Since many of you asked how to compile dSploit themself to try the new features, and many of you had problems with that ( yeah I know, building an Android app is not as easy as compiling a “Hello World”, right? ), I decided to make nightly built apk available for everyone.
As you might notice from the right sidebar, dSploit is now a Pledgie powered project, this means that you can now donate any amount you want with ease.
Please consider to make a donation to help us keeping the project alive and pay the monthly server and bandwidth price, or if you can’t afford a donation spread the word about dSploit and Pledgie donations … thanks! <3
I’m happy to annouce that Massimo Dragano aka tux-mind decided to merge his modifications of dSploit with the master branch, joining the list of the offial contributors and team members of the project.
I don’t have words to describe his work on dSploit, so I’ll use what he wrote me in the pull request on GitHub:
hi evilsocket, i finally got msfrpc working properly. there are a lot of cool stuff to carry on... exploit options, sessions, shells handlers and so on. if you add me to the repo collaborators i'll be glad to help you to get dSploit always better ;) why i do this? sincerely i hate java, i always used C, and i love it. but the prospective that i can leave meterpreter backdoors in every nearby unsecured PC from my phone, it's awesome! infect on the fly for explore them later, easily from my home. wonderful! i hope that my work will improve dSploit a lot :) bye! PS: the gentoo armv7a system image with msf inside can be downloaded here: http://androtransfer.com/?developer=tux_mind
After more than a year a new beta version v1.1.0b is coming, featuring full localization for many languages, a complete graphical restyling and
many minor optimizations and fixes.
Unfortunately I’ve lost the original certificate I used to sign dSploit packages on each release, this means that the auto update mechanism between the current 1.0.31b and the new 1.1.0b version will not work.
You will be prompted for the new update and you will be able to download it, but installation will fail since the two apks will have different signatures and Android considers this as APK tampering.
Therefore a manual installation for the new version will be required then, starting from 1.1.0b the auto update process will continue to work as usual since I’m gonna backup the certificate everywhere :D
Please do not use the comment box to ask when the new release will be available, multi languages localizations need to be finished and only then I will release the new APK.
I have to admit it, a few hours ago when I saw the email from github which notified me about the Androguide huge pull
request, a smile appeared on my face.
Just 24 hours ago I announced about dSploit being an abandoned project due to the lack of support from the OSS community and today I received from Louis Teboul one of the biggest code patches I’ve ever seen.
What he did, whas a complete refactoring, patching, restyling and translating of the project, as he states in his pull request:
This pull-request aims at modernizing dSploit in terms of design, tooling and UX.
The following changes were made, in a separate “gradle” branch:
- Integration with the new Gradle-based android build system as well as the Android Studio IDE
- Full refactoring of the user interface, for a more modern, Holo-compliant design (see screenshots below)
- dSploit is now almost fully translatable (the plugins will need their constructors to be refactored to make the plugin selection screens translatable)
- Added partial French translation
- A lot of refactoring and use of syntactic sugar for a cleaner code which is more compliant with the Java conventions, as well as some performance tuning and extra error-checking
Here I am, after more than a year dSploit being a reality, I feel I have to give some updates to the users and be honest to them.
dSploit was born as a game, a little project to fill empty afternoons of the summer of two years ago and a challenge with myself, as the majority of the open source projects I publish.
As soon as I published it on my github account, the project had a huge spin in its visibility, most of it thanks to the XDA community and the dozens of blogs that talked about it, so what initially was just a game suddenly became something big.
As many of you might already know, I work as a software developer, so basically I have the infinite luck to work with what I most enjoy and am passionate about … but I have bills to pay, a rent for the house I live in and the free hours I have to work on my open source projects are getting fewer and fewer every month.
Moreover, although dSploit is actually one of the most used applications around the globe by security geeks, it didn’t received the contribution it needed by the open source community. Many people offered themself to help, some of them were in the Team page for a few weeks too, before I removed them since not a single commit was sent to improve dSploit, or at least fix some minor bug.
Open source doesn’t mean “hey dude, this is cool and free, come and get it!”, actually it means “this is cool and free, use it and improve it”.
I’m ok with the fact that not everybody is a developer, and even among developers not everyone is able to code something like dSploit ( I’m not acting like I am the best dev around, this is just a fact), but I can’t believe that no one, and I mean NO ONE among the dSploit users ( especially people from github ) has the time or the skills to submit me patches, new features or any kind of piece of code that could help.
I’d like to introduce you another project of mine, a website called EmotiCODE :)
EmotiCODE is a collaborative source code snippets aggregator and search engine but mostly a place where developers can find the answers they are searching for and contribute with their own contents to help others with the same needs.
Here it is the second post about dSploit internals, we we’ll discover how dSploit actually can intercept and manipulate traffic which was not originally supposed to receive, thanks to what we will refer as ARP cache poisoning.
The content of this article is taken from “Understanding Man-in-the-Middle Attacks – ARP Cache Poisoning” by windowsecurity.com.
I’m going to start this section of this blog explaining how every module of dSploit works at low level, both to give users an idea on what they are actually doing and to produce ( hopefully ) some interesting material about network security and generally speaking networking basic principles.
Hence let’s start from the beginnig, how dSploit discovers alive hosts on the network :)
Hi guys, after more than four months from the last release of dSploit, i’ve decided to open this blog and continuing dSploit developing.
I’d like to say to all of you guys that I’m sorry for this pause period, but as someone already knows, i’ve recently switched to a new job which is very time taking ( and exciting of course! ) therefore i hadn’t any free time to work on my projects.