binding a payload for android in an image

Interesting, I’ll keep an eye on this thread.

What do you mean? Like exploit an android device by sending it an image?

[quote=WHGhost]What do you mean? Like exploit an android device by sending it an image? [/quote]

I understood it this way.

If you find a way to launch code from a picture… yes you can do it, but now the question is : how?

yeah idk either but there should be a way …..

well we can bind a payload (apk) with an image and binding a payload onto an legit app is possible but what i want is just a normal image that installs nothing but keeps on running in background and act as a backdoor plus i’ve seen all the tutorials on youtube most of em are fake and the remaining of them are creating an apk via msfvenom soooo helppppp meeeeeehhh…..

I am looking for something like this…. **https://thehackernews.com/2016/09/hack-android-phone-security.html**

Have you ever tried to exploit this ‘Exif’ vulnerability (on an android device)?

Why an image? And why should it be possible?

@dimooz i have not tried it yet i have just read that article and @dloser i want an image coz its easy to send a image to victim and he/she wont even notice that it can be a payload . it should be possible coz I’ve heard from ppl about this …. so yeah there should be a way to do it..

This vulnerability was fixed back in September 2016, so it would only be usable with very outdated phones. Or you would have to find an other 0 day in Android, good luck with that. Doing such a thing on a phone which does not belong to you is illegal by the way, you should not do it.

[quote=dloser]
Why an image?
[/quote]

I assume it’s for the super stealth mode :p

[quote=nikhilrawat]i want an image coz its easy to send a image to victim and he/she wont even notice that it can be a payload[/quote]
Easier than sending them, let’s say, some text?

[quote=nikhilrawat]it should be possible coz I’ve heard from ppl about this …. so yeah there should be a way to do it..[/quote]
Oh.. other people said it was possible. Yes, then it must definitely be true.

For a second there I thought you had actual some knowledge about these things and had come to this conclusion based on rational arguments. Little did I know you are just some kid who heard about something and wants others to tell you how to do it. Gosh, my faith in humanity has really gone. This time for real!

dude i was in some random chat room then i saw ppl talking about hacking someone via sms or an image so i started digging more and i came up with that post ….. and yeah i am a kid :P i am only 15 and i thought all these forums are for discussing stuff and clearing out confusion ig i was wrong idk man :(

Oh, right. I guess I misunderstood your posts as asking for a very specific hack (“what i want is just a normal image that installs nothing but keeps on running in background and act as a backdoor”) while it was just an attempt to start a discussion on how these things work and such. My mistake.

no worries :)

/s

What happened to all the users.. XD you’re the most alive user of this website are these guys paying you or what to be active? :D

I am? Maybe I pay them to be able to post here…

Idk man, maybe they have better things to do?

Maybe…. XD

I’m pretty sure there’s a native backdoor in each mobile phone, secretly installed by each phone manufacturer, that allows to remotely activate camera, recording, and access to phone’s data (contacts, agenda, etc.). This function can be used with just the victim’s phone number, followed by a special code with numbers, sharps and other special chars in it (a long string). Problem is only few people have access to these special codes databases, each phone model has its own. And I have no idea about how to get this code from a mobile device, otherwise I would have tried on my own one immediately. I used to work for one of these (well-known) companies, that build phones. I can tell you that functionality has always existed, since the first mobile phone with an embedded camera has been built. I can’t imagine that phone manufacturers have stopped to do it, for a lot of reasons (technical, commercial, even political…).

its not possible ….. no company can install a backdoor or whatever to access users data and if a company is doing such things then theyre just violating the rules and that company can be taken down now you would say the CIA have that thing or whatever but tbh no one knows what theyre hiding but somewhere in wikileaks i saw a article it was some vault no something i dont remember and its name was zero day in that article they said that CIA are keeping some malware that have the potential to hack android , smart tv ios etc and they’re hiding some zero day exploits

here —-https://wikileaks.org/ciav7p1/ it was vault 7

Do you really think huge corporation care about such laws when they can make money?

I dont know … but why would they risk their reputation

The technology related to what I said does exist. As my boss explained, laws can change with time and are not the same everywhere. The brevet has already been registered, and maybe the hack availability is enable/disable following local laws. Or not. For phones from this trademark, but I’m pretty sure that if one of them does it, all of them also can.
Imagine you receive a text message on phone. Which one triggers recording and send it to another number at the end. All of that in stealth mode. That’s technically possible. Don’t trust your phone.

Look if we’re talking about small companies like vivo or oppo or whatever I would agree to you but if you’re talking about apple, Google and all then I don’t think there’s any chance coz they won’t risk their reputation just for stealing users data

[quote=nikhilrawat] I don’t think there’s any chance coz they won’t risk their reputation just for stealing users data[/quote]
Stealing user’s dt is their business model, and they have a great reputation anyway. People don’t care, they are like sheeps following trends and selling their freedom for a false social status and more ease so they don’t need to learn how to do anything by themselves.

And they have a backdoor on your device anyway: forced updates

Maybe idk man….

I was talking about a very big company. Who builds phones and satellites, and other technical stuff.

Let’s just not talk about these stuff and just stick to our objective so anyone here knows how to do it….?

What about NO? :p You may be interested into reading the CoC & ToU

No, I think it’s a bad idea because the prey will be surprised when you install an application and when you open it you will find a lot of doubt, and you will lose control and contact with the victim when you close a picture.