Who can tell me what the "hackable footprint" of a "networked" WM5 device is ?
What I mean is, what ports or services are running on a networked device that I can send commands to ?
Back in the old days with windows, a fresh installed computer had about 12 ports open which enabled a variety of hack attacks.
Using S.O.T.I pocket controller (enterprise) I can see many services running. However, a portscan shows no listeners (quite normal, as there prolly ain't no IIS , SMTP or NETBIOS service running.
The question remains, what's the hackable footprint ? Where should I start to look to hack my way into a networked device ? Has it ever been attempted ?
I did find some usefull stuff here : http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt
I'm talking about my own device here, not someone elses. Hope I won't be banned for asking this kind of stuff.... I'm just curious.
There's another Phrack article/presentation that goes into more detail on general hacking of WM devices, linking to the post you posted. They don't discuss much network hacking, but day-to-day, there are other ways into the Windows Mobile devices...
V
Related
Hi i wanted to use Bloover (http://trifinite.org/trifinite_stuff_blooover.html) on my Smartphone but it doesn't work.
I downloaded WebSphere Everyplace Micro Environment MIDP 2.0 so i thought it has to work...all Midlets are working now, but only Blooover can't start. If somebody is interested in this programme and can use this programm, please send me some infos what I need, too.
MIDP 2.0 and something else?
http://trifinite.org/trifinite_stuff_blooover.html
Same problem, doesn't work in my Atom
Any idea?
I get
"Invalid java archive"
LOL how many times does it have to be said,
Snarfing is a pipe dream !!!
most phones are protected against this kinda thing now (providing someone even has bluetooth on) and theres no garentee that you will have the address book access to get entries outa it.
besides the fact why would you want to,
i know, why dont you just randomly send text messages in random ranges of mobile numbers, its basically the same thing.
Pipedream or not, he may have his reasons.. Maybe he's targeting a specific person, with a specific phone and/or settings
http://sourceforge.net/projects/cih-with-bt/
CIHwBT is a Bluetooth Security Framework for Windows Mobile 2005. Currently it only support some bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. It is intended to work with any pocketpc with Microsoft Bluetooth Stack.
Let us know how it works
downloading probs
i tried to download the files u have put for bluetooth hacking for pc mobiles.i cant get those files download to my pc from net can u help me in this . im using imate jam...
i will bw very thankfull to u if u help me.
rana
Here U R:
the compiled ones:
http://rapidshare.com/files/21645940/CIHwBT_bin.zip.html
and the source code:
http://rapidshare.com/files/21646106/CIHwBT_sources.zip.html
have fun
help
how to use CIHwBT?
your jvm has to be jsr-82 compliant to use blooover (or any other app that wants to access bluetooth via java).
That's probably the reason its not working. I have been trying to find a work around for my phone to use a midlet that requires bluetooth through java but its almost impossible to get help on it.
I found a nice program for this for some month ago. The name of the program is Bluezzard works with my qtek 9100.
Hope this helped. Im intrested in this stuff, so if someone find anything intresting about this, please post it.
Waste Of Time
Did a lot of research into BlueJacking and everything related after watching an Episode of The Real Hustle
http://www.bbc.co.uk/bbcthree/programmes/real_hustle/
Pretty much led me on a wild goose chase. Discovered that these Bluejacking programs were made for the first versions of Bluetooth. The new versions of Bluetooth make the conventional methods of BlueJacking quite impossible. But I'm sure out there somewhere there is a room full of hackers out to prove me wrong.
Any one with a working BT hacking app please??
I'm new to all this stuff, so working info for newbie would be greately appreciated.
I'd really like to get this working on my phone: http://trifinite.org/trifinite_stuff_carwhisperer.html
Unfortunately we'll need to get linux to load first...
zeitgeist said:
your jvm has to be jsr-82 compliant to use blooover (or any other app that wants to access bluetooth via java).
That's probably the reason its not working. I have been trying to find a work around for my phone to use a midlet that requires bluetooth through java but its almost impossible to get help on it.
Click to expand...
Click to collapse
Currently, a no-go: see http://wiki.xda-developers.com/index.php?pagename=The (Java) MIDlet Bible
Hi Everyone,
I'm fairly new to developing on pocket PC's but I've been developing applications for many years. I was wondering if anyone knew of a way to redirect another programs attempt to access certain files remotely?
What I'm looking at doing is creating a program that would allow me to specify what IP/domain I want to redirect, and where I want those requests to actually go. Doing what the hosts file does in a PC.
I've had a search online and on this forum and couldn't find anything related to what I'm after. If anyone has any ideas on how to do this, or any resources that might be useful/a good read then please post
Supposedly WM has a built in firewall. It might just be CE, but the SDK seems to suggest WM generally. Have a look on MSDN for port redirection and interception. I've written some posts on it way back on here... but on unrelated topics.
Apologies for brevity, have to run
V
vijay555 said:
Supposedly WM has a built in firewall. It might just be CE, but the SDK seems to suggest WM generally. Have a look on MSDN for port redirection and interception. I've written some posts on it way back on here... but on unrelated topics.
Apologies for brevity, have to run
V
Click to expand...
Click to collapse
Thanks for the tips I'll have a read in a bit and see what I can come up with.
From the sounds of it, you want to make a DNS proxy. To do this, you need to intercept all dns requests and process them accordingly.
--Edit--
Now that I think about it, if you hook the look up function, gethostbyname()
Hi.
Is there any possibility to turn NetBios off in win mobile 6 or 6.1.
I checked registry and did not find anything belong to netbios.
Thanks.
I dont believe that no one knows how to stop WM sending and receiving packets from/in 137/138 port. I think the only way is to remove netbios.dll from rom. But it is very radical way.
May be some one can suggest something else.
I've come across the same issue(s) and wound up installing Airscanner Firewall, setting rules to block the ports.
I also notice that WM6.x likes to listen on UDP/9204
EDIT: Quick search reveals that 9204 = vCard port
http://archive.cert.uni-stuttgart.de/bugtraq/2008/12/msg00201.html
(might have to do a little pentest on my Raphael today)
OK. I have never owned or used a Winmo device, so prefer to take advice from actual users, rather than random google hits.
As we are getting so close to actually owning these hot devices (UK), I was just wondering anout web security, what with it being a Microshaft OS, and all.
I would be using the device quite a lot for Internet browsing, etc, so . . . .
Should i install antivirus software, and/or anti spyware software?
If so, what do other Winmo users recommend, Allbeit for other devices, and what would be available for X1 anyway?
Cheers for any help, people.
Stay happy, John
Hi,
Read the following article;
Title: "Mobile security: An ounce of prevention"
Link: http://www.microsoft.com/windowsmobile/en-us/totalaccess/columns/mobile-security.mspx
Links five antiviruses on that site. I also hear that McAfee also provides a mobile solution - if so, then i'm probably gonna try out that first. But am hoping that Xperia does come with it's own protection software...
Best Regards.
Is there really any point?
They're 500 viruses for ALL mobile OSs maximum...
And most of them arent that harmful at all, it'll be quite hard to get infected and not that hard to get rid of it...
Yeah, don't think the overhead is worth it. I don't leave my Bluetooth on and don't open attachments you don't expect...you should be fine
Cool... since this'll be my first WinMo device, i was wondering if i needed an antivirus or not. I figure not.
i realise this is quite an old post but i'm also a noob and was thinking the same thing. Another forum told me it was essential to buy a virus protector but here it seems not. Now the xperia is released and known...how important is it to get one? Thanks
put an antivirus on your pda si one of the most stupid things you can do
hehe i was thinking as much! some people in other forums are obviously a bit stupid then haha. thanks
Just scan all the files before you transfer them on the desktop if you're worried and only get "over the air" cab files from places you trust..
Attachments can be (and should be Imo) set to download manually in email settings on your device.
am a windows platform owner since 2001 and since then i have never used a security software and never been hit or attacked though i would call my self a heavy internet user since i use internet as a dataplan and through active sync and even back in those days i used to use it as dialup
Hi.
I'm trying to use my G1 with the bluetooth pan network from my computer or from my mogul (which has an unlimited data plan) to go to the internet instead of using wifi to be more energy efficient.
So far, using wifi tether's bluetooth option, I manage to establish a pan network between my G1 and the computer running windows. However, traffic is not routed properly, I get "network unreachable" from the terminal when I try to ping something outside the local pan network.
Any ideas?
you cannot access the interwebs on your G1 from a network on your computer. you cannot reverse tether. it is not possible at this time, please people stop posting about this stuff
if you had searched you would have seen that it can't be done and you would have found a thread where theyare trying to get it working
I know it is not possible at this time, hence my post here.
I need someone with linux networking knowledge to have a look into this, the android platform is a bit peculiar to me, ifconfig is behaving differently on it then it does on a regular linux distro. I need help setting up the right dns entries, figuring out where they are stored in Android (resolv.conf? a property set using setprop?), etc...
The idea is to have Android connect to an existing bluetooth access point. Everything is there to do it, pand is working, a virtual bluetooth network adaptor can be created, I can even give it a proper ip address and I manage to ping it from the access point and I can ping the access point from android...
This is the perfect forum to post such a question.
Anyone else with a more useful comment?
stanelie said:
I know it is not possible at this time, hence my post here.
I need someone with linux networking knowledge to have a look into this, the android platform is a bit peculiar to me, ifconfig is behaving differently on it then it does on a regular linux distro. I need help setting up the right dns entries, figuring out where they are stored in Android (resolv.conf? a property set using setprop?), etc...
The idea is to have Android connect to an existing bluetooth access point. Everything is there to do it, pand is working, a virtual bluetooth network adaptor can be created, I can even give it a proper ip address and I manage to ping it from the access point and I can ping the access point from android...
This is the perfect forum to post such a question.
Anyone else with a more useful comment?
Click to expand...
Click to collapse
[MORE USEFUL COMMENT] post in the threads that are already discussing this topic rather than posting a new thread[/MORE USEFUL COMMENT]
You use the term "linux distro". Now, I know I may be beating a dead horse here, but linux is just the kernel--the rest is GNU software. Many things are going to behave differently on Android.
Exactly, what works in Fedora 10 possibly will not work in android... (and thats giving some ambition there.....)
that's exactly why I am asking here instead of elsewhere.
To tubaking182 : the really usefull answer would have been to give me a link to the right thread instead. The search features of this forum sucks.
Thanks anyway.
Hi stanelie,
I too am very interested in doing this VERY same thing. I've also searched and come up empty handed. If there is anyone out there with more information that could help please feel free to post. Thanks in advance.
I'm sorry some here do not like people asking questions but I too would very much appreciate REVERSE BLUETOOTH TETHER functionality for my Android phone. Despite what tubaking182 so very helpfully writes above (thank you ever so much!) there remains no EASY solution for this.
I will happily pay for an easy to install, reliable Android Market app that does this. I think lots of others will too.
So that there is no misunderstanding I wish to connect my phone as a Bluetooth PAN client to a Bluetooth PAN server. The server functionality is NOT required.
Thanks,
Paul