How To Root Your Nexus One Android Phone [Tutorial]

There have been a long time i haven't wrote any tutorial so that's why i have written this tutorial for you guys but as a matter of fact i don't have a Android phone i would only give you guys a prospective on how to hack or even root your Android phones.



Well its kinda very easy tutorial and can be found on many places on the internet but i am like very lazy or you might be so i have written from my heart inside just for you guys believe me.

Ok jokes over lets move onn with the procedure of hacking aka rooting your android box for like forever. Before getting started, remember to back up your phone, including your contacts, SMS messages, files and photos…

Steps

Ok here we go,

1. The first step is to download and install Superboot, a boot image that, when flashed, will root the device the first time you boot up.

You can grab a copy of the Superboot zip file from the Modaco forums here.

2. Dude, extract it !

Use Winrar or Winzip etc

3. Now the tuff work, we need to boot our android phone on bootloader mode.

To do so, turn off the phone, remove the battery, and plug in the USB cable. When the battery icon appears onscreen, pop the battery back in. Now tap the Power button while holding down the Camera key.

O.o

4. Depending on your computer's OS, do one of the following:

• Windows: Double click "install-superboot-windows.bat"
• Mac: Open a terminal window to the directory containing the files, and type "chmod +x install-superboot-mac.sh" followed by "./install-superboot-mac.sh"
• Linux: Open a terminal window to the directory containing the files, and type "chmod +x install-superboot-linux.sh" followed by "./install-superboot-linux.sh"

5. Ok we are done !

So you are little bit confused in this process right then lets see what i can do,
Ya, i got something for you, Instant Root offloads all the effort and rooting is just single-click away.

Download “Instant Root” APK
Here’s how to Root Android, quickly:

1. Install & Run the APK file.
2. On receiving confirmation message, Restart your phone and that’s it.

That was easy right.

Screens

Not this one

System Recovery Console

Rooted !

Conclusion

We have previously also have written on how to hack aka root aka jailbreak your iPhone which was pretty big article and i have learnt from it, that i should write small articles, because of you guys.

 Android Wallpaper !

This was a good article and would help you in future and some other days like them, whatever. Well we are not letting you get out of my blog so soon we have got something for you. A wallpaper…

Happy Hacking @hackerthedude

Read More

RSA Crypto 768-Bit Keys Cracked

Yes, you heard it right one of the most famous and which have been for years to encrypt the communication standards have been cracked by a bunch of scientists who took about two-and-a-half years and hundreds of general-purpose computers.

 

 

This accomplishment was reached on December 12. In my eyes it would have been very much harder to crack this kind of cryptography because it is so much calculated and so much hard to to crack…

 

The team managed to factor the 232-digit number that RSA held out as a representative 768-bit modulus from a now-obsolete challenge. They spent half a year using 80 processors on polynomial selection.

 

Sieving took almost two years and was done on "many hundreds of machines". Using a single-core 2.2GHz AMD Opteron with 2GB RAM, sieving would have taken about 1,500 years, they estimated.

 

The only word come in my mouth right now is WOW.

"There's indisputable evidence here that 768-bit key are not enough. It's a pretty interesting way to close out a decade."

But as a matter of fact this is not the end as the new RSA crypto, which would be coming soon, is 1024 – Bit which would be much more harder to crack then all the previous one’s .

 

"If we are optimistic, it may be possible to factor a 1024-bit RSA modulus within the next decade by means of an academic effort on the same limited scale as the effort presented here," authors of the research wrote.

 

"From a practical security point of view this is not a big deal, given that standards recommend phasing out such moduli by the end of the year 2010."

 

So, its kinda like a win win for the scientists but not for the general purpose hackers as they cant be used until we get that amount of hardware to use and hence to crack that 768-bit crypto.

 

"It's an important milestone," said Benjamin Jun, vice president of technology at security consultancy Cryptography Research.

 

RSA 768 Bit Crypto Cracked

 

We have the research paper just for you guys, its all like maths thing if you want to read you can or you can download it too.

 

Happy Hacking @hackerthedude

Read More

Can You Believe Playstation 3 Just Got Rooted - Geohot

Well its kinda like the days are over of PS3 to be called secure because of a true fact that, the hacker behind some of the iPhone jail breaking and iPod too is behind the Playstation 3 Hardware and is nearly finished with the exploit.

 

 

On 22nd of this month the so known hacker George Hotz aka Geohot have claimed that he have successfully hacked the play station 3 box which he got from his friend.

 

“I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1. I've also dumped the NAND without removing it or a modchip.”

 

The exploit which he is talking about and is working on is not till yet done and haven't been released by him….

 

As of now the Geohot is kind of quite about the exploit and its usage and writing about it :

 

“As far as the exploit goes, I’m not revealing it yet. The theory isn’t really patchable, but they can make implementations much harder.”

 

Well lets see what happens when the exploit would be out and there would be fight between the sony and geohot on the security hole as he is also not sure about the whole thing that it could be patched or not.

 

In particular, he said, he would publish details of the console's "root key", a master code that once known would make it easier for others to decipher and hack other security features on the console.

 

On the other hand the sony officials are working hard to find what the George finded in the console. As of now they have said "We are investigating the report and will clarify the situation once we have more information,".

 

He says alot of reverse engineering have been left for him with the box to hack it fully.

 

Lets hop he finds the right exploit to hack the ps3. As it would be the first time after 3 Years and 2 months and some days that the Sony ps3 which is so know for its security is hacked successfully in which anybody can run pirated games and even modify them.

 

 

Hope For the Best ..

Read More

Techcrunch Hacked

TechCrunch : The biggest network of tech news showdown and one of the most visited websites in the world have been hacked just 11 minutes later we got this news. I am investigating about it, as soon we will get the news we will update this post.

 

Update 1 : The Blog is back after 15 minutes of hacked state.

Update 2 : We got some more screens and at 25 minutes after the hack the blog got again hacked with a new words from the hacker..

Update 3 : Official Message come from the TechCrunch Team ":

“Earlier tonight techcrunch.com was compromised by a security exploit.
We're working to identify the exploit and will bring the site back online shortly.”

The Hack is some kind of a link which have a anchor text of “Rapidshare Download”, as it is the most obvious reason people will click on it.

 

But in the meantime the geniuses behind the techcrunch team have seen this and is working on this matter showing a notice on their blog “We'll be back shortly.”

 

Screens

Here are some of the screens when the techcrunch was hacked and the later one’s also.

 

 Time when hacked

 

11 Minutes later

 

New Hacked notice

 

The Hackers Link

 

Well we don't know till yet how the website was defaced and where the link took the visitors too as soon as the team behind the techcrunch reveals it.

 

Its a big news as its the first time a big blog like techcrunch have been hacked. The link which the hacker is tooking to is a some kind of a torrent sharing portal which would be his only.

 

What do you think ?

Read More

BT4 Final, Nmap and Immunity Debugger Updated : There is Something In Air

Yeah there is definatly something in the Air, as there are some major tools updates this which are kick ass starting of with the New Backtrack 4 Final release, then there the new Nmap v5.20 released and the most anticipated Immunity Debugger 1.74 released all in the just one week.

 

 

Yup, this is exciting and we are all set to use them Dude, this is Hardcore this is pretty much great week for hackers and if you see at the upcoming soft’s you would be more excited, i am talking about Endor and Hax, would be launching soon…

Backtrack 4 Final

Starting with the Backtrack 4 Final version released, the pre final release of Backtrack 4 was released in june of 2009 and its final version was released about 4 days ago. This is awesome news from the Offensive guys.

 

 

With this release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all (well, most..) major bugs that we knew of. This release we received an overwhelming support from the community and we are grateful to everyone that has contributed to the success of this release.

 

Download: http://www.backtrack-linux.org/downloads/

 

Nmap 5.20

Can you believe this, this new version of the most important and awesome tool is out with a new updates and i am loving it. well i got this news pretty back in my mail but was waiting to tell you guys.

The latest edition of Nmap come with some of the following Updates :-

1. 30+ new Nmap Scripting Engine scripts
2. enhanced performance and reduced memory consumption
3. protocol-specific payloads for more effectie UDP scanning
4. a completely rewritten traceroute engine
5. massive OS and version detection DB updates (10,000+ signatures)…

There are many other updates in this new version which you can view at the official change log of Nmap.

 

Download : http://nmap.org/download.html

 

Immunity Debugger 1.74

The most anticipated debugger atleast for me is out now with a new version Update and is awesome. Yepee Yeah it got the new python support in it !! i just love this bugger and the good news is that it is not pre, alpha or any f*#ed version of it, it is hardcore and is ready to download.

 

 

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

 

Some features of Immunity Debugger :

1. A debugger with functionality designed specifically for the security industry
2. Cuts exploit development time by 50%
3. Simple, understandable interfaces
4. Robust and powerful scripting language for automating intelligent debugging
5. Lightweight and fast debugging to prevent corruption during complex analysis
6. Connectivity to fuzzers and exploit development tools...

 

Download : http://www.immunityinc.com/products-immdbg.shtml

 

Conclusion

Awesome news coming from the far end we need to work hard and this is just the begging of something cool.

 

Happy Hacking @hackerthedude

Read More

Danger : Warning From Electricity [Pic]

 

* Click to view full size

Read More

Deep Look At Netdevilz XSS : Whois.com Hacked

These days xss and sql injection and mostly blind sql injections are working allot as we have also covered many of them like the Intel one, and many others too but this time the big domain tool whois.com is hacked.

 

 

Well i am not sure that many of you guys won't know what is whois, so here is the basic information about it.

 

WHOIS (pronounced as the phrase who is) is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. ~ via Wiki

 

The WHOIS system originated as a method for system administrators to obtain contact information for IP address assignments or domain name administrators So, the end of the story tells that it is useful…

 

The Website was hacked about 1 to 2 days ago, by any hacker named Netdevil as of till now the hacker is pretty good in it as he have also previously hacked photobucket.com, which is another pretty popular photo sharing website, back in 2008.

 

This Turkish hacker have also Hacked ICANN website back also and have stricked again now in 2010 attacking Whois.com. Well i am not sure about it but some guys are saying that Netdevilz have also Hacked xiana.com and xssed.com before.

Screen Shots

 

 

 

*Click to view Full Size

 

XSS

Well until now you would be sure that Netdevilz used the XSS vulnerability in the web form to attack the website and hack the whole domain or you can say Full Ownage. The attack is a kind of clever and is my favorite XSS, A poisoned whois xD

 

If you look at the screenshot above of the xss, you would find the attacker script have been initialized the vector on the name of the form ..

 

http://domains.whois.com/domain.php?action=check_availability&goto=metarefresh&formaction=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E

 

Well the &formaction is a kind of vulnerable to XSS and is hence attacked, i would like to thanks Security-Shell for this information of the XSS initializer and looking at the xss in the website.

 

Conclusion

Try it, if this works then awesome or it might be fixed till yet Enjoy this little hack, if you guy would like to learn more about xss hacking then you can see the
Basic XSS hacking article on the blog.

 

Thanks to d3v1l from Security-Shell For this information about the xss.

 

Happy Hacking @hackerthedude

Read More

2 New Interesting Xss This Week

This Week some of the genius hackers have found some really cool XSS vectors and which i want to introduce to you. These are some which are currently Unpatched and are Hot to use.

 

 

Lets see if you guys like them, these are basically good ones and would be useful to you. as i have tested them on some browsers and was found to be working when they were released...

 

IE8 XSS Filter Distorting Facebook

The First one is from Michael Coates, he have written this Facebook Xss in his blog post which is based on IE8, and which is currently Unpatched too. A Hacker can Code a malicious link and send this to the Victim.

 

He also said this haven't been disabled by the facebook security guys and is prone to attack. This provided a great example on the effects of the IE8 XSS filter. He have also written in his previous post about this attack.

 

 

 

He also have given this screenshot for the demo of the attack and the malicious Link :

http://www.facebook.com/search/?ref=search&q=IE8%3Cscript%3E&init=quick

 

 

Google Maps XSS

Discovered by two Indians this vulnerability hit the charts on twitter and was awesome, based on the Google Maps. Pratul Agrawal, Gaurav Baruah were the two authors.

 

 

The Xss is a Simple PoC right now and as per the two authors is currently Unpatched . You should check it out!

 

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8

 

 

Happy Hacking @hackerthedude

Read More

Gmail Goes https For Secure : Wi-Fi Protection

Google Just announced they are now moving to the Stable connection of https rather then the traditional connection of http. Gmail previously have also announced that they are making the Mails on https security but now Google is changing the whole connection to https.

 

The Reason are straight the Google is pretty much haded with the Chinese issues going onn. So its just the China which made this possible and special thanks to the hackers, as many of the people are now using SLL on their Gmail.

 

A group of 37 security and privacy specialists sent Google a letter (PDF) last June, urging the company to offer this feature. Gmail became the third-largest email provider last August, with more than 37 million unique visitors...

 

You can also change the Default use of https on your Gmail account by going into settings and checking Not always use https. The new turn in this story of Gay is that, Google is making this because of the Wi-Fi owners as many people are now using wifi and making a secure connection will be good.

 

This is pretty obvious that Google is haded with its security and is on a way to change the way it is done. Lets see if this https stops us from Hacking.

 

What you say ?

 

Read More

Are You Ready For Nullcon - Goa 2010

Nullcon are some conferences in India which are made for hackers and security guys, i was pretty exited to know about them as they are going to took place on the 6th - 7th of February of 2010.

 

 

The con is pretty respected as many of the known security officials are joining inn the con. Some of the Speakers at the con are Veysel Ozer, Cassio Goldschmidt, Lavakumar Kuppan and many others. You can view the whole Plot here.

 

Many of the cons are being started like the Shoo and others also. But its great to see some starting in India too. Null con is going to be awesome and i am pretty sure you should join in too...

 

With the Association of SANS these cons would be landed in Goa, Bangalore and some of them in Puna. This is gona be Big.

 

Some Shoots

Well i am not going to be in the con as of my schools, so i just got some pics for you guys.

 

 

 

 

 

  [ Source : Flick ]

Conclusion

I wouldn't be there but you should join it as a great man comes with a great resources. Here are some of the information regarding the con.

 

Conference Pass

Time Period	Price
Till 15th Jan 2010	INR 2000/-
15th Jan – 6th Feb 2010	INR 2500/-

 

 

 

STATUTORY WARNING: nullcon can cause severe exposure to high octane gyan and could leave participants exhausted with wild shack parties. Beware, Be There.

 

You can Register Here.

 

Happy Cons @hackerthedude

Read More

Angelina Jolie and Barack Obama #1 Choice of Spammers [Report]

MacAfee inc have just released there monthly report on the most Spammed people in the world and this month was special as it is the 1st month of the new year 2010.


There are many others also included in the report published yesterday and you care right the most obvious subjects for spammers are none other then the president of United States "Barak Obama" and one of the most beautiful Actress "Angelina Jolie".

“Free-hosting” websites to provide spam URLs have also become a major target for spammers in this arena. As this to me is obvious as most of us want Free-Hosting for our files and web space.

McAfee Labs™ Discovers and Discusses Key Spam Trends By Adam Wosotowsky and Elan Winkler.  Going Straight away to the reports lets look at the Top Most Spammed Actress in the world...

Top Most Spammed  Women's

 
Well if you ask me then its brutal, just see the no. of spam's around the Angelina Jolie there is. But if you see the reports of Oprah Winfrey then its just about the same of the Angelina Jolie.

Top Most Spammed  Men's

The Figure looks pretty mind Blowing as you can see the no #1 is Barak Obama and then comes Michael Jackson. But As a matter of fact the No. of spam's for the Angelina Jolie just are very behind the number of spam's for the US president Barak Obama.

Its a shame, We nailed it XD

Conclusion

Whosoever is the #1 or #2 doesn't matter as the number of spam's are increasing around the world and the most of them are popular people's around the world from the Barak Obama to Angelina Jolie.

Looking at the fact that the Free Hosting is the one most added spam's. It will always be there as many people are now getting aware of the web services and most of them wants it free and that's how the spamming would goes.

Read More

Interesting Approach To Computer Security : Fail [Pic]

Image Credit [formalfallacy @ Dublin (Victor)]

Read More

HITB Ezine Issue 1 Released : Keeping Knowledge Free

Hack in the box and popularly known as HITB have released the new Ezine's for their magazine. The new ezine contains some of the major updates and to provide security researchers a new Outlet for the reading digests.

 

 

Set with the release on the New Year 2010, the new ezine covers some of the most popular and some of the interesting news for the security researchers and pentesters.  The Ezine which will be distributed in the [.pdf ] extension are freely to download and to publish also.

 

The Ezine in my views is a good initiative in the field of security. We haven't got the stats of the downloaded copies but as we will be updated, we will press it...

 

Contents

The contents are pretty awesome if you see from my eyes consisting of some of the arts of intrusions and some good articles.

 

As you can see in this above [pic] the contents are based on some of the intrusion terms like The Art of DLL injection, LDAP Injections . They seem to be best for hackers like us based on the crucial factor as they are made by some Security experts.

 

Decorated with some useful photos and diagrams these are some high quality magazines to look for and we hope that it is useful for other too.

 

So, What do you Think ?

Read More

US Army Website Defaced : TinKode Strike Again

Tinkode is an awesome hacker who have hacked many websites previous with his qualities in sql injections and Xss abilities and have defaced many big websites.

 

But this time Tinkode website is also down. Tinkode some days before hacked and defaced the website of UN Army website named http://onestop.army.mil with the vulnerability of Blind Sql injection in it.

 

But Apparently his website is down too and the reason remains the same he hacked the website of UN Army. The day Army website was hacked just the other day of it the website of Tinkode was down. I was having a eye on this and was pretty sure about this incident...

 

The US army website is Down and as is the website of Tinkode. The vulnerability he used was same as most of the big website including Intel, and many others are being hacked. Which we have covered in the previous posts.

 

SceenShots

Screen Shots tells the story easy way. So enjoy them -

 

 1=1– (True)

 

 

1=2– (False)

 

 

all main informations about webserver.

 

 

so let’s see the tables from principal database “AHOS”

 

Note : Last Screenshot isn't Here because of privacy.

 

 

Conclusion

This is a clear vision of what happens to the hackers, when they found a vulnerability in the website and hack them. But whatever is the main reason of letting down the website of Tinkode the matter remains the same.

 

Tinkode which have previously hacked many ig websites like Kaspersky Thailand, Nasa.gov, ESET NOD 32, Apple, Yahoo Blind SQL Injection etc Ya, he is awesome .

 

You can follow him on Twitter Here

Read More

MITM iPhone's PhotoSwap : How To Steal Hot Pics Of Chicks

PhotoSwap is an application for the iPhone that allows you to send an anonymous photo and receive an anonymous photo back. The service is great for upbeat, healthy, family-fun photo sharing, but managed to become a cesspool for photo debauchery.

 

MITM as we have discussed earlier is a pretty good technically but using it in a iPhone is innovative. The idea is pretty good and the victim is changing from 1 person to another as soon as their images comes on the iphone.

 

You can also visit http://samy.pl/swap/ for the full details of the hack. The hack is pretty awesome and is its usability by a hacker. What happens here, explained by samy kamkar as

 

"It takes a random picture of mine and sends it out. Once I get a picture back, I then send that picture out into the ether. I get another picture back, I now send that...essentially, I'm quickly sending/receiving everyone's photos.

 

I get most, if not all, of the pictures floating through the service, and without disruption, send them back out so another anonymous person can receive them."

 

 

The vulnerability here is that when the users send the pics to another person then a hacker like us can use them to know the GPS positions of them. As my friend samy kamkar have explained here and have also experimented with it.

 

Here are some of the pics that he was able to steal from this iPhone App -

 

  

 

Note : GPS coordinates removed to protect the guilty.

 

The Most vulnerable thing to note here is that the positions of the people can be known which is a major threat for them but good for us.

 

Samy have also explained how he managed to view the GPS positions of the people through Iphone routing http://samy.pl/mapxss/ . He have shown a little bit of the whole procedure involved in it.

 

You can visit Samy's website or follow my twitter.

Read More

iiScan : Security On The Cloud

iiScan the newly built tool for the pen testers is just cool as a cloud. This tool i pretty awesome as you can manage your security projects on a cloud and there are many surprises in it.

 

What iiScan does is that, on the simple basis, you built and web App, it surely contains the Vulnerability in it, they found the vulnerabilities in them from Xss to Sql injections making it cloud, then you get the report of the vulnerabilities and then you can work on them or remove them.

 

 

iiScan provide a cloud-computing based security service which focus on web application security. With iiScan, you can get your web application assessed by iiScan expert and the only thing you have to do is clicking the START botton.

 

After that, a report contained all details of vulnerabilities or risks of your website will be sent to your mailbox. Then you can fix it and make your website safer.

 

Well you can register on their website and use the tool for your upcoming projects and web projects too...

 

iiScan can detect and test most Web Vulnerabilities without manual intervention :

SQL injection

Cross Site Scripting (XSS)

File Upload Vulnerability

Information Leakage

Insecure Direct Object References

Buffer overflow

and many more ..

 

 

The tool also have been very famous on twitter for few days between security guys. The tool is very powerful as it seem to be.

 

The tool is easy to use, you can go there register and start your work. I have been looking forward to it and you should too.Your Website HealthCheck results will be emailed to you as a PDF report. You will receive a second and separate email with the password to open the PDF report.

 

So what do you say about it.

Read More

@purehate_ Launches Online WPA Cracker : 10$ For 540 Million Passwords

@purehate_  is a backtrack Developer and penetration tester too. He recently Developed a New Online WPA Kracker. For cracking the passwords of the hashed network key is exchanged and validated in a “four-way handshake”.

 

This tool is great as you can see it uses nearly about 540 Million passwords to crack the WPA, well i am not sure, as i am not experienced with the WPA cracking that much. But here is what it does.

 

Ok i am sorry for the name, because i was unable to Find the Name, I hope to get to know his real name. but i got a guess would be Nick as it was written in the contact page as nick pure_hate. Nevermind...

 

What exactly does service thing do?

This is a research project, not a cracking tool. WPA-PSK is vulnerable during client association, during which the hashed network key is exchanged and validated in a “four-way handshake”. In order to use this web interface you will need the “four-way handshake”.

 

WPA-PSK is particularly susceptible to dictionary attacks against weak passphrases and this server can greatly improve the speed of the attack. Your cap file will be tested against a list consisting of about 540 million passwords and can take up to two hours to complete.

 

A email will be sent along with the results to whichever email address you specify to the uploader.

 

 

 

 

Direct Link

You Can Follow Him on twitter too @purehate_

His Website Ph33rbot.com

Read More