Saturday 8 November 2014

Hacking Any Android Device Using AndroRAT App Binder

Usually any Android Device can be hacked using Metasploit Meterpreter attack but many people are not aware of that process as it is not user friendly. But using a simple tool called AndroRAT (Android Remote Administration Tool) it is possible for anyone to hack any Android device. By successfully running this tool one can retrieve following information from target Android device.

  • Get contacts (and all theirs informations)
  • Do vibrate the phone
  • Get call logs
  • Open an URL in the default browser
  • Get all messages
  • Send a text message
  • Location by GPS/Network
  • Do a toast
  • Monitoring received messages in live
  • Streaming video (for activity based client only)
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Stream sound from microphone (or other sources..)
  • Take a picture from the camera

You can do almost anything with this tool. All you need to do is to install a simple application on target Android device. This application is generated by AndroRAT tool which further can be binded(joined) with any android application for stealth(Anonymity). Once you have installed the deploy package(.apk) on Android device you can control the device anonymously through a user-friendly GUI.

Things you'll need: 

  • AndroRAT (Android Remote Administration Tool), download here.
  • (Please Turn off Anti-virus and Windows defender, this zip file is not virus but the anti-virus alerts it as virus because it is a Hacking Software). 

  • Router Port Forwarder (Only if you are using a wireless router), download from here.
  • An Android device to test the deploy package.
  • A good internet connection.
  • Basic computer knowledge.
  • A bit of patience.

Prerequisites(for wireless router users):

  • Download the Router Port Forwarder tool from the above link.
  • Install it on you PC and open it.
  • The software automatically detects your router model number and displays it.
  • Now in the "Port forwarding" tab click "Add".
  • In the next window enter the name of the port as you like, leave the protocol as tcp, enter the port you would like to open (Ex. 8080,1234,4444...).
  • And finally the internal ip address.
  • To know your internal IP address open Start > Run, and then enter ncpa.cpl, this opens active network connections.(you must be connected to the internet)
  • Right click on the connected network and click status and then click details.
  • In the details windows check the Ipv4 address, it should be something like 192.168.XX.XX.
  • Note the Ip address for further use. This is your internal ip address.
Note: You should check your internal ip only when you are connected to the internet.

Procedure to create a deploy package:

  • Download the AndroRAT Zip and install it.
  • Download any Android application like Temple run, Subway Surfers with which you would like to bind the hacking application.
  • Open the extracted folder and then run the application AndroRat Binder.
  • It should look like the below screenshot.
  • Now in the Ip box enter your internal ip address which you have noted in the prerequisites.(If you don't know your ip address read prerequisites from step 7.)
  • In the second box enter the port which you have opened in port forwarder tool (only wireless router users, other can enter the port whatever they like).
  • In the third box, browse and select the target application with which you would like to bind the hacking application.
  • Now hit 'Go' and wait for the AndroRat to build the deploy apk.
  • Once the process completes you will find the result application in the same AndroRat folder.
  • Now Install it one any Android device and open it.(Note that the device should have an active internet connection)

 Steps to control the Target Android Device:

  • Once you have successfully installed the result apk that was generated by AndroRat, you can control the victim's Android device through a well designed GUI.
  • In the AndroRat folder, again open the AndroRat folder.
  • In that folder you will find a java application named "AndroRat".
  • When you open it for the first time, allow the firewall exception for the application.
  • Now click server at the top and enter the port which you have opened before.
  • Save it and restart the application. Now the application starts listening to the new port.
  • In this application you will find the list of connected devices.
  • Double click the device you would like to access and you see a window with full built-in controls.
  • Note that the target device is listed as long as he is connected to the internet and is using the deploy application created by AndroRat.

Note: 
  • If the application does not work and no devices are listed in the AndroRat application, try building just the Hacking application instead of binding it other application.
  • For the users who are using wireless routers, port forwarding is a must.
  • Before trying it on others devices try it on your own Android first.
  • Turn off the Anti-virus before extracting the AndroRat zip which you have downloaded.
  • If possible turn off Firewall too.
  • Make sure you have a Good internet connection.
  • Happy Hacking!!
Disclaimer: Controlling others Android Mobile without their permission is illegal. This post is for educational purpose only and never try to misuse it. To prevent these kind of hacks, make sure you read all the app permissions before you install any application.

For Developers: You can get the source code from here.

Hack to Remote Control Any Android Device Using Kali Linux and Ubuntu.