dSploit

The most complete and advanced IT security professional toolkit on Android.

New Build Server and Nightly Releases

We’d like to officially announce that we now have a dedicated build server to automatically generate nightly releases.
A script is scheduled to run every hour and check for new commits on the source code repository, generating fresh packages whenever one of us will send patches, fixes and new features to the master branch.

I’d like to thank Alexander Hagenah for the server ( and plenty of his time setting it up! ) and ( as usual ) Massimo Dragano for providing help with build scripts and the whole process … you are the best guys! <3

As always, the download url for nightly builds is http://update.dsploit.net/nightly.

Changelog for 1.1.1b-20131229 New Nightly Release.

I’ve just built a new nightly release and uploaded the signed APK since many of you guys was asking for it, I’m sorry if I didn’t make a new release every day, but there were a lot of small changes and fixes I wanted to incorporate in a whole new package.
This is a changelog with major changes. All of this thanks to Massimo Dragano ( tux-mind ) who’s actively working on the project. The new release aims to improve integration with the Metasploit framework, fix many issues, improve spawned processes handling and … fix the LD_LIBRARY_PATH bug/limitation!

Nightly Releases Available.

Since many of you asked how to compile dSploit themself to try the new features, and many of you had problems with that ( yeah I know, building an Android app is not as easy as compiling a “Hello World”, right? ), I decided to make nightly built apk available for everyone.

dSploit on Pledgie, Support Us!

As you might notice from the right sidebar, dSploit is now a Pledgie powered project, this means that you can now donate any amount you want with ease.

Please consider to make a donation to help us keeping the project alive and pay the monthly server and bandwidth price, or if you can’t afford a donation spread the word about dSploit and Pledgie donations … thanks! <3

Click here to lend your support to: dSploit and make a donation at www.pledgie.com !

A New Team Member … MetaSploit Coming to v1.1.0b!

I’m happy to annouce that Massimo Dragano aka tux-mind decided to merge his modifications of dSploit with the master branch, joining the list of the offial contributors and team members of the project.

I don’t have words to describe his work on dSploit, so I’ll use what he wrote me in the pull request on GitHub:

hi evilsocket,
i finally got msfrpc working properly.
there are a lot of cool stuff to carry on... exploit options, sessions, shells handlers and so on.
if you add me to the repo collaborators i'll be glad to help you to get dSploit always better ;)

why i do this?
sincerely i hate java, i always used C, and i love it.
but the prospective that i can leave meterpreter backdoors in every nearby unsecured PC from my phone, it's awesome!
infect on the fly for explore them later, easily from my home. wonderful!

i hope that my work will improve dSploit a lot :)

bye!

PS:
the gentoo armv7a system image with msf inside can be downloaded here:
http://androtransfer.com/?developer=tux_mind

Important Note on the Incoming 1.1.0b Version

After more than a year a new beta version v1.1.0b is coming, featuring full localization for many languages, a complete graphical restyling and many minor optimizations and fixes.
Unfortunately I’ve lost the original certificate I used to sign dSploit packages on each release, this means that the auto update mechanism between the current 1.0.31b and the new 1.1.0b version will not work.
You will be prompted for the new update and you will be able to download it, but installation will fail since the two apks will have different signatures and Android considers this as APK tampering.

Therefore a manual installation for the new version will be required then, starting from 1.1.0b the auto update process will continue to work as usual since I’m gonna backup the certificate everywhere :D

Please do not use the comment box to ask when the new release will be available, multi languages localizations need to be finished and only then I will release the new APK.

That’s Funny, Something’s Moving in the OSS Community.

I have to admit it, a few hours ago when I saw the email from github which notified me about the Androguide huge pull request, a smile appeared on my face.
Just 24 hours ago I announced about dSploit being an abandoned project due to the lack of support from the OSS community and today I received from Louis Teboul one of the biggest code patches I’ve ever seen.

What he did, whas a complete refactoring, patching, restyling and translating of the project, as he states in his pull request:

This pull-request aims at modernizing dSploit in terms of design, tooling and UX.

The following changes were made, in a separate “gradle” branch:

  • Integration with the new Gradle-based android build system as well as the Android Studio IDE
  • Full refactoring of the user interface, for a more modern, Holo-compliant design (see screenshots below)
  • dSploit is now almost fully translatable (the plugins will need their constructors to be refactored to make the plugin selection screens translatable)
  • Added partial French translation
  • A lot of refactoring and use of syntactic sugar for a cleaner code which is more compliant with the Java conventions, as well as some performance tuning and extra error-checking

The Past, the Present and the Future of dSploit

Here I am, after more than a year dSploit being a reality, I feel I have to give some updates to the users and be honest to them.
dSploit was born as a game, a little project to fill empty afternoons of the summer of two years ago and a challenge with myself, as the majority of the open source projects I publish.

As soon as I published it on my github account, the project had a huge spin in its visibility, most of it thanks to the XDA community and the dozens of blogs that talked about it, so what initially was just a game suddenly became something big.
As many of you might already know, I work as a software developer, so basically I have the infinite luck to work with what I most enjoy and am passionate about … but I have bills to pay, a rent for the house I live in and the free hours I have to work on my open source projects are getting fewer and fewer every month.

Moreover, although dSploit is actually one of the most used applications around the globe by security geeks, it didn’t received the contribution it needed by the open source community. Many people offered themself to help, some of them were in the Team page for a few weeks too, before I removed them since not a single commit was sent to improve dSploit, or at least fix some minor bug.

Open source doesn’t mean “hey dude, this is cool and free, come and get it!”, actually it means “this is cool and free, use it and improve it”.
I’m ok with the fact that not everybody is a developer, and even among developers not everyone is able to code something like dSploit ( I’m not acting like I am the best dev around, this is just a fact), but I can’t believe that no one, and I mean NO ONE among the dSploit users ( especially people from github ) has the time or the skills to submit me patches, new features or any kind of piece of code that could help.