TRL- T-Research Labs

03/04/2015

How to Exploit Droid Stealth Pin and Dialer Code ! (Fresh) First in the world :D

Description about application: This application provides a platform for secure hidden storage of user data on an Android phone. The application is hidden on the phone, only

to be found with the correct PIN access code, and data managed by the application is encrypted and hidden from other applications on the phone. However even if you

don't want that data readily available for everyone that gets hands on your phone there are many cases where you still want to share that data. Which is why it

incorporates several sharing features, both for people who have the app and those who don't. Yet it very much remains tricky thing to balance between the security and

sharing aspects of this project.

Furthermore, the application can be shared directly between two Android phones via a WiFi hotspot, BlueTooth, and Android Beam (when available). The goal is to

implement the tools to make offline sharing and distribution an easy thing. Both of the app and the data stored inside the app.

Vulnerability: Application saves the pin and dialer code in "/data/data/com.stealth.android/shared_prefs/" as NON-Encrypted XML files.Anyone can access these files

using Android Terminal or using ADB Shell.

Non Encrypted Files:
1. pin.xml - "You can see your pin inside this file"
2. dialer.xml - "You can see your dialer code in this file"

How To: Three options available to get your lost PIN or Dialer Pin !

1. Using Android Terminal Application (Root)
2. Using Android Debug Bridge (ADB) Shell (Root)
3. Simply Copy the files from application Directory (Root)

Method 1: Root Required !

1. Open Android Terminal Application in your Android Phone !
2. Type "SU" without quote and enter
3. Type "cat /data/data/com.stealth.android/shared_prefs/pin.xml" without quote
4. Last command will display the PIN.XML file in your Terminal Window ! You can see the Pin Inside REAL_PIN variable !
5. Done too Much Simple !
- Use the 4th command to get the dialer pin. by just changing the file name pin.xml to dialer.xml :)

Method 2: Root Required !

1. Connect your android phone using usb cable to your PC/Laptop and INSTALL ADB Drivers
2. Now open adb.exe using Command Prompt and Type "Adb shell" once shell open it looks like this : shell@android:/ $
3. Now type SU and enter now "shell@android:/ $" become "root@android:/ #" ! Good Ready to Go ! :D
4. Type "cat /data/data/com.stealth.android/shared_prefs/pin.xml" without quote
4. Last command will display the PIN.XML file in your ADB Shell Windows You can see the Pin Inside REAL_PIN variable !
5. Done too Much Simple !
- Use the 4th command to get the dialer pin. by just changing the file name pin.xml to dialer.xml :)

Method 3: Root Required !

1. Install Root Explorer or any other file manager to access the root directory.
2. Open those files from "/data/data/com.stealth.android/shared_prefs/" Pin.xml and Dialer.xml to your pin :)
3. Done !!

DroidStealth Developer Claim that DroidStealth is Secure App. :D I DONT THINK SO !

04/02/2014

Are you a Autoit Coder ?? if Yes then This tool is for you !

autoCode is tool to Protect your Senstive Strings in Autoit Code. This tool let your “String” Trim , Hex and Bind Your string. So No any other AV or Security Software detect your String

Some Great Features:
◾Automatic Split the Strings
◾Auto Hex
◾In code Decrypter
◾Test MsgBox Support
◾Auto Add Header in Code
◾Save your code as .au3
◾Auto Test for Error in Decryption
◾Custom User based Var Trim
◾User Based Variables
◾User Based Variable Type

Please if you found any bug report me.

Do Not Reverse the Code without My Permissions.

Download Link: http://www.2shared.com/file/g-NN7Keo/autoCode_x86.html

02/12/2013

Finally Configured my Raspi over the intranet : VNC Server + SSH the performance over the intranet is good. !

28/10/2013

Winrar 5.0 RCE 0day is here :D

CVE: ;)
Compatibility: Windows 7 x86/x64 all SP and Windows 8 all SP x86 ONLY !
Ex*****on Flow: Rar Open and File Extraction.
Price 1000$

https://dl.dropboxusercontent.com/u/106938667/POC/winrar_v5.0_exploit_RCE_0day.rar

19/10/2013

Here is Another Great Stuff For N00b

File Binding and Ex*****on!!

without using Any third party Binder !

In this POC i will show you how to Make a Malware that bind all files together and Execute them All !!
At same Time ! with 0 Detection Rate. FUD !


Advantage[+]

[+] Execute Binded File (Unlimited)
[+] Bind Files (Unlimited)
[+] 0 Detection Rate FUD (Thanks to WINRAR Encryption Protection)
[+] High Compression Rate (Again Thanks to WINRAR)
[+] Icon Support
[+] Resource Editing


Dis-Advantages[-]

[-] We can Extract Files without Executing the Output File
[-] We can see Drop Path
[-] NO Password Protection in Output.exe
[-] We can see the whole Script in Comment Tab of output.exe


Well i think this is the great binding technic then Iexress an all :P

Anyways Geeks :) Enjoy my Another Post !

One More thing !! you wont any topic on winrar binding and Ex*****on on Google. Correct me if am wrong!

Video POC Download Link:
https://dl.dropboxusercontent.com/u/106938667/POC/File_Binding_AllEx*****on_VID_POC.rar



aka CodeInBlood
http://www.facebook.com/trlabs

Rar! ϐs ƒt0 �Ñ) ðÔN“G?‰kSC5 Binding.avi °ài—%™PÈàr)ðˆÅX´ B±´+‚ƒ@¨íÂبÚ)¨2U*A`‘XÖûU®î–£hµQußuZÝÒÔ- ¥¨ï®Ýk]ÝZŽ×åh[]Û_†Ú 6•[lþsœÉ&|!ÎfBü=ø~ßÞÿtNu™ÉžNsÎ|sÎûç…

17/10/2013

BlackHole2 Exploit Kit !
this version discovered an blackhole server with open directories.

Download:
https://dl.dropboxusercontent.com/u/106938667/source_code/Blackhole2_ExploitKit_Private.rar

Password: !@ #$%^&*(

15/10/2013

Crypto Locker Sample is here.. Handle with care :P

RAR Pass: 123

https://dl.dropboxusercontent.com/u/106938667/malware_sample/Cryptolocker_sample_unsecure.rar

Rar! ϐs �t„”5 À ´ ­ ‚OC3 1002.exeœ ¥…eÓ °çîådÖIºL¯€D«þÕÄêÔ>VlºÖšo·>ˆø0pU #ÔŸ5—Ê**õ?¦²¯ž[M(iÁ“*óÔ¸öö¯BÀOHoÏhÖ¸½È"²e¦æ1$œQÞ…¡4½ª8¶LŠ^Âq1×î¿ÕüO““MÃâºû9óþ©ÃëƒtL¼Ÿè2›ÏÁ˜¡®ßÖ‰÷úéÄëÇP»]p«‡…

13/09/2013

Fast scanning
6 Task in 1.631 Seconds :D optimizing the performance more and more... :D

12/09/2013

Another Project
WSRC- Web Site Reversal Clasp
Alpha Featureless Screenshot

07/09/2013

Little Facebook Graph Data Shows App.. :) quite simple and usefull
thanks graph.facebook.com
Download link

https://dl.dropboxusercontent.com/u/106938667/GetGraph.exe

24/07/2013

Internet Download Manager 6.17 Cracked by

Patch Features [+]
1. Fast Address Writing
2. Remove Server Blockage from IDMan.exe
3. Unlimited "USE"
4. Process by Process Log on Screen
5. Windows 8 Compatible


Download: https://dl.dropboxusercontent.com/u/106938667/IDM6.17_Crack_24072013.zip

MD5: 34FEAC934CBBEC1499BA11A4567E3F8C

Note: Do not execute the program twice.

Enjoy my another release. :D
Thank You,