Total Pageviews

Tuesday, 6 June 2023

安卓远程管理工具AndroRAT



AndroRAT,一款开源的C/S(客户端/服务器)应用。这款应用允许用户以远程方式控制Android系统, 所以不少黑客也喜爱使用。这款Android应用会在系统启动完成后以服务形式开始运行。用户并不需要与该服务进行交互。此应用还允许用户通过呼叫或者短信等方式触发服务器连接。功能包括收集联系人、通话记录、消息以及所在位置等信息。此应用允许用户以远程方式对接收到的消息以及手机运行状态加以监控,进行手机呼叫与短信发送,通过摄像头拍摄照片以及在默认浏览器当中打开URL等等。

Github地址:https://github.com/wszf/androrat
---------------------------------------------------------

Remote Administration Tool for Android

Androrat is a client/server application developed in Java Android for the client-side and in Java/Swing for the Server.

The name Androrat is a mix of Android and RAT (Remote Access Tool).

It has been developed in a team of 4 for a university project. It has been realized in one month. The goal of the application is to give control of the android system remotely and retrieve pieces of information from it.

Technical matters

  • The android application is the client for the server which receives all the connections.
  • The android application runs as a service(not an activity) that is started during the boot. So the user does not need to interact with the service (Even though there is a debug activity that allows configuring the IP and the port to connect to).
  • The connection to the server can be triggered by an SMS or a call (this can be configured)

All the available functionalities are

  • Get contacts (and all their pieces of information)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in life (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from the microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone

Folders

The project contains the following folders:

  • doc: Will soonly contain all the documentation about the project
  • Experiment: Contain an experimental version of the client articulated around an activity wish allow by the way to stream video
  • src/Androrat: Contain the source code of the client that should be put on the android platform
  • src/AndroratServer: Contain the sources of the Java/Swing server that can be run on any platform
  • src/api: Contain all the different api used in the project (JMapViewer for the map, forms for swing, and vlcj for video streaming)
  • src/InOut: Contain the code of the content common for the client and the server which is basically the protocol implementation


Main GUI

This is the main GUI where all the clients connected appears. The list is dynamically updated when a new client connects or is disconnected. Moreover, a log of all connections and global Information are shown in the log panel at the bottom of the window. A simple double-click on a client opens his window to interact with him.

Main GUI

Client Panel

All the actions with a client can be made in the client window which is articulated around tabs. The default tab is called Home and provide various functionalities. First, as we can see in the left scroll view all the information about the client like sim Infos, battery Infos, network Infos, sensors Infos etc. On the right, there are the options that allow remotely to change the configuration of the client like the ip and port to connect to, either or not wait for a trigger to intent server connection etc. Finally, quick actions can be performed in this tab like a toast message, do vibrate the phone or open an URL.

Client Panel

Other tabs

The two screenshots below show two other tabs for two functionalities which are respectively getting contacts and geolocation. As you can see on the get contacts panel the list on the left shows all contacts the name, the phone number and the picture if available. Moreover on the right three buttons allows getting more information about the selected contact to send him a SMS or call him. For Geolocation, we can choose our provider either GPS either network that uses google to locate. Then the streaming can be started and the map will be updated as soon as data has been received.

Contacts

GPS tab

Use Notes

  • You will need the Android SDK and Eclipse to compile this project.
  • Command & Control Application is cross-platform Java, tested fine on OSX, Linux and Windows
  • You need to edit /src/Androrat/src/my/app/client/LauncherActivity.java before compiling the APK.
  • This is where you hardcode the listeners IP and Port. You can use an IP, or a domain name like a DNS.
  • On certain mobile devices, it drains the battery fast. Be aware of this.

Note: I am not the author of this software, it is forked and slightly edited. I may make changes to it to fix bugs as I go along, but I am not a java programmer at heart, and only have this here for my own use in testing.

from https://github.com/wszf/androrat

No comments:

Post a Comment