Stagefright Bug

The Android Stagefright bug is not squashed. Although Google released patches for Hangouts and messenger, there are many ways a malicious mp4 file can open on your device. Zimperium has released the source code of the bug, which allows a person to generate a malicious mp4 file and use the exploit.

WE ADVICE USERS TO AVOID OPENING MP4 FILES FROM UNKNOWN SOURCES. 

Here is what they said:

During the months of June and July, Joshua J. Drake developed a working exploit to prove the Stagefright vulnerability can allow Remote Code Execution (RCE) without user interaction. We are pleased to finally make this code available to the general public so that security teams, administrators, and penetration testers alike may test whether or not systems remain vulnerable.

What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538 (#1). This is one of the most critical vulnerabilities we reported in the Stagefright library. The expected result of the exploit is a reverse shell as the media user. As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.

This exploit has several caveats. First, it is not a generic exploit. We only tested it to work on a single device model. We tested this exploit on a Nexus running Android 4.0.4. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself. We were able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later.

This means that the code is only tested for Android 4.0.4 Ice Cream Sandwich, and users on Android 5.1 Lollipop or higher are not vulnerable to the released code for now.

While we do have the code for testing purposes, we do not intend on sharing it as Zimperium has already done so.

“Exploits don’t hack people, people hack people,” Drake, Zimperium.

Android Entertainment Centre

Convert your android device into an Entertainment center.

Requirements:

1)Android device of your choice

2)WiFi/3G/4G(preferably unlimited or else you’ll run up a large bill)

3)OTG cable(optional) Pendrive(optional)

4)HDMI out cable if your device supports it(optional)

Procedure: (For streaming movies/videos on sites such as CBS, Netflix, Hulu)

1)Install a vpn app on your device if you live outside the US. We used hotspot shield. Run the app and activate the connection.

2)Now from playstore(your region should automatically change to US. If it doesn’t,get the app from online. All we can say is a search engine is very useful;) ) install the CBS(or Hulu,Netflix,any other such apps). We chose CBS as they have a free option to watch shows. You may install another such app from else where too.

3)Now stream your shows on your device legally and if you have an HDMI out option,you can always connect to watch on your TV or a larger screen).

4)The above method also works on YouTube for watching videos not available in your region.

Procedure:(Watch movies from a pendrive)

1)Install USB OTG checker app to check if your device supports OTG.

2)Buy an OTG cable if you dont have one from here(flipkart   amazon)Connect the cable to your device and a pendrive to the cable.

3)In a file explorer(We used file expert HD) open the movie and enjoy.

4)The above steps can be used to view pictures,listen to music etc also from the pendrive

 

Here are the links to download/buy the various apps and devices we used.

1) Hotspot Shield-playstore link

2) CBS-playstore link

3)OTG cable-flipkart amazon

4)HDMI cable-flipkart amazon

5)File Explorer HD-playstore link

6)USB OTG Checker-playstore link

If you have any doubts please leave a comment and we’ll get back to you

Bypassing Hide Something – photo,video

Converted_file_0d0170b5

 

  • Make sure you have enabled “show hidden files” in your file manager
  • Now look for a folder with name .pg
  • Withing the .pg folder there will be folders like (DCIM, Whatsapp Images, Instagram, Downloads etc..) from where your images were hidden
  • Now go to you desired folder.Your images will be there but their extension will be changed
  • So simply change their extension from  ‘.jpg.img.pg‘ to ‘.jpg

And you have successfully retrieved your files!

 

Most of us carry our phones with us where ever we go and some people literally follow that rule.
By the time we’re done with this segment your phone will be your central hub, all the way from music to jotting down notes.
We’ll kick off the entertainment section with the audio and motion category for windows phones.
Audio and Motion
logos
1.) TuneIn radio– The perfect audio companion if you have 3G/4G/Wi-Fi access. You can choose from thousands of online radio stations and listen to music, news and even talk shows.
Hint- This app is great for discovering new music and for listening to music according to genre. One classic rock song after another with no songs full of sobbing in between 😉 is what we’re talking about.
2.) Sound Hound– I personally recommend this over shazam as I find it more accurate, faster and feature filled. You can also discover new music, see which are the hottest songs and listen to snippets of them.
3.) easyRing & music, mega tube(unpublished unfortunately but …) and tube pro we have already reviewed but once again easyRing & music save us the headache called zune and is quite convenient to get tracks from youtube, megatube and tube pro let you download or watch youtube videos.
4.)Netflix– netflix is currently available within U.S. territories so we living outside have no access to its content(well not directly atleast…hint-VPN). Great content and videos resumable across multiple devices. A must have for those lucky people.