Getting a Shell on any Android Device

USB

If you’re an Evil Customs Agent or other nefarious Three Letter Agency Person, you’re probably very interesting in getting data off people’s phones. Even if the screen is locked, there’s a way around this problem: just use the Android Debug Bridge (ADB), a handy way to get a shell on any Android device with just a USB cable. The ADB can be turned off, though, so what is the Stasi to do if they can’t access your phone over ADB? [Michael Ossmann] and [Kyle Osborn] have the answer that involves a little-known property of USB devices.

USB mini and micro plugs have five pins – power, ground, D+, D-, and an oft-overlooked ID pin. With a particular resistance between this ID pin and ground, the USB multiplexor inside your phone can allow anyone with the proper hardware to access the state of the charger, get an audio signal, mess around with the MP3s on your device, or even get a shell.

To test their theory, [Michael] and [Kyle] rigged up a simple USB plug to UART adapter (seen above) that included a specific value of resistor to enable a shell on their test phone. Amazingly, it worked and the thought of having a secure phone was never had again.

The guys went farther with some proprietary Samsung hardware that could, if they had the service manual, unlock any samsung phone made in the last 15 years. They’re working on building a device that will automagically get a shell on any phone and have built some rather interesting hardware. If you’re interested in helping them out with their project, they have a project site up with all the information to get up to speed on this very ingenious hack.

[Read more...]

Android debug bridge released for the Raspi

Over on the XDA developers forums, something really cool is happening. Android hacker extraordinaire [AdamOutler] has managed to port the Android Debug Bridge to the Raspberry Pi.

The Android Debug bridge allows hardware tinkerers full access to their Android device. This feature has been used to build everything from telepresence robots to connecting a MIDI keyboard to a phone. With this port of the Android Debug Bridge, anyone can take advantage of the existing hacks and hardware written around the ADB to build something completely new.

Of course, the port of the Android Debug Bridge is only useful if your Raspi is running Android. Current Android builds for the Raspberry Pi are janky at best, but the current rate of progress does look encouraging. Hopefully with the most useful Android tool ported to everyone’s favorite credit-card sized computer, the progress of the Raspi/Android builds will pick up their pace.

Propeller-Android communications using debug mode

Here’s a new way to connect an Android phone and a Propeller microcontroller. It’s called the PropBridge and uses a very simple circuit with a voltage regulator, a couple of transistors, and a few resistors. The trick to this method lies in creative use of software features that already exist on Android hardware, the Android Debug Bridge (ADB). The ADB was added with development in mind, but since it provides low-level control of certain parts of these devices it was just waiting to be incorporated into a hack.

The Propeller itself uses firmware to make Android think it is one of two different externally connected hardware devices. It can act like a PC running the ADB client or it can mimic a TCP connection. There’s still plenty of room on the uC to add your own firmware, and the majority of the I/O pins are unneeded for the basic connection. Check out the video after the break for a quick overview of the system.

If you need a little help with Android programming before you’re able to use this in your own projects, check out our Android development series.

[Read more...]

WiFi and Bluetooth tethering on Android

tmobileg1

Many G1/ADP1 owners have been using the app Tetherbot to get internet access on their laptop via USB to the phone’s data connection. The app relied on the Android Debug Bridge to forward ports. It worked, but people wanted a solution better than a SOCKS proxy. The community figured out a way to create a properly NAT’d connection using iptables and then [moussam] rolled them up into easy to use applications. There’s one for setting up a PAN device on Bluetooth and another for adhoc WiFi networking. It requires you to have root on your phone, but hopefully you’ve achieved that and are already running the latest community firmware.

[photo: tnkgrl]

Follow

Get every new post delivered to your Inbox.

Join 96,669 other followers