About Teletype
Join
R
@rybakoshka
February 21, 2021

WWH education 20-21. Part 10. «Android»

Lecture#13 Android 12.04.2020

Lecturer: partyboy

(6:37:11 PM) partyboy: Hello everyone!

(7:01:42 PM) partyboy: Everyone prepared to read carefully and immerse themselves in the flow of information)

(7:02:45 PM) partyboy: Android devices (like the iphone) have been gaining more and more popularity among the hard workers of our specialty lately and in general people use gadgets more than regular PCs

Competently driving through applications (flowers, banks, shops, etc.) - we can achieve a high percentage of transactions. In general, we do it by driving either through applications that we download from the google market, or through the browser (built-in by default or downloaded (opera, mozilla, etc.)

(7:05:33 PM) partyboy: Any application (or site) asks for different information from the device and sends it to the store / merchandise. Applications usually collect a lot of additional information from the device

(7:07:31 PM) partyboy: They (applications) can see your geolocation, wifi networks around the device and deeper things: device serial number, MAC address, build number, kernel version, etc. (application, if anyone understood, this is any thing downloaded from google market.instagram is an application, a game is also an application, a browser is an application too =))

(7:07:59 PM) partyboy: Our task is to be able to change all these parameters on the device, depending on the specific drive!

(7:08:55 PM) partyboy: If we bring to mind the settings of our device, then our device will please antifraud)

(7:09:42 PM) partyboy: I won't load you with the technical aspects of setting up a phone-tablet, I'll tell you right away - all the solutions, answers to questions - this is all the great site w3bsit3-dns.com (add to bookmarks)

(7:10:08 PM) partyboy: I'll try to bring you the main base of the drive through the device.

(7:10:57 PM) partyboy: In order to spoof the device information of the tablet phone for driving, we need to have root access on it

(7:11:35 PM) partyboy: Root is like an administrator account in Windows or superuser in Linux, which allows you to do almost anything you want with the device.

(7:12:42 PM) partyboy: What does root give us?

(7:13:13 PM) partyboy: Ability to operate the phone settings, up to changing the poppy address, changing the gps location, changing the serial number, changing our device to the outside world beyond recognition

(7:14:11 PM) partyboy: So, first we need to have an android device in our hands.

(7:14:38 PM) partyboy: The first thing we do is put root on our device

(7:15:39 PM) partyboy: The non-system (modern) root wrapper is the Magisk program.

(7:17:09 PM) partyboy: https://www.youtube.com/watch?v=0gdLtBJXY1s

(7:17:24 PM) partyboy: Watch this video after the lecture for basic knowledge and understanding of root and magisk

(7:18:52 PM) partyboy: I repeat - first of all, find your device on the site w3bsit3-dns.com and look in the forum thread about magisk and setting / installing it, because each device is configured in the same way, but has its own features \ nuances

(7:20:52 PM) partyboy: From myself, I will say that the easiest way is to install magisk, and in general * pick * devices from the series samsung galaxy tab 2 10.1, galaxy s3 \ 4 \ 5, etc. (roughly speaking to android version 7, although devices with version 10-11 android on board can also successfully root and are also subject to change)

(7:21:41 PM) partyboy: don't ask me which phone / device I can recommend for driving) - choose yourself, see 4pda.ru)

(7:22:06 PM) partyboy: next

(7:22:46 PM) partyboy: Putting root as magisk on your device, then you should install the xposed framework (or edXposed framework, depending on the phone)

(7:23:14 PM) partyboy: What is the Xposed Framework?

(7:23:55 PM) partyboy: This is an add-on for Android that provides ample opportunities to customize installed applications and the OS itself.

Directly in Xposed itself, we can put various modules, ranging from those that change the splash screen when the phone is booted, to deep customization and changing data inside the device.

For example: fake a gps location, change the poppy address, build number, android version, etc.

(7:24:03 PM) partyboy: https://upload.wikimedia.org/wikipedia/commons/5/54/Xposed_Framework_screenshot.png

(7:24:11 PM) partyboy: This is how the main xposed framework looks like

(7:26:19 PM) partyboy: Next

(7:27:46 PM) partyboy: To * shaman * with device settings and change data, we need to install the Xprivacy module inside xposed (or other modules that you find inside xposed, there is a directory there)

(7:28:00 PM) partyboy: https://airteltrickz.sextgem.com/images/How%20to%20Install%20and%20Use%20Xposed%20Framework%20%20Xprivacy%20App%20 [Full%20Tutorial%20with% 20Screenshot]% 203_thumb.png

(7:28:26 PM) partyboy: https://www.youtube.com/watch?v=UtvksMLPKC8

(7:28:47 PM) partyboy: Watch this Xprivacy video after the lecture

(7:29:06 PM) partyboy: So

(7:29:14 PM) partyboy: Now let's refresh our brains and remember the sequence of our actions:

(7:30:16 PM) partyboy: We buy a device => set root (magisk) => set xposed framework => set Xprivacy (+ other modules)

(7:30:56 PM) partyboy: We're half way there =)))

(7:31:49 PM) partyboy: Now we need to think about how we will spoof our IP to look like we are KX)

(7:32:12 PM) partyboy: There are several options:

(7:34:29 PM) partyboy: 1) via VPN (download any application, paid / free, connect to vpn and work). The most important thing in this option, as in others, is that we need all traffic / data from the device to go through the proxy \ tunnel \ vpn. Usually this is a button in the application - redirect all traffic or something like that.

2) through socks. To do this, we put the Proxydroid program, it is ideal for these purposes. If, when checking on whoer.net, DNS is fired, then we put the DNS Forwarder program in addition, we specify the necessary dns in it.

3) SSH tunnels. This is where everything is more complicated, but solvable. For my personal long journey to get the right solution, I settled on a program called ki4a.

(7:35:55 ​​PM) partyboy: Overall, to keep things running smoothly, my advice to you is to use a second device to connect to the proxy / tunnel.

Whether it's a phone or a tablet.

It will act as a router and our device for driving will connect to it via wifi or bluetooth, as if we are a Pindos, who connected to his wifi at home)))

(7:36:46 PM) partyboy: Read my author's article, everything with pictures is described in detail on this subject:

https://wwh-club.net/index.php?threads/manual-ssh-na-androjde.155204/#post-1715122

(AFTER LECTURE)

(7:38:24 PM) partyboy: You can, of course, configure a regular router or microcomputers of the raspberry PI series (raspberry is also called it) so that it distributes wifi in the room, the traffic of which goes through a proxy ...

But this requires either perseverance or money)

(7:38:48 PM) partyboy: The choice is always yours anyway !!!!!

(7:39:58 PM) partyboy: There are no ideal solutions - there are only working brains, straight arms and a desire for a goal;)

(7:44:02 PM) partyboy: Once you have successfully connected to your proxy and on whoer.net + f.vision checker everything is clear - then register the google device account. It is enough to go to the play market (or when you turn on the phone for the first time) and you will be offered to create an account yourself.

(7:44:35 PM) partyboy: We make an account accordingly (as a geray) under the cardholder.

(7:45:31 PM) partyboy: If your proxy is clean and the device is clean, then you will not be asked for SMS confirmation, or even more captcha. (in this way, I, for example, register google accounts * left and right *)

(7:46:02 PM) partyboy: This completes the system setup and preparation!

(7:46:18 PM) partyboy: NEXT

(7:46:34 PM) partyboy: Now we decide how and where to drive.

(7:46:54 PM) partyboy: There are two options: through the browser or through the apps.

(7:47:44 PM) partyboy: There are a huge number of applications, all of them stupidly find in the google market (for example, you can drive yourself a virtual number, the application is called PHONER)

(7:48:35 PM) partyboy: Use either the default browser, which is already in the system, or another, it's a matter of taste, as they say (you can download the opera, mozilla, dolphin browser, etc.)

(7:49:22 PM) partyboy: But, before launching any application or entering the browser - we MUST check that the xposed and xpivacy services are successfully launched on the system + we are connected to the proxy (check f.vision and whoer. net your ip)

(7:49:37 PM) partyboy: After launching any application, the xprivacy module will issue the following alerts:

(7:49:47 PM) partyboy: https://www.naldotech.com/wp-content/uploads/2015/02/xprivacy-xposed-lollipop-module.jpg

(7:50:00 PM) partyboy: In the photo, on the left, in the red alert, the xprivacy module tells us where the app wants to * look * and what to do about it. Deny \ Allow \ Configure

(7:50:24 PM) partyboy: https://www.youtube.com/watch?v=GSOC-as-o7Q

(7:50:36 PM) partyboy: Here is a detailed view of this moment

(watch after the lecture)

(7:52:21 PM) partyboy: Requesting access to your google account? Great, let's go. We registered our device on KX)

(7:52:29 PM) partyboy: Asking about GPS? In xprivacy, we change the coordinates.

(7:52:35 PM) partyboy: Etc.)

(7:53:00 PM) partyboy: The more the app knows about you and your device, the more credibility you have when buying

(7:54:10 PM) partyboy: You could think of this as some sort of * verification *.

All shops / merchandise have long been suspicious when a person from an ordinary computer under Windows 7 makes an order.

More trust in mobile devices;)

(7:55:32 PM) partyboy: After the lecture, check out another post of mine on the forum:

(7:55:48 PM) partyboy: https://wwh-club.ws/index.php?threads/manual-android-browsers-user-agent.169692/

(7:56:09 PM) partyboy: There I tell you how to change the agent's username in the browser for android (no root;))

(7:56:43 PM) partyboy: In general, we are ready to drive in, but remember - after each drive in (via the application) you need (preferably) reset the device to factory settings and register a Google account from a clean system, etc.

(7:57:27 PM) partyboy: But in order to minimize the time spent, I advise you to make a system backup.

This is done easily - either through the recovery device (w3bsit3-dns.com read), or through the titanium backup pro program.

(7:58:00 PM) partyboy: Driven into different applications => reset the phone to factory settings => downloaded a backup and voila - all programs seem to have just been installed)

Saves time decently

(7:58:27 PM) partyboy: Now)

(7:59:04 PM) partyboy: We smoke, swear and ask me questions) (in turn, put +)

7:59:26 PM) Tayna: if you don't distribute wi-fi, but write the sox directly on the device and work, is it much worse?

by the degree of fraud - the browser is much weaker than the application. right?

How do PP self-registers behave from a mobile phone? have experience?

(8:00:51 PM) partyboy: 1) no worse, but on some devices there may be traffic leak * by * proxy

2) true, apps are more credible

3) did not work with a stick, but, as far as I know, self-registers go at times better than from a computer)

(8:01:04 PM) Izolentna:

1) [08:36:05] <partyboy> In general, to keep everything running smoothly, my advice to you is to use a second device to connect to the proxy / tunnel.

Whether it's a phone or a tablet.

Not understood. Should we have one more device that will distribute?

Why can't you use Wi-Fi in a cafe, for example?

2) When we drive and check the ip on the computer and everything else in f.vision, we clear the cookies. You don't have to do this here?

3) How often do you need to change devices?

(8:01:34 PM) Izolentna: I know the questions are stupid. But you need to know the answers: D

(8:03:00 PM) partyboy: 1) yes. Wi-Fi in a cafe will give you an ip, and your task is to have a Pindos ip

2) you also need to clear cookies, everything is like on a computer

3) I change once a week)

(8:03:42 PM) OTJlU4HUK: On the second device we put a SIM card of any operator and change it once a month?

(8:04:07 PM) OTJlU4HUK: but the fucking device still needs to be changed ... okay let's go

(8:04:11 PM) partyboy: it is not necessary to put a SIM card, you can also connect via wifi

(8:04:42 PM) goldenbaum: 1. Why are iPhones and poppies identical - is it your preference - or a subject matter - or what was meant?))

2. Is a jailbroken iPhone better than a rooted android - purely statistically? Or is there no fundamental difference?

3. The question is already purely hypothetical - the newer the phone, the more expensive - the more trassty?)

4. Are there any recommendations on how to tie up the SS in the NSF?

5. There is a shop or an aggregator (for example, Farfetch) - put the application + if there is a log stolen from this service of a real user + payment from NSF = super fucking situation which is it worth striving for?)

6. And yet, if I'm ready to fuck with a jailbreak, will an iPhone be more justified for an anti-fraud?)

7. Is it possible to extrapolate the scheme of working with mobile devices - as the most effective method for today - in all such cases except for driving?

8. Are there any lists of serial numbers of devices - which were determined in which country they were sold - in theory, you can replace the serial number in all these things that you described -> respectively, set the number more precisely under kx -> or is it already paranoia?

Sorry, the questions could be repeated. The lecture is very eye-opening, thank you for your time.

(8:05:11 PM) Tayna: is it possible to accumulate browsers through the copying application and in each of them their cookies will accumulate? cookies will not get anywhere further than the browser?

I apologize for skipping the line. in front of everyone. need to move away

(8:09:50 PM) partyboy: 1) identical, because they use the same system, but my attitude, in terms of * identical * is the place to be)

2) jailbreak does not give those room for modification of the device, which can be poured by the root on android. jailbreak - * parody * on root *

3) individually

4) only by tests

5) yes, you should strive for what inspires you and contributes to your enrichment, so that rustling rustles rustle in your pocket

6) yes

7) yes, mobile devices rule!

8) paranoia

(8:10:11 PM) yarah: 1.can you use Android emulator, such as Bluestacks on the computer?

2.from your experience, did it increase the chance of more successful carding using phone vs computer?

thank you

(8:11:37 PM) partyboy: 1) of course Bro, but more effectivly will be using REAL device, rather using emulators

2) yes Bro

(8:14:00 PM) SPARK_LQ: partyboy: 1. how to make a browser fingerprint?

2. Do you need to change the characteristics of the phone before each new drive in the same shop?

3. If safetynet pixelscan does not pass, what could be the problem? Does it affect the drives from the browser or only from the attachment?

4 . Haven't heard anything about McFly and his product?

(8:15:23 PM) panacash: What are the ways to work with FNS videos on android?

(8:16:23 PM) partyboy: 1) fake a phone via xprivacy or use the APP CLONER program - clone a browser with new fingerprints (works without root)

2) if in the same shop, from the same card, then it is not necessary, if you change the card, you change everything

3) it doesn't matter for the browser, for applications - yes

4) write to the PM on the forum)

(8:17:06 PM) Tayna: this is for every self-registration np for example

(8:17:48 PM) Goodman: Partyboy, scent for the lecture, I wasn’t present, sorry, but I’m familiar with mobile phones, even when only iphone 4 at & t came out, I unlocked them with a jail for money, worked in the service on firmware, but still, if you have any questions I'll write off in a personal ok?

(8:17:56 PM) partyboy: Mystery - yes) you can. APP CLONER

https://appcloner.app

(8:18:15 PM) Tayna: yes I mean him) the question was, do not cookies fall somewhere beyond the browser? partyboy

(8:18:21 PM) Tayna: ever cookie like on a computer. if you heard about them

(8:19:06 PM) Koba787: 1. Since we are talking about socks again, here is a purely personal opinion pliz, I understand that the lecturer, which is neutral, but nevertheless - apart from luxury - what kind of socks are suitable for work and are famous for maximum cleanliness? And by the way, socks and tunnels should also be meticulously selected?

2. Sobsna from mobile phones go to all those en directions: goods, hotels

3.How much is the topic with mobile phones younger than the classic))

4. Does it also have a lot of schoolchildren?;)

(8:20:35 PM) partyboy: 1) depending on where you hit and what kind of service, there are sites / shops that absolutely give a shit)

2) yes

3) xs Bro, I do not keep a chronicle))))

4) yes they are everywhere)

(8:22:09 PM) partyboy: socks are everywhere, good and bad

(8:22:18 PM) partyboy: keep 2-3 socks shops in stock;)

(8:22:32 PM) Izolentna: have a socks rating?

(8:22:35 PM) Izolentna: maybe

(8:22:50 PM) partyboy: check socks for blacklists

(8:22:50 PM) Izolentna: or try everything and search

(8:22:55 PM) partyboy: on f.vision website

(8:23:27 PM) panacash: What are the ways to work with FNS clips? I mean, an online store through a terminal, applications, this is understandable, but maybe some other ways?

(8:23:31 PM) Goodman: I need a zip, I've tested 10 socks

(8:23:34 PM) Goodman: or black

(8:23:36 PM) Goodman: or ping

(8:23:51 PM) partyboy: I can't say anything about the nfc, sorry, not my topic

(8:24:06 PM) Goodman: The computer is ready to crash the fucking 911

(8:24:19 PM) partyboy: goodman - check out socks at other shops

(8:24:20 PM) Goodman: Is Ping krety?

(8:24:30 PM) Koba787: Goodman: Wait) we still have to stream all night)

(8:24:33 PM) partyboy: zip does not have to match, all 5 digits are like

(8:24:41 PM) partyboy: the first 2 digits are already hbs

(8:25:44 PM) partyboy: Friends, who still have questions - reread the lecture, then think, then google, then write to me on the PM on the forum) I will answer everyone)

(8:26:10 PM) partyboy: dat_user1: When will the sphere be given?) - I know the dick) ask Mans) like by the end of training they will give

(8:26:51 PM) partyboy: Good luck everyone! ) And .. have a great weekend! ;)

Don't forget that we have a private channel with the most up-to-date information and material, please contact our support team @ouhom2 to enter

@rybakoshka
February 21, 2021, 07:25
0 views
0 reactions
0 replies
0 reposts