i am looking for a decent app for protecting/encrypting files.
i tried several apps mentioned in this forum. none of them made me happy.
thx for the suggestions
Hi,
I would recommend Droidcrypt, and its going from strength to strength, I believe a trial Version is also available.
http://www.appbrain.com/app/droid-crypt/de.atm.android.security.encryption.full
Regards
I can recom a app with the name APG. it is using the open PGP standards (public key system). It is compatible to GnuPGP and PGP(the original pc version).It is also running on MACs, Windows, and Linux. So if you copy a encrypted file(can be any kind of file) from the phone to the pc, mc etc... you can decrypt it there also. It means you do not need to decrypt files on your phone before you move them to your pc or the other way around, from your pc to your phone. It also has an plug in for K9 mail. So you can on the fly encrypt all your emails, too.
I have tried so many other "crypt tools" most of them are not safe, or do have software flaws and do store your password. The pgp standard is considered to be unbreakable if you use a strong password, as the encryption is not made with your password but with RSA or one of the prof codes like AES, DIFFHellm. etc........
I took a look at the recom of Mr.Buzzboy. Droidcrypt is really a nice tool. AFAICS it will do all encryption well. A nice feature is the "wipe" capability, which is not included in APK.
Also the system integration is much better than APG. The bad news is it stores and caches the passwords and is not hacker proof even it uses AES but the implementation is not professional. However, it is good enough for most users here.
Strong recom!!
hope this info helps
greetings from SiChuan, China
Related
Good evening folks,
I am considering buying the HTC Touch Pro2 when it is released in the USA on Tmobile. I would like to understand what hacking (security testing) tools are available on the Windows Mobile Platform. I am a security professional and have the desire to perform penetration testing from the HTC Touch Pro2.
It seems the MetaSploit framework is not available. I like to work with the command prompt, is the command prompt accessible on the HTC Touch Pro2? I've read some info about being able to mount ISOs or run emulators. Is there WiFi hacking software such as Kismet available?
Does anyone know what hacking tools are available for this platform?
Thank you!
Anyone have any ideas?
It doesn't run real windows, you can't get a command prompt. You'd be better off with a real machine.
There's a couple companies out there that sell WM devices for pentesting, but they are all provided with the hardware since they are focused on wifi and I don't believe the standard WM stuff lets you put it into promiscuous mode.
You'd probably be better off with an android device so you can just compile whatever you want.
MSFT products have never been suitable for comp-sec professionals.
You're better off connecting to a *nix box using either PocketPuTTY or using a webbrowser to connect to a remote server running metasploit.
Check out VxUtil, it gives you DNS, reverse DNS, port scan, ping, finger & so on. Pocket Putty is a good free SSH client, also does port forwarding.
OpenVPN works as well if that takes your fancy. Lots of security tools are available, they are just a bit obscure. I don't think nmap is around though.
thanks for the reply
Our company actually just released a new product (called Security Tools) that lets you ping, traceroute, do a WHOIS lookup, and even do port testing on your Windows Mobile phones. The port testing can even send clear text commands to a port such as 'GET / HTTP/1.0' to verify that it is a HTTP service listening on that port. The traceroute is also able to visually show the trace (if it's public IP address) on a map so you can kind of get a visual representation of where your traffic is going. Please feel free to try our one week free trial which lets you use the application for a week without limitations, so you can make sure everything works as you want before you buy.
You can visit the original post here at xda over at this thread:
http://forum.xda-developers.com/showthread.php?t=550473
or you can visit the website for the product at:
http://www.securenetworksystems.com/SecurityTools/
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
AlCapone said:
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
Click to expand...
Click to collapse
I am sorry that you had troubles with the trial download, if you PM me with your Device ID I can get you one. We are aware of the low resolution, but rather than focusing on a pretty icon, we worked hard on a functional program. The long Device ID is not to annoy customers, it is actual a very secure method that we use and if you are able to break it, I would be very impressed; I know it's long but it's to protect our intellectual property and no other licensing method existed that prevent piracy like this does. We know ever method is breakable, but this accomplished our goal of restricting to the pirates that are going to steal software no matter what.
As far as the server... you are using a Microsoft product as well for you phone. We very rarely use Asp.net through our site, in fact it's only for license generation and to set up an order, but doesn't actually handle purchases. So the site is secure and I am confused on why you think our site is so insecure. I love Linux and Apache as much as the next network administrator. 4 out of 5 of my personal pc's run Linux with one set up with Apache for my personal site, but for our business needs, we went with IIS.
Again I am sorry that it didn't work for you, I will double check to see if it's still properly generating license, and remember, the trial starts from when you download the license, not run the application with the license.
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Fmstrat said:
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Click to expand...
Click to collapse
you are right; - it's simply "Cain for PPC:"
http://www.oxid.it/downloads/Cain_setup_PPC.ARM.exe
and yes, it's far away from the "real" Cain.
AlCapone said:
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
Click to expand...
Click to collapse
Thanks for the link, I looked into and we are not vulnerable against the attack and never have been due to the attacks requirements (http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx). As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms. The extremely long serial that you are talking about is a unique ID for your phone. We know it's long and are always looking for ways to improve the licensing we use. The license is a file and not something that you key in, you copy to the installation directory; so you can keep a copy in your email, on your computer, flash drive, where ever for back up purposes in case you need to reload the app.
As far as reflashing, that is a very valid point. I am not 100% sure, but I believe reflashing should not hurt the license, which would hopefully mean you wouldn't have to enter your device id again. But if any one could confirm this, that would be appreciated. We know a lot of the people here are very advanced and know more about their phones then most the people at service providers or even the phone manufactures themselves sometimes, which is why we enjoy releasing our products here for testing before we release them to the public. In the little time that Security Tools has been up we have received some constructive feedback on what could be improved.
Punkster812 said:
As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms.
Click to expand...
Click to collapse
Right, that's why I said long numbers would be good for only that, once the calculation/verification routine is extracted for a keygen, it's no more job whatever the result is 6 or 50 digits long.
- Therefore, you might save your customers from all the boring entry, because no keygen /(or crack) will be more difficult by having more digits.
hi,
i am looking for an app that can encrypt folders on my sgs2
i tried "gallery lock" but that just changes the extension.
it seems hard to find a android app for that, any suggestions?
thx
Tasker can do that if you buy the non-market version direct from their website.
http://tasker.dinglisch.net/userguide/en/encryption.html
i just installed it, its not that user friendly but ill give it a try. thx for the suggestion
True, there is a learning curve, but it's well worth the time. You can manually encrypt files/dirs, create a widget to encypt files/dirs, or you can even have Tasker encypt files/dirs if you send a SMS to your phone with certain keywords. However, encyrption is just one of many many things Tasker can do. It's ultra-powerful if you spend the time to learn it.
Good luck.
RR File Locker
RR File Locker in the app market
works just like creating a truecrypt volume, it even erases temp files created to show encrypted info... love it.
wish it worked faster and the encryption was stronger but whatev we are on mobile phone chips not full sized PCs
colonels said:
RR File Locker in the app market
works just like creating a truecrypt volume, it even erases temp files created to show encrypted info... love it.
wish it worked faster and the encryption was stronger but whatev we are on mobile phone chips not full sized PCs
Click to expand...
Click to collapse
cant seem to find it in market
lector007 said:
cant seem to find it in market
Click to expand...
Click to collapse
It probably has something to do with the export restrictions for encryption. I can see it in the market. I know there is a way/app to spoof your location so it looks like you're from the US, but I can remember what it's called. Hope that helps.
By the way, the app I was thinking of is called Market Enabler:
https://market.android.com/details?id=com.notenking.mf
Additionally for apps you could try the free and open-source:
ht tps://f-droid.org/repository/browse/?fdfilter=lock&fdid=com.gueei.applocker
I use this: https://play.google.com/store/apps/details?id=com.mwgo.filelocker&hl=it
Simple, fast and works
As I understand it, not all apps are suitable for all devices (Thus the device filter drop down on google play.)
For any given search term, play.google will drown you.
Are there (links to?) threads with best of class apps by category?
(Recognizing that this is a moving target / people have their fav's.)
[Otherwise, start one here?]
In some senses, coming from a sysadmin perspective, for the purposes of this thread.
For example, it seems prudent / intuitive to be running a firewall. (iptables, presumably). Yet there are quite a number when one searches for 'firewall'. (Yet until I went looking, I've never seen 'firewall' mentioned in threads, pages, etc., I have come across.)
Or, an ssh client seems useful, yet searching on ssh reveals most need root first. (Not complaining, just haven't gotten that far.)
Links?
----
VNC (Remote control a computer, man, way more viable on Android with pinch zooming screens than I ever would have expected) - android-vnc-viewer
[Seems to 'just work'. Note: Was already set up, across multiple computers/OSs, able to VNC each other.]
You don't need a firewall. Android is a tight ecosystem that doesn't need to be protected from itself. If you really care, most ROMs already have iptables in the kernel and commandline tools already installed; just root. (You'd need to root for any firewall app anyway.)
SSH *clients* generally don't need root. Servers are another matter. Some are server/client bundles but the client part should work just fine without root. I've used ConnectBot in the past and was pleased with it, though now that my server is wrapped in a VPN my phone doesn't support, it doesn't have much use for me anymore.
roothorick said:
You don't need a firewall. Android is a tight ecosystem that doesn't need to be protected from itself. If you really care, most ROMs already have iptables in the kernel and commandline tools already installed; just root. (You'd need to root for any firewall app anyway.)
Click to expand...
Click to collapse
I think perhaps I wasn't clear, or we're forgetting about one aspect of firewalls.
I'll accept your comments (and thank you) with respect to security.
However, what I also meant by firewall was blocking - be it to nefarious sites in foreign lands, or to other unsavoury ip's - be it in, or out.
e.g. A firewall facility utilizing the bluetack lists. (I'll accept if you have a better word for such an 'app' than 'firewall'.)
Thanks for any thoughts.
Infomations about the Brain.exe
-------------------------------
Brain.exe enjoys great popularity.Whether bloody PC beginners,whether petrol normal user or PC power users,every user should be available Brain.exe.
Brain.exe protects against viruses than any other program: Use the built-in filters,there are daily free updates. Still unknown variations can filter Brain.exe. The program separates spam from real mail, achieving a success rate of 99.99%. This value can of course be achieved only if one day bring the software up to date. A firewall is Brain.exe too. It prevents malicious programs are installed and spy on things that are better left private.
The configuration is very simple: checks Brain.exe what programs are installed on the hard disk and analyzed using a global database which programs can get Internet access and which programs are allowed to access externally to your PC.
Simply start the program and already the PC protected. Can not be a simple program.
-----------------------------------
whats inside:
-Virus Protection
-Spamfilter
-Firewall
-free daily updates
-----------------------------------
System requirements:
---------------------
Despite the large scale of the program, the system requirements are kept as low as possible. Brain.exe should run on any operating system of any version at all system configurations. Brain.exe is international and can be used free of charge worldwide. Even in the smallest country is Brain.exe exists and is used by a lot. It recognizes Brain.exe the local language and adapts to this. It sounds crazy but it's true!
Brain.exe can be used no matter what the circumstances. Over 7 billion downloads can not lie.
User opinions:
-------------
Markus R.(28)
I am an IT specialist and for me it will always be the best. Because this is about my safety and that of my clients. Until recently, I always recommend to my clients the Kaspersky anti-virus package.
But then I got to know and brain.exe miss it no longer wants. So simple, so small and yet so full of power. There is nothing better.
Sebastian W. (22)
I use my PC only for writing letters and occasional surfing. So far I had a program against viruses, one. As firewalls, spam filters All of these programs properly set is not easy and very time consuming.
Then I got to know brain.exe. The installation went of its own accord, and I did not have to worry about anything else. It was easy and the PC was perfectly protected. Since then I can surf safely. Thank brain.exe!
Isabell G. (24)
In the present time there are enough viruses, spam and network attacks. I was always very impressed by the software, the test winner ala Kapersky, ZoneAlarm and Spamihilator.
But then I got to know brain.exe. The program was presented on sites like chip.de, zdnet.de and heise.de as insider program. And such a powerful program I have not seen for a long time. So easy to configure, yet so strong. Even if it was, according to my knowledge, never been explicitly tested yet, so I can say from experience that one should brain.exe definitely give it a chance: you will not regret it.
Nägelus Business PC Solutions
A company can not afford any mistakes. Too many customers and references are at stake. In our internal network, we tested brain.exe and were surprised. Such a good program, we had not even anticipated.
Since then, we advise all our customers the software package from brain.exe.
Download:
Brain.exe is currently available in version 1.0, a software update is unfortunately not in sight. The program is already in the first final version so perfect that it does not need any updates. Only the definition lists are filled daily with new data. These are get free, as simple as visiting a news site.
Here is the Exclusive Download:http://forum.xda-developers.com/picture.php?albumid=8046&pictureid=29372
Brain.exe not even running, it can have two causes:
It is the fatal system error "Brain <-> User Interface not found by" before. But this is extremely rare.
After some time, leaves from the performance of Brain.exe. This happens only after an average of 50 years duration. Through ongoing updates and new information is Brain.exe after that time no longer able to work properly. Brain.exe shuts down automatically after an average of 78 years with the message "Brain.exe - EOL".
HAVE A NICE DAY!!!
NOTE:SHARING IS CARING..........GREEEEEETZ
Hey guys,
I am a web developer and decided to create a mobile application for Android and iOS using Phonegap. Creating the graphical interface isn't a problem, but somehow I need to store 2 tokens and a username (the app receives data from a server and somehow the user has to be authenticated. So the tokens and username get posted every time I request some data from the server). My question: I already heard about localstorage - is this a secure way to store the tokens? A https connection is available, so man-in-the-middle isn't possible. Localstorage is sandboxed, right? So there should be no problem to simply store it in this way. Or am I missing something? I already thought about encryption, but to be honest: Javascript and encryption don't make sense as you would need to somewhere store the secret and in this case it would be directly inside my JS file...
Thanks for your help!
Yes, localstorage is sandboxed so each app will have it's own dedicated space to avoid variable clashes. Though it's by no means secure in the sense that it's relatively easy to view it through external means.
As far as encryption in javascript, this depends on how secure you need it to be. Properly obfuscated JS is almost as difficult to reverse-engineer as Java byte code (though still quite doable if someone is determined enough).
To be more secure you would need to get the user to enter a password/passphrase at the beginning of each session which is only ever stored in memory and used to decrypt the data stored in the local storage using a decent open source encryption library. In this case access to the JS won't be a problem.
You need to define what types of threats you are trying to protect from. Traffic between your device and the server is protected from sniffing and tampering by HTTPS, so no problems there. But all that is local on your device could be examined, reverse engineered, and altered by the owner: local storage, encrypted or not, traffic between app and Android OS, data in RAM memory, etc. I would trust regular web component security features (cookies+HTTPS), as it is considered safe for things like online banking. But I don't think there is a way to protect data from the owner.