No ScreenShot
Phone Creeper which the author describes an an Espionage Suite has been recently released by chetstriker from xda-developers. I am thankful to the developer for pointing out such a vulnerability within the Windows Mobile operating system.
Currently it has the following features:
- secretly and remotely read incoming / outgoing sms
- secretly and remotely delete incoming / outgoing sms
- secretly and remotely view call history
- bounce sms messages off remote phone to someone else.
- create a pop-up message on phone
- send a secret fart sound
- secretly and remotely listen to person. (Initiates silent call back of person to your phone with thier speaker phone enabled)
- also send listening in call to somebody else’s phone
All results will be sent via SMS back without leaving any trace on the phone being controlled. Any cell phone can be used to initiate the commands and all commands will respond with a success message for acknowledgment.
Install Instructions :
Just install .cab on the victims wm5 or higher phone. THEN MAKE SURE YOU REBOOT TO INITIATE IT.
by default the password is “chetstriker“, obviously not including the quotes and BE SURE IT’S ALL IN LOWER CASE. The command format is (password and then command)
Commands :
Send the following text to phone with the app installed on it
To receive call history : chetstriker getcalls
To receive incoming SMS mesages: chetstriker getrecsms
To receive sent SMS messages: chetstriker getsentsms
To delete all SMS messages: chetstriker delallsms
To delete received SMS messages: chetstriker delrecsms
To delete sent SMS messages: chetstriker delsentsms
To wipe your storage card: chetstriker wipeflash
To send a fart: chetstriker fart
To send a pop-up message: chetstriker message “insert msg here, without quotes”
To bounce sms off phone to someone else: chetstriker bounce sms “phone number to send to” “message to send”
To send your eaves droping call to someone else: chetstriker bounce call “phone number to send to” “message to send”
To change password: chetstriker change “newpassword”
(Obviously change “newpassword” to be what ever password you want and don’t type the quotes.)
After you have changed your password, make sure you use the new commands accordingly. For example, if I changed the password to 1800pocketpc and wanted to get call history. I would from now on type: 1800pocketpc getcalls
If you find this tool useful, please donate to the developer.
Installing this app on others device might be a crime in many countries. So check your local Law before downloading and installing it.
Those of you guys running an AntiVirus application on your device see if it will block this application, do let us know what happens :)
When upgrading, you should uninstall it, reboot, reinstall and reboot again or alternatively you can stop the process mstask, reinstall and reboot again.
Ethical Statement from the Author :
I feel this program has started to stir up a little controversy and I wanted people to know why i’m creating this.
Sadly enough the main reason i’ve created this is just because I could and because it seemed challenging and different and fun. I don’t actually have anybody to spy on, nor would I want to.
I have this intalled on my own phone only and it can be used for various usefull purposes (more when i’m finished), such as retrieving addresses or phone numbers if I left my phone at home. Wiping sensitive information off if it was ever stolen or retreiving it’s gps coordinates if stolen.
And then of course there are the many bad uses.
This is just a tool, it can be used for good or bad depending on the intent of the user. For me this is just an exploration of what can be done.
Although (to my knowledge) a program like this hasn’t exist before. If not by me, it would be created by someone else eventually.
Not talking about or hiding and suppressing information about what can be done does not make anyone safer. In fact I believe it to be quite the opposite.
I will do my part after the creation of this program to create another program which can be used to help detect and stop programs such as these.
I will also release the full source code with it, for those who are curious or mistrusting. I am sadden to see in other web sites, that there are folk who are using my program to take a stab at XDA. Saying that the various developers here who are dedicating large amounts of time and energy into creating solutions, fixes and new forms of software (for free even), are without moral regard and nefarious. Also fears that ROMs are now not safe because they may be containing software such as this within it.
I would hate to attributed to giving XDA a bad name, we are dedicated to free software, information and exploration.
As mentioned earlier, I will release a ROM / PDA checking utility with full source code to quell these fears. In fact people will probably be safer than before for actually checking.
I don’t condone mal-intented use of my program, as I said before it’s because I can and it’s fun.
Sweet
Saijo George
TBW
bAN01TgAZ
MagooChris
Chris B
Stephen
{ 5 comments… read them below or add one }
The author, Mukku, is exactly correct. This needs to be published and hiding these functions doesn’t make us safer.
Kudos, Mukku. I look forward to seeing the ROM/checking utility and full source code.
You make me so proud !!! As I said before you are a genius !!
such a pity not everybody has got a win mobile phone…. :)))
Doesn’t work on HTC Touch Diamond2 (aka Topaz)
Can you guys recomend a droid alternative to creeper
{ 1 trackback }