can be done with volume down and C in the emulator.

tcpdump in the Terminal window

Advertisements
Categories: Android, Software Tags: , ,

Quidco App for Android Logs Username, Password, IMEI and Card Details Without Encryption

August 21, 2011 3 comments

Quidco App for Android v1.0.4 – Still Just A Beta Test

I installed the Quidco app for Android from the Market a few days back, and I thought it would be nice to do a review.
However, after a bit of poking around I found a log file – Qlog.txt – with my Quidco username and password stored plain-text.

Quidco Username & Password

A quick check revealed also the app was logging my quidco userID and my phones IMEI number.
The IMEI is unique to every handset, and doesn’t necessarily relate to any individual, the SIM does that through the IMSI.

Anyway, the quidco app gets your IMEI through the READ_PHONE_STATE permission, which is requested on installation. It is shown below as Read Phone Status and ID.

Quidco App Permissions

Store Card

The app gives you the opportunity to register a credit card, for earning in-store cash back.
I read through the terms and conditions first, to see what safe guards are in place to protect my data.

T&C Section 2

Great! My card details are only stored and processed in encrypted format..

Screen grab was made after bug found, to illustrate the problem, but log file is exact except redactions.

My Card 8888..

Logged Un-Encrypted

Data Protection Fail.
Please note, the screen grab of card number was made after the bug was found, to better illustrate the problem, but the log file is exact except redaction.

Further Development

This fault has been reported to Quidco, un-installing the app does not delete the log file.
My handset has root privileges, you may be able to view or delete you own log file without root.

Update; the Quidco response to this issue is

..that the android version of the Quidco app is only a test version and this is not meant for use at the moment.

We have not launched the android version of the app so any personal use of this is completely at your discretion as we are currently running our own tests on this to ensure everything is ready before our official release.

If you have any worries or concerns, contact the app developer or read the Information Commissioners Office guides;

Disclosure of personal information
If your personal information has been disclosed in a way that you did not expect you can complain to us.

http://www.ico.gov.uk/complaints/data_protection/supporting_evidence.aspx#disclosure

Security or loss of personal information
If your personal information has been lost or is not held securely you can complain to us.

http://www.ico.gov.uk/complaints/data_protection/supporting_evidence.aspx#security

I’m sure it’s possible a malicious program could be written to extract these details from your log, and gain full access your quidco.com account.
You do use a different username and password for all sites, don’t you?

Google Web and Mobile Search UI Update

June 29, 2011 Leave a comment

The new Google UI is based on 3 key principles, focus, elasticity and effortlessness. You can read more about the three key design principles directly from the official Google blog.

Android

On Android handsets, there is a really nice UI update to the Google Search page, tightly integrating the touch functionality of the handsets.
On launch, the address bar is hidden out of sight, however you can still scroll the page to reveal it. The focus in on Search.

Google Search in Browser

Click more to reveal extra search options – as you click, the screen smoothly scrolls to reveal icons for the more popular search tools, Images, Shopping, Places, YouTube and even Apps.

Select More for Extra Search Options and Apps for Quick Access to Google Web Apps

However, if you choose Search and select Apps, it doesn’t link directly to the new web based Market, nor does it load market app on the handset, instead showing search results with matching App details.
Indeed, choose Apps, and it presents icons for Gmail, but click the limk and it redirects to the Gmail website. So is this new mobile UIĀ  purely superficial?

Even if the new UI loaded the apps on the handset, why would I load the browser, and navigate through to the right page, when I’ve got icons on the homescreen to do that for me?

Apps One Touch or Swipe Away

Unless you’re using the stock browser, you miss out on this over engineered front end. Opera and Firefox display the standard Google mobile search interface.

Web Interface

Google updated their Search user interface for the rest of it’s users to include a nice black bar across the top.

The new contrasting top bar is designed to focus your eyes on the logo – the search bar remains un-noticed and unobtrusive until you actually look for it.
The look and feel of the search results has changed, or feels like it – there seem to be fewer ‘sponsored links’ at the top of the search results.