Search This Blog

Wednesday, February 13, 2008

Turning Windows Mobile device to Spying device

Peace be upon you

how are you guys? I hope that all of you is OK, Today I am going to show you something little EVIL, it is turning the windows mobile device into spying device, somehow this thing is not right because it kills the privacy, I put it to just tell you how much it is dangerous to use any "anonymous" application on your device, first see the video and I have a lot to tell you about it.

English Demo
Link : http://www.youtube.com/watch?v=hESMx8zs8lM


Arabic Demo
Link : http://www.youtube.com/watch?v=ydotWSkX8PA



After you saw it, I think you are sure that it is possible to anyone have some knowledge, can easily do utility apllication for free and attach such thing in this application, I decide to reveal all I know about it, for 2 reason I do that, the first reason that the resources is so hard to get, you can't imagine how much I suffer until I got this thing work, all people I know refused gently to help me and give me such resources, resources like some files from platform builder, some how I managed to get a FULL copy of platform builder :D, which some how make me free, also the learning material is so hard to get, the only resource I found for this topic was in Korean Language(Thanks to google), the second reason the one who want to do such thing has enough motivation to comlete it, here is the details.
Technical detailsin this trick I used something called (RIL APIs), RIL stand for "Radio Interface Layer", this thing is made to serve anything related to network on the Windows mobile powered devices, it is also called RIL proxy because some how it is a mini driver that is implemented by the manufacturer, the functions that I have used was so simple
RIL_Initialize
RIL_EnableNotifications
RIL_Answer
This trick takes about 15 to 20 lines of code, this thing can be used in two sides, for good, you can do many useful application like "Incoming Blocker" or "Answer Machine" also there is endless list you can do using this simple APIs,for evil there also tons of ideas that can be done for it, by the way this thing can work over anything, I mean it can moitor GPRS, SMS, ... etc
Ideas for protectionI though that there is some way to protect the device owner from being attacked that way,so here is my idea, the idea is based on how windows works, as I know about windows, when you have a handle for something "File, Device, Resource, ... etc" this handles is called Kernel Object as long as it has security attribute in it's creation parameter, but in this case we have no creation parameter which make me step back for and think , we can hook on the "ril.dll", so we will be like the middle man, this thing is great but hooking in windows mobile is not that easy, it require alot to have something working without trubles or delaying the system, the alternative way is little amateur, it is to loop through open processes and see if any of its loaded module is "ril.dll", if you find something then notify the user, but this one is very performance consuming because you will have to do check every few second or minutes, which has some problems, if you have long period (the idea is gone, becuase any application that uses ril.dll could work for long time, while your portection application is not working) if you make it short period you will face the performance issue.

I hope that this topic was informative to you, thanks for your time



BR
Ahmed Essam

P.S: This articl is based on personal research, so it is not evolved in any application I have worked on before.

8 comments:

Anonymous said...

very nice man, i've seen this trick online some years ago, but done using hardware hacking not using software, using software enables u to make a backdoor that u can fool ppl into downloading and running it, i hope that u share the code :D or the application it self the save me the effort building it :P but i've to build it my self cause i can't trust u now :D

Anonymous said...

devilllllll
but nice walahy ya Ahmed, ma shaa Allah, i've inspired your job, as usual :)

good luck

Bashmohandes said...

Great one man, I am very proud you are a friend of mine

Ahmed Essam said...

Hi people

there is something else I have done about it, I made the phone dial number without the user notice anything just like accepting the incoming call :D

i will not dig more, :D imagine that u receive SMS and then your phone call the guy :D

evil :D hahahaa :D

don't worry I am not good at it :D

Ahmed Essam said...

Peace be upon you

I forgot to tell you that there is some way from "RIL" we can do the protection, because actually we can sense the calls, incoming and out going, so it will be easy to sense and know what if that there is call in progress, also we can stop that call from being completed, mmm I think I may work on some sort of application like that it will be very cool to have such one on your device.

thanks for your time

BR
Ahmed Essam

Anonymous said...

Hi,
I'm interested how did you overide the incoming call notification.
I can do the same application as you are presenting with the same API - but the phone progress is always visible.

Thank you and keep on good blog posts
Pavel

Ahmed Essam said...

I think you are using Windows mobile 6 or any copy that has the fix for this problem.

I have tried this thing once on Windows mobile 6 and it was working in one case, I force the application to initiate the call

I simply did small inbox plugin that initiate the call and it was working just fine, when I send SMS with "Hay you call your master at xxx-xxx-xxx-xxxx" it just start the call silently and without any noisy :D
try it out, but I think there is fix for such stuff, I don't know if it will be released with the next update for windows mobile which I think "Windows mobile 6.0"

Oğuzhan EREN said...

selamun aleykum
do you think to share your code?