How to create your own Android spy app

Like many, I know nothing about Java. Oh wait a minute, Java and C++ have similar syntax and I did learn the latter. But still, I have no clue about how to create an Android app, not to mention Android spy apps.

But this should not be an obstacle. I recently get to know that someone has already released the source code for an Android Remote Access Tool (RAT) known as AndroRAT. It allows you to remotely control any Android device which installs this app, read its messages, phone book, call log, use its camera and microphone, and pinpoint it on a map in real-time. Basically you can do anything you want, free of charge. In fact, there are already many AndroRAT based Android  spy-ware out there.

Here I will introduce how to customize it and get the app working the easy way.

In order to begin the whole process, you will need to get a few things ready. If you alrady know a lot about Android and Android apps, then it should be a piece of cake. Even if you are completely new to Android, it’s still quite easy as long as you know how to install software on your computer.

There are actually three software need to be installed, eclipse (Eclipse IDE for Java Developers), Java Platform, and Android SDK.

Once you are done with the software installation, head over to github and download the Androrat files, what really matters is the source code folder names src. The Androrat sub-folder is for the Android phone, and AndroratServer is for the server side. But first, you need to customize and compile them.

Now open eclipse and import Androrat, you will see two projects.

androrat project

Now import two jar packages. If other packages are missing, you can always download them at  FindJar.

android jar

I tried to run them directly. First the Server app, see below. The settings like server port can be changed via config.txt or the source code. In fact, you can change the IP address there too. If you have a domain name, better replace the IP address with it.

androrat server

Then the mobile app (I did not compile it here), it will switch to the home screen automatically once you are done with installation, and you won’t find it in recent apps. It names itself LogsProvider, but you can change it to whatever you wish. Better something like a normal app so others won’t have any doubts.

androrat4

In order to better hide and protect the app, there are a few changes to be made in LauncherActivity.class.

androrat settings

A few possible tweaks below, although you may not see the same gui.

androrat settings

Note, in order to run it on other devices the easy way, you need to compile the mobile files and create an apk file.

A few thoughts

i, build a PHP based server side script which will handle the data transferred from the mobile app and save them in MySQL. You can later display these data on a webpage and a map. You can even let others create an account and let many people use this service, paid or for free.
ii, create a service and monitoring SMS, connect to the server once text message contains certain keywords arrive.
iii, hide from anti-virus apps or even kill them.

2014-Jun-Thu | Category: Cell phone spy | Tags:

Catch a cheating spouse using Boyfriend Log

If you read my blog often, you won’t be surprised to see cell phone tracking or spy apps are widely discussed and installed for whatever reason. However, every time such an app comes out, it would cause a lot of concerns about privacy. This time, it’s all about an Android based mobile device spy app called Boyfriend Log.

The app, which is developed by a Japanese company, is designed for jealous girls to spy on their boyfriend. Although it’s intended for tracking man by name, but it can be used to spy on woman as well as long as she has an Android device. So if you doubt your spouse is cheating on you, this app is perfect for you to find out the truth.

Like many other mobile tracing apps introduced in my blog, it uses cell phone in-built GPS to to get the location data. Once installed, it works in the background so the owner won’t notice it. Then you can sign up to the official website with the ID and password obtained when install it. The website will load a map and show the current location.

In addition to location information, it will provide additional data like battery status; apps downloaded and even call log for paid members and Platinum members. You can have a 3-day free trial, and then it costs 525 Yen a month, 840 Yen for 3 months and 1,980 Yen for a year. The Platinum membership costs about 1,980 Yen/month, 4,980 Yen/3 months or 8,980 Yen/year.

The app started to sell during August, however protests followed for concern over misuse and it was discontinued. I searched it on Android market, but could not find it. I also visited its official website, and found that the free trial was extended to 30th Sep and the Platinum membership was cancelled. The company also apologized on the website and said would remove the call log service from the app.

On 5th Sep, US anti-virus giant MacAfee claimed that they had considered it as questionable since the app expose personal information to third party without the consent of the cell phone owner.

There are now many mobile tracing and spying apps out there, most of them are used to locate a cell phone, backup and restore data, perform a remote wipe or lock if the device goes missing. But hardly any of them is designed to spy on a cheating spouse, that’s what differentiates Boyfriend Log from the others which also caused the company lots of trouble. However, if you ever hear of Super Bluetooth hack, you should have known that it has already been achieved long ago for short distance cell phone spying -:).

2011-Sep-Fri | Category: Cell phone spy | Tags: ,

Vodafone network hacked – Cell phone spy is easy

With a simple device called “Sure Signal” which is available currently at 50 GBP, you can listen to any cell phone call, impersonate any handset, make phone calls on the victim’s cost and even access his / her voice mail.

This is not in the movies; this is what exactly happened to one of the world’s largest carrier Vodafone. A security group called The Hacker’s Choice (THC) hacked Vodafone 3G/UMTS/WCDMA network and gained the root key to spy on any cell phone call made by Vodafone customers.

The vulnerability lies within Vodafone’s Sure Signal / Femtocell equipment which are used to improve the signal strength in areas where it’s poor. The device was used to be sold at 160 GBP to any customer (prepaid or contract), which is connected to Vodafone core network HLR /AuC which stores the secret subscriber information via customer internet connection. After receiving the device, the user has to register it together with his /her cell phone number. Although Vodafone said only the buyer can use this base station, but it said up to 30 cell phone numbers can use the device.

THC gained the root access to Femtocell which contains a “mini RNC” to request and receive the secret key of a Vodafone user from the core network, which enables a hacker to listen to the victim’s phone calls.

Basically, after gaining access to Femtocell, an attacker can do the following:

-Intercept and listen to calls.
-Commit fraud by placing calls or SMS using somebody else’s SIM information.
-Tunnel back to the UK, using he Femtocell anywhere in the world.
-Attract other mobile devices to the Femtocell.

The whole process is done very quickly as Vodafone made a design mistake by assigning ‘newsys’ as the root password for all its Femtocell which made the attack easier.

The full details can be found here.

2011-Jul-Fri | Category: Cell phone spy | Tags: , ,

How to know if Google is spying on you

A few days ago, two women from Oakland sued Google for tracking their location using Android Smartphone although Google said users can opt-out of “location services” when set up their Android devicess. However, there is more than one way Google can spy on us. The question is however, as an individual, how do you know if the big brother is spying on you?

In order to answer this question, we need to know how Google collects our location data and what data they store.

How Google collects location data?

There are a few ways Google could know our locations. If you have an Android phone, Google definitely knows where you live and where you have been. If you have iPhone or Symbian mobile device or other Smartphone but have Google Maps installed, Google knows where you are and places you visited. Even if you do not use mobile devices or Google Maps, Google still knows where you live if you have a wireless router or use their browser Chrome. As matter of fact, as long as you use the internet, you could not avoid Google. The truth is, Google is everywhere and we can hardly live without Google’s presence online.

But, how could Google know our location anyway?

1 Google street view cars collects data about our WiFi access points and cell sites. If you ever see Google Street view car around, your Wireless router or nearby cell sites could be recorded by Google. Although Google stopped this operation under pressure, they have collected a huge load of information about us.

2 Google Maps or Android phone record our location data. Ever since Google stopped using street view cars to collect our location data, they started using Google Maps and Android phones which come with many Google products to do so. It’s said that Google Maps for Android has been downloaded more than 50 million times, not to mention other mobile platforms. So Google Maps is an ideal tool to collect users’ data.

3 Google Chrome is watching us as well. Chrome has a 12% share of the browser market, following IE’s 45% and Firefox’s 30%. With such a huge user base, Google could easily record and store our location data. In fact, Google can use its other products like Gmail, Analytics and Adsense to get user information as well.

What data do they collect?

Well it’s hard to know as Google did not reveal any details. However, Google did say all the data collected are anonymous. As far as location data are concerned, it could include latitude, longitude, altitude, speed, address, city, country, postcode, MAC address, CellID, location area code (LAC), IP address etc.

All these data collected are then sent to their location servers for processing to provide location based services.

How do we know if Google is watching us?

Now this question is easier to answer as we know what information they collect and how. Since Google stores all the location data in their servers and they provide API for us to access them, we simply need to send queries to their server. If it returns our location, then we are being watched. If not, we are not exposed to Google.

I have developed a few tools which you can find in navigation bar to query Google’s location server. You can use these trackers to search your CellID, LAC, MAC address and IP address in their server. If you are being tracked, you will see your location returned and showed on Google Maps. Otherwise, Google is not spying on you.

2011-May-Sun | Category: Cell phone spy | Tags: ,

Spy on cell phones now possible

We used to see someone boast of spying on any cell phone, saying that their mobile spy software could listen to others calls and read their messages, well you know that’s not true.

But this time, you should be aware, someone could listen in. Some days ago, German security expert Karsten Nohl showed in Chaos Computer Club Congress that you could eavesdrop on GSM mobile devices with a few cheap Motorola handsets. He showed the whole process, how first to lock a mobile device, then acquire its ID, and next to intercept the encrypted calls and message transferred between the cell phone and base station, and finally the decryption using their code book developed by their community in a year.

Karsten Nohl used a few cheap Motorola devices which cost about 10EUR to attack the GSM network. He said they used Motorola handset because their firmware manual was available on the Internet, and they could use some open source programs on them.

The GSM network use the 64-bit key A5/1 encryption in the developed country which could no longer withstand the computing power today, what’s worse, in some developing countries, the data is not encrypted at all. Mobile operators like AT&T and T-Mobile did not wish to adopt the A5/3 128-bit encryption key in the past due to the high cost, but now this could change.

Karsten Nohl also released the exploit on the net as a torrent which comes to 2TB, so anyone have internet connection could download it. The GSM encryption algorithm code book then could be used to do the decryption.

However luckily, in order to record a call, some advanced radio equipment is needed which could cost up to 1500 US Dollars and the eavesdropper to be in the vicinity of the victim.

[Ref]CNet’s interview with Karsten Nohl.

2011-Jan-Sat | Category: Cell phone spy | Tags: ,

Copyright © 2009 Profone Tracking by Alex Zaah. All Rights Reserved.