Sunday 23 December 2012

Android Key-logger: KidLogge


Zip File Attached with thread + Read 'readme' file to install in Android 2.1.. Installation tutorial below if for Android 2.2 above
***************************************************************
Installation 
***************************************************************
1. Install APK file ( KidLogger.apk )

2. Open KidLogger Application

Please note: 
- ON TABLETs install Tkeyboard.apk in order to open control panel, see below.

3. On the KidLogger control panel 
  - open settings > upload
  - and enter device ID from your KidLogger.net account dashboard.
  - click Send Test Report. 
    Ensure status is OK.
  - on the main screen click "Start Log" 
  - click "Back" to leave KidLogger app running on the background.

Now we needed to install kidlogger keyboard:


KidLoggerKeyboard.apk - virtual on-screen keyboard. replaces original keyboard and allows to record into KidLogger log all keystrokes.

1. Install KidLoggerKeyboard.apk 

2. go to Phone Settings > "Language & Keyboard" > enable "SoftKeyboard PRO" input method. 

3. Open "SoftKeyboard PRO setting" 
  - CheckInput Languages to enable more Input Languages in on-screen keyabord if you use a few one.

  - enter *123456# in order to open Kidogger control panel ( in case you have a Tablet)

4. In a web browser - a long-click (click and hold your finger 2 sec) over an Address Field  > choose "Input Method" 
    choose "SoftKeyboard PRO".

Done!

Now all typed text and keystrokes on this keyboard will be recorded to the log within KidLogger App. 
Also other phone activities are now logged into the log files separated by days.

***************************************************************
Removal
***************************************************************

1. Open Settings > Applications > find KidLogger in the list and click Remove.
2. the same for Soft Keyboard PRO.


***************************************************************
Known Issues
***************************************************************


1. On low-resources Phones\Tablets it may work unstable if all log options are enabled.
  Solution: Disable Clipboard Log, Idle, SD Card, Power, GSM events, WiFi, 

2. On Tablets a few logging options may not work : Clipboard Log, Idle, Power, WiFi, USB, FlyMode.

2. On Tablets a few logging options does not work : SD Card, GSM events, SMS, FlyMode, Calls 

"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility".

Saturday 22 December 2012

How to view hidden passwords without using any software


1) First of all open up the webpage on which you wanna see the hidden passwords.

2) Then in the username there must be the name and in the password there must be ********

[Image: passrevwal_1.jpg]

3) Now to see the password which is behind the ******** Just copy and paste the following JavaScript into the address bar of the browser and you are done.


copy this java script = j(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)
%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();

4)taddaa,the password appeared 

[Image: passrevwal_3.jpg]
ENJOY!!!!
"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility".

ATM Haking.... Beware and Secure

ATM hacking concept is new in India but its wildly used elsewhere. I will show you how its done. Before you enter,analyze your surroundings for sure. If you find any thing suspicious contact your nearest bank branch or dial toll free no. so that others may be saved from being robbed.Look he following method is used by the thrives.The equipment used to capture your ATM card number and PIN are cleverly disguised to look like normal ATM equipment. A "skimmer" is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car. At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries.The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time directly from the bank ATM."This activity has been around for a few years. In the past, it was primarily done in small retailers, where the skimming device was behind the counter and the camera was over the keypad. It was also done by setting up ATM machines that were completely fakeIt's always a GOOD IDEA to conceal your actions when entering your PIN. When you do this, the camera doesn't record your PIN number and they can't clone your card.Here is a picture of a ATM Machine after being compromised.[IMG]










They attach a device over the card slot on the legitimate ATM, which reads the magnetic information. Using the latest wireless technology, it is normally transmitted to fraudsters in a nearby vehicle.[IMG]











Your ATM is protected by a PIN, but these criminals have a solution for this too. They install a hidden camera, again using the latest technology (wireless) and the PIN is digitally recorded.[IMG]










Here is a picture of the compromised ATM with the camera installed.[IMG]


"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

Trace any Mobile Number in India


Hello,
Now I am Posting on "Trace any Mobile Number in India"

To Do this,Just Follow the Below Steps.

First Go To Anyone of These Sites--->



In the First Site,Enter Your Digit Mobile Number You want to trace and Hit ENTER aur Click on TRACE Button.

                       [IMG]

In the Second Site,
Enter the 10 Digit Number You want to trace and Hit Enter aur Click On TRACE Button.
                  [IMG]




What Info Does the Site Provides Us about the Phone Number?

The Above Sites Will Provide you with the Following Information--->

1. Sim Zone (From Where the sim was registered.)
2. Operator Name (For Example- Vodafone,Idea,Airtel,etc)
3.Signalling (i.e-It is either GSM or CDMA)

I Hope This Information would Help you.

"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

Friday 21 December 2012

Use VLC Media Player As Video Converter

Using VLC Media player as a Converter :

1) Launch the VLC Media player.

2) Click on Media and select Convert/Save(Ctrl+R)option.

3) Now you can select your desired file by using Add button on the new popup Window.

4) After selecting the file, click onConvert/Save button.

5) From the new window that just appeared, select the destination File and Profile (The format to which you want to convert).

6) Finally, click on the Start button to begin the process. The selected file will be converted to your desired file format shortly.

WhatsApp is using IMEI numbers as passwords


It’s unfortunate that so many apps use UDID’s to identify users since it’s extremely insecure.
This brings me to WhatsApp, a free messaging service, used by millions of people. Their system runs on a modified version of XMPP (Extensible Messaging and Presence Protocol). There is nothing wrong with using XMPP, but there is a problem in how WhatsApp handle authentication.
If you installed WhatsApp on an Android device for example, your password is likely to be an inverse of your phones IMEI number with an MD5 cryptographic hash thrown on top of it (without salt).
md5(strrev(‘your-imei-goes-here’))
When I say Android, I don’t exclusively mean Android. It just happens to be a different case when it comes to iOS. Windows Mobile, Blackberry etc… might very well have the same password method. It actually wouldn’t surprise me. WhatsApp on the iPhone might be using your IMEI too, or maybe UDID’s to generate passwords, but not the exact same method. If I do find out, I will update this post.
Then comes the username. It’s your phone number (doh).
To obtain both these values is rather simple.
Examples:
1. You have direct access to your victims phone, in which case you dial & call *#06# (in most cases) and you’ve got their IMEI number.
2. You develop an app that silently sends the victims IMEI number to your server in the background (many applications do this already) & phone number, either by letting them fill it in themselves in a registration part of your app, or also silently (this method however isn’t always airtight but works in a lot of cases).
3. A hacker leaks a database/file with IMEI numbers with associated phone numbers, ding ding ding!
4. A spammer buys this information from an app developer.
Time for some Android code examples..
Android code example to retrieve IMEI number:
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);

String device_id = tm.getDeviceId();

To retrieve the victims phone number:
TelephonyManager tMgr =(TelephonyManager)mAppContext.getSystemService(Context.TELEPHONY_SERVICE);
mPhoneNumber = tMgr.getLine1Number();
You can also retrieve the users voicemail number too just in case:
TelephonyManager.getCompleteVoiceMailNumber()
Using this information allows you to intercept and send messages from your victims account.
This could mess up peoples lives if you use their account to send a message to someone they know, with any kind of f’ed up message. This could cause huge problems for your victim, especially if the receiver of the message is mentally unstable. It might sound dramatic, but it’s feasible.
You could intercept naked photos & other sensitive personal messages.
Alternatively, you could just spam the hell out of WhatsApp, especially if you have a nice big database.
Is this already happening? It wouldn’t surprise me if it is. I’ve succeeded in sending/receiving messages (from friends accounts who gave me permission to take their accounts over) and I’m not even a “hardcore hacker”.
Do you use WhatsApp? Think twice before you send a private WhatsApp message. Think twice when you receive a messed up WhatsApp message. You don’t know what’s going on in the background.
And WhatsApp, if you are reading this, get your act together. People expect a secure system when it comes to personal messaging. And with the amount of customers you have, you should be taking better security measures. I sincerely hope you fix this issue soon.
The intent of this blog post is not give “hackers” or “scriptkiddies” any funny ideas, but merely for awareness.
Ps. Don’t get me wrong, I love WhatsApp. But it’s far from “secure”.

"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

Thursday 20 December 2012

Whatsapp – iOS password generation


A few days ago the Android developer published an article explaining how the log-in process works on WhatsApp for Android. In his article, Granger says that the password corresponds to MD5 hash of reversed IMEI number. Citing its notation
md5(strrev(‘your-imei-goes-here’))
Granger also asserts that the same method is not applicable in the case of iOS devices, and the algorithm is not yet known.
Thus, I decided to examine whatsapp for iPhone and how it generates the password. Well, the principle is the same, but this time the MD5 hash is calculated using the mac address of WiFi interface (en0) taken twice because Apple does not allow third-party applications to access IMEI number.
Using the notation of Granger
md5(AA:BB:CC:DD:EE:FFAA:BB:CC:DD:EE:FF)
Below I reported a portion of the ARM code that handles the password generation
Disasm
The method is verifiable by simulating the log-in process from any browser. You have to compose the following request
hxxps://r.whatsapp.net/v1/exist.php?cc=COUNTRY_CODE&in=TELEPHONE_NUMBER&udid=MD5(MACMAC)
If everything is ok you should get something like this
Login
However the GET request just helps to inform the app that we are accessing from a device previously registered.
The authentication process starts after the GET request just viewed, using the X-WAWA protocol.
Paradoxically, because of the restrictions that Apple imposed(about retrieving of IMEI number), the authentication method for iOS devices is less secure than on Android devices. The MAC address can be easily achieved on a wifi network

"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

Whats App Hacking :)

Desktop IMs have long been our favorite mode of communication. But with time, their significance has definitely come down.
Smartphones taking large part of our daily life, IM services like Whatsapp, iMessage, BBM, etc have emerged to be exchanging more messages every second. WhatsApp delivers more than 1 billion messages per day, but yet, its the most insecure way of communication.

As per a recent security analysis, WhatsApp is totally insecure way of communicating with friends.



WhatsApp Encryption

You will be surprised to know that until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. That means if you were using Whatsapp on a public wifi, everything can be captured by anyone else sniffing ont he wireless network. The latest WhatsApp uses encryption but its this new encryption is broken. But still, phone number is sent out in plaintext.
WhatsApp API & Reverse Engineering

If you know XMPP, the same protocol used by facebook, GTalk, and several others, you can try your hands-on WhatsAPI, an API for WhatsApp messenger.
WhatsApp uses customized XMPP server with proprietary extensions, named internally as FunXMPP.
1. WhatsApp Authentication / Login Mechanism
Just like any other XMPP, WhatsApp uses jabber id and password to login. The password is hashed, stored in servers upon account creation and used transparently everytime the client connects the server.

Its an incredibly horrible implementation. As researcher found out, the username is the user’s phone number – an attacker would probably already knows the victim’s number.
On Android, the password is a md5 hash of the reversed IMEI number:
$imei = "112222223333334"; // example IMEI
$androidWhatsAppPassword = md5(strrev($imei)); // reverse IMEI and calculate md5 hash

On iOS, the password is generated from the devices WLAN MAC address:
$wlanMAC = "AA:BB:CCD:EE:FF"; // example WLAN MAC address
$iphoneWhatsAppPassword = md5($wlanMAC.$wlanMAC); // calculate md5 hash using the MAC address twice

Both IMEI and MAC address are easily retrievable from devices if you have physical access to it. MAC address is much easier to capture as you can sniff on the wireless network to which iOS device is connected.
The JID is a concatenation between your country’s code and mobile number.
Initial login uses Digest Access Authentication. You can try this for yourself:
https://r.whatsapp.net/v1/exist.php?cc=$countrycode&in=$phonenumber&udid=$password $countrycode = the country calling code $phonenumber = the users phone number (without the country calling code) $password = see above, for iPhone use md5($wlanMAC.$wlanMAC), for Android use md5(strrev($imei))
The response you would receive would be in XML, containing messages designated for your phone.
2. Text Message communication
Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).
Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.


"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

Tuesday 4 December 2012

Facebook User Security Hole & How to Secure :)


Facebook User Security Hole


Every Webpage or Application that is designed on the "WEB" has a vulnerability. Whether it is a Yahoo Account or it is the website of "FBI", it might be exploitable! We Can't even tell whether FBI.gov is secured or not. When we talk about the internet, the term "Facebook" also clicks in our head. But Facebook also has a user security hole. Using this vulnerability, an attacker can easily penetrate his victims account. No other social networking website has ever shown this type of anomaly.


How is it done ?

An attacker creates three or four Fake facebook accounts and sends requests
to his victim from all of these. He is already aware of the victims Parent Email Address (The one he used to signup for Facebook). After the victim confirm all his accounts, the attacker logs out and puts his victims email in the "Email" Section. Facebook shows a "Reset my password" option after typing in absurd passwords again and again.






The recovery option then asks the user whether to send his password reset code to his parent email
address or his cell phone number. Along with this, there's an option saying "No longer have access to these?".



Clicking on this option asks the attacker to enter a new Email Address.


In This section, the attacker types his own Email Address and hits the Submit button.Facebook's automated systems first confirm whether this is his own Email Address or not, so they ask him to choose three Close friends who will get the Confirmation code in their Inbox.


These three accounts are actually his fake accounts.





Facebook now shows three boxes asking for the confirmation codes that were sent to his fake accounts.


The attacker now logs in into each account and fetches the codes, pastes it into the boxes and gets access to his victims account.

How can one secure himself from this security hole ?

After reading this Article, you might be thinking "Now what?  
Any one can penetrate my account easily. So what should be done now?". Here are some suggestions to secure yourself :

1) Don't accept anonymous Requests.
2) Set a security question for your account. If someone tries to choose "No longer have access to these?", then Facebook will ask him to answer the security question first.
"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"

How To Post Your Message To All Facebook Groups In a Single Click


Today i will show You a Trick By Which You can Able To Post Your message In All Or Selected Facebook Groups Of Your List In a Single Click.This Is a Small But Powerful Trick You Can Use This To promote Your Blog To All Facebook Groups.But Please Don't Misuse this Trick To Spam Alot.

So Lets Start The Trick...

STEP 1: Go To http://www.hexcolor.in/tools/multipost/

STEP 2: Login To Your Facebook Account By using Fconnect Button.After That You will See Something Like This.


 STEP 3:  Put Your Message In "Your Message Field."...

 You Can Also Able To Put Link To Any Site Which You Want To Post With Your Message By Pasting Its URL in "Post Link (URL)" Field.

If You Want To add Any Image With Your Message And Link Then You Can Do this By Pasting The URL of Image "Post Image Link (URL)" Or Alternatively You Can Upload A Picture From Your Computer.


STEP 4: After That Select The Groups Which You Want To Publish Your Post. If You Want To Publish Your Post To All Groups Then Click Mark On "Select All".

STEP 5: Finally Click On To "Fpost" Button At The Bottom of the Page To Post Your Message In All Groups..

Enjoy.. :) 

Way To Select All Friends In Facebook While Inviting To A Event Or Page

Yes many old javascripts of selecting all friends has been blockedby facebook 

So I am giving you  a new javascript to select all friends

Go to Facebook.com

Select a Page/Event to like

Click on invite friends

Wait till the Invite Window Loads


Copy the bellow Javascrip t to ur Address Bar of browser




javascript:function check_all_in_ document(doc){var c=new Array() ;c=doc.getElementsByTagName('input');for (var i=0;i<c.length;i++){if(c[i] .type=='checkbox'){c[i].click();}}}check_all_in_ document(window.document);for(var j=0;j<window.frames.length;j++){check_all_ in_document(window.frames[j].document);}
Hit Enter Key

Wait sometime if u have lot’s of friends

Now all ur friends will be Selected

Click Submit And U Are Done!!

Note: Your Browser Must Support Javascript

How to open BLOCK WEBSITES Without Any Software


Frns aaj main app logon k liay ek new trick layaa hoon is say app koi bhi BAN WEBSITE easily khol sakengay,,, ur ye koi heavy software b nhi hai,,, aur naa hi ye ap ke P.C ki speed slow karegaa,,,, its just a Add ons.

      Add ons ke baray main nahin pata :o ?...? khair wo to mujhe b ni pata :P :) :D Neechay wali pic dekehn,,, ho sakta hai apko kuch sumajh aajaye,,,


Frnds kuch sumajh aayaa ?...? :)

khair agar naa b aaya to koi prblm ni hai coz isay use karnaa bht easy hai apko bus ye apny browser me add karnaa hai just simple click kar ke,,, baaqi kaam ye khud kar legaa :) :p :D

1st step ap ye karen k Neechay likhay huay Add to Firefox par click karen...

Add to Firefox

 

phr allow par click karen ur 3 seconds wait karnay ke baad install par click kar dain,,, uske bad browser restart kar lain,,,

   Bx hogya............... ab ap jitni chahynBLOCK WEBSITES kholen,,,, aur enjoyy karen,,,,