SilentServices

Class0Firewall

SilentServices
Class0Firewall is a Proof of Concept app that protects you against an SMS attack discovered by Bogdan Alecu. He also came up with the idea for the defense. The attack (and the defense using this app) is demonstrated at the Defcamp security conference.

ATTENTION: This App will not work on Android 4.4 KitKat. If you are running Android 4.4 I strongly suggest that you update to Android 4.4.2. In this version the FlashSMS vulnerability as well as the WAP PUSH 0-byte vulnerability is fixed and there is no need to install this app. Thanks!

To make it work simply open the app and set the values for threshold and block duration.

The message threshold is set for messages per minute that are allowed to be received. If the number of incoming messages exceeds the defined value the message gets dropped by the Class 0 Firewall.

To define how long a sender should be blocked just set the minutes in the second field.

To test if the firewalling is effective you can use tools like PDUSpy, a SMS Gateway Software or use my app HushSMS which can send Class0 messages (http://www.silentservices.de/products/android-hushsms/)

If a message gets dropped a toast message will appear. Also if a message count for a specific sender will be reset a toast message appears. The next release will show a notification icon in the notification area to make you aware that something has happened.

I am aware that an attacker might spoof the senders number. For that the next version will include a "same origin" policy.

If you have any questions about the app or find a bug please contact me via email and I will try to solve the issue as soon as possible.

Graphics from http://www.clker.com/ Mainly from OCAL, thanks!

Bluetooth Scanner - btCrawler

SilentServices
btCrawler is the perfect tool to find other bluetooth devices and their services. It can be useful during a pentest or ethical hacking.

This tool can scan for surrounding visible bluetooth devices. It shows the device type, supported services and the signal strength. It can also be used to locate a device based on the signal strength. Devices like Headsets are usually only visible during the pairing phase. Thus you might not be able to track your lost headset even if it is still connected.

Features:
- Database support. All scanned devices are now stored in a database and can be reviewed. Stored data includes the time a device is first seen and when it was last seen.
- List currently paired devices
- Scan for visible devices
- Shows Device Name, BDADDR (like MAC), Class of Device, Vendor and Signal Strength
- Query SDP services from devices
- Pair / Unpair to devices

The Database can be exported to a csv file on the external storage. Filename is: btcrawler-.csv
Example: /mnt/sdcard/btCrawler-01-09-2013.csv

The csv has the following order: Device Name, Device Address, Class of Device, Pairing Status, Last Signal Strength, First Time Seen, Last Time Seen, Vendor.

The Database can also be wiped. For both functions hit the menu button.

Over the time I will add more features as I find more ways to mangle the API a bit more.

(People call btCrawler often also: BluetoothScanner, Bluetooth Scanner, Bluetooth Sniffer, BluetoothSniffer, Bluetooth Wardriving, Bluetooth Diagnostic, Bluetooth Tool)

Act responsible like a hacker, not like a cracker or skiddie!

Graphics from http://www.clker.com/ Mainly from OCAL, thanks!

FlashSMS

SilentServices
This tool enables you to send Flash SMS messages also known as Class0 SMS in GSM Networks.

It works on devices where the sendRawPdu API Method is present which is only on HTC Devices with stock ROM and Sense UI.
It will also work on Android >= 4.0 devices which have the Xposed Framework installed. If that is the case for your device please download and install the Xposed Helper Module from here:
https://www.silentservices.de/android-hushsms-xposed-helper-module/
The current version of the Xposed Module is 1.7.4 which is the minimum version required by FlashSMS to work properly. If you have a HTC Smartphone with Sense UI you will not need the Xposed Module!

What is a Flash / Class0 SMS?
Answer: A message that should per standard be immediately display to the user in a pop-up window. On some phones (like iPhone afaik) the message gets display without the senders ID and without the possibility to save the message. The message size is limited to 160 characters.

A full description of all kind of messages can be found here: https://www.silentservices.de/products/android-hushsms/

Flash SMS is also part of HushSMS which can be found on my Homepage.

Graphics form http://www.clker.com (Mainly form User: OCAL) Thanks!

PingSMS

SilentServices
PingSMS is often also called Stealth SMS or Silent SMS or Type 0 SMS and lets you determine if the recipient phone is switched on / booked into the network or not. If it is not you will receive a notification as soon as it is available again.

This is a GSM only App. It will not work on CDMA Networks.

You may already have heard of this kind of messages. Officials (like feds or other agencies) use this kind of message in conjunction with the service provider to locate you (or your device). HushSMS uses it in another manner, since we don’t have access to the provider network. HushSMS uses this message to determine if the receipients device is currently booked into the network and as such the receipient should be available or not. As per standard this message muste be received and acknowledged by any cell phone without notifying the receipient. Thus this message is also call “silent sms”. I have heard (but never personally seen) that some providers transform this message automatically to an empty default message. Thus, if this is true, the senders number is shown, but no one will guess why an empty message was sent.

It works on devices where the sendRawPdu API Method is present which is only on HTC Devices with stock ROM and Sense UI.
It will also work on Android >= 4.0 devices which have the Xposed Framework installed. If that is the case for your device please download and install the Xposed Helper Module from here:
https://www.silentservices.de/android-hushsms-xposed-helper-module/
The current version of the Xposed Module is 1.7.4 which is the minimum version required by Ping SMS to work properly. If you have a HTC Smartphone with Sense UI you will not need the Xposed Module!

A full description of all kind of messages can be found here: https://www.silentservices.de/products/android-hushsms/
Ping SMS is also part of HushSMS which can be found on my Homepage.

Graphics form http://www.clker.com (Mainly form User: OCAL) Thanks!

btPair

SilentServices
btPair is a Bluetooth Pairing Helper. It is free now.

Have you ever been annoyed by Android when you want to pair or unpair a Bluetooth device? Each time going to Settings->Wireless->Bluetooth Setting->Blah Blah...?

Well, I was. That's the reason why I wrote btPair.

When you open btPair a list of already paired devices is shown. You can unpair and repair with these if they are around you and available. When you click "Scan..." and all visible devices around you will be shown. A green or red icon tells you if the according device is already paired or not. Clicking on a device will immediately pair or unpair the device. That's it! Pretty simple, uh?

In case of bugs, questions, requests please contact me via email.

This app has been testet on Samsung, HTC and Motorola devices with Android versions from 2.1 to 3.2.

Tags: bluetooth, pairing, pair, unpair

Switcher for Plugwise Source

SilentServices
Switcher for Plugwise Source is a tool that enables you to toggle the powerstate of plugwise circles without having a Plugwise Smile P1 or Plugwise Stretch hardware. All you have to do is to enable the webserver service in the Plugwise Source software and configure the app with the IP address of the webserver and you're set. Switcher for Plugwise Source pulls all available appliances and shows their current power state and power consumption. If you click on an item in the list, the corresponding circle will be switched on or off.

If you have any questions or feature wishes, please contact me rather than leaving a bad rating.

Graphics from http://www.clker.com/ Mainly from OCAL, thanks!

ReplaceSMS

SilentServices
A Replace Message replaces the content of other messages that has been sent with this message type.

This is a GSM only App. It will not work on CDMA Networks.

Example: You send a message with the content of 'ABC' and Type 1. Then after it has been received you send a replace message again but now with the content of 'w00t' and the same type identifier (Type 1) and the content of 'ABC' gets replaced by 'w00t' without storing an additional message. The old message just gets overwritten. The message size is limited to 160 characters.

It works on devices where the sendRawPdu API Method is present which is only on HTC Devices with stock ROM and Sense UI.
It will also work on Android >= 4.0 devices which have the Xposed Framework installed. If that is the case for your device please download and install the Xposed Helper Module from here:
https://www.silentservices.de/android-hushsms-xposed-helper-module/
The current version of the Xposed Module is 1.7.4 which is the minimum version required by ReplaceSMS to work properly. If you have a HTC Smartphone with Sense UI you will not need the Xposed Module!
A full description of all kind of messages can be found here: https://www.silentservices.de/products/android-hushsms/
Replace SMS is also part of HushSMS which can be found on my Homepage.
Graphics form http://www.clker.com (Mainly form User: OCAL) Thanks!

IPS-Switcher

SilentServices
Fast and Easy App to Switch IP-Symcon Objects
Everyone who ever made something with home automation might already become aware of the mighty IP-Symcon Software. The company who brought you IP-Symcon also published an app on the Android Play Store which lets you use the Webfront from within an Android App. This might be a bit to heavy for some special use cases and so I developed IPS-Switcher. It’s as simple as the name suggests. You define the server address, the objects and then you can immediately switch your objects on and off. Nothing more nothing less. Of course some who know the IP-Symcon products might ask for how the licensing is done. Well, there is no online checking of the license, no requirement for permanent internet connection and no “phoning home” of the app. Download from the Play Store, install on all your devices and be happy. In it’s current state there is no SSL implemented so I would not recommend to use it over the internet. It’s meant for home usage. In a later version I will implement SSL for sure.

Instructions:
- Tap on the the wrench symbol in the top bar and configure the server IP, password, webfront id, etc.
- Next, create a switchable object by tapping the plus sign in the action bar. Enter the instance ID of the switchable object (get it from the webfront configurator) and the ID of the status field of that object. Enter a name and a group if needed and you're ready to go.

- Repeat the last step as often as you like for all your switchable objects

- If you want to modify or delete an existing object, just do a long press on it and a contect menu will appear.

If you have any questions, suggestions or critics please do not hesitate to contact me via email. Please understand that I can not answer to rating comments and I will have no option to get back to you if you have a problem with the software.

Graphics from http://www.clker.com/ Mainly from OCAL, thanks!