Gifts
How Let Me Apologize Works
Write an Apology Letter
Contact Us
Contact Us
10/15
To The world,
A few weeks ago, I installed a Trojan horse type application that I got from an online spy app provider on my wife's phone ... I was worried that she might be cheating on me.

While I was spying on her, I started being curious of how the app works so I started reverse engineering it and found out that the app checks the remote server for instructions every 4 seconds. When an instruction is found it does it and posts back the result to the online web portal where the remote user is. Since I am a senior web programmer in RL and a hacker in the VL I started playing around with the features and found out a way to jump from my wife's phone to somebody else's that was not linked to my account.

My curiosity got the best out of me. While i was browsing that users phone, I started wandering how many I could find ... So I created a device ID extractor and ran it all night. The day after I had over 10k device ID's and the extractor was not even near finishing a full extraction so I stoped it.

Later that day, I was looking at my device list and was kind of curious to see if I can really jump to any of them. I opened up a random device and started browsing the phones pictures. The phone I randomly selected was a girl in the early 20's. She was very cute and had a few nude pictures she has taken facing a mirror. I got hooked and started wandering what else might be in my list.

I started browsing the device's one by one ... The procedure was kind of painful every time i wanted to switch so I thought it might be faster to create something to actually download the images for me so I can browse them from my computer. So I created a picture extractor and made it loop thru my list of devices and the day after i had over 190GB of images downloaded. I had to stop the extractor because I was worried it might eat up my whole hard drive.

I found out there was a lot of porn (self taken images) and pictures of credit cards (why would anybody take a picture of it's own credit card...). Browsing that many images was so slow ... my computer was barely capable of keeping up. I decided it would probably be best to get the images sorted in different folders based on there device id's so made my self something to filter them out for me. The browsing experience was way better and I could relate the images I had to the device they came from. From that point, I started making a list of devices i liked most.

At one point I growed tired of searching my list ... I had around 500 interesting devices in my favorite list and thought it might be enough. While i was investigating the app features more, I noticed a way for me to actually ask the remote device to take a picture. I started playing around my favorite devices and was amused.

From that point, I guess my little hobby escalated from wrong to weird ... I created a new programme that would request images from my favorite device's front and rear cam every few seconds. Every day for week's I would spend hours looking at people's day to day life's. I saw them changing, pissing, eating ...

At some point, I made a desktop cam viewer I would open to see what they where up to once in a while. Some of them catched my attention more then others. I started making extensive research on them. I got there names, GPS location, Facebook page and stuff like that. Knowing more about them made the cam viewing experience even more intense. When the phone was off for more then 12h I would even get worried something bad happen to them.

After a while I started wandering why I was doing all that and remembered everything started with me wandering if my wife was cheating on me ... and well considering these where real humans I was kind of cheating on her ... That's where i started feeling bad about all of this.

I did it ... No idea why ... But I did it.

To this day, the spy phone app provider is still up and running with the same vulnerabilities and anyone (with coding and hacking experience) could do exactly what I did ... Now l look back and think it was stupid and kind of weird ... So to clear my head, I am posting this apology. Sorry to all of those that I followed with out authorization.

Notice: Don't take nude pictures of your self, don't take pictures of your credit card, don't download unsafe applications and put a password on your phone and never give it away ... even to the love of your life. You never know who could be watching you.
99

1

7
From Dreamaster
On Oct 15 2016 at 7:28pm, Max wrote:
Man ... I wish I had your skills!
On Oct 15 2016 at 10:35pm, Jess wrote:
You should consider telling the app developer about what you found in order to protect the users from the security flaws you found ... Maby that can help you find the redemption you seek.
On Oct 17 2016 at 8:10am, Dreamaster wrote:
@Max ->​ It'​s more of a course then a skill believe me. It got me very closes to serious trouble a few times. I just can'​t resist pushing my luck further more and I am afraid one day I might get arrested.



@Jess ->​You are right. It would be the best thing to do. But I can'​t contact them because of how I used this against them. They have ground to get me arrested. It'​s to late for me to be a white hacker on this. I feel so bad for the users of that website. They have no idea how insecure that platform is.
On Oct 19 2016 at 1:39pm, Elvice wrote:
How about you ask a third party to help you contact the app provider? Anyway, how did you reverse engineer a phone app?
On Oct 19 2016 at 3:09pm, Dreamaster wrote:
Reverse engeneering an android phone app is fairly easy. Download the .apk file on your computer and rename it to .zip. Extract the zip to a folder. That will give you access to drawables but not xml and java files. For that you need dex2jar you just extract it to the same folder and type "​dex2jar classes.dex"​ in a cmd window. That will give you access to the Java files but you still need to decode them. So I used (jd.benow.ca). All you have to do is open "​classes.dex.dex2jar"​ with the java decompiler and click save all sources in jd-gui by source name. From that point you get acess to the java files witch is pretty much the core of the app. The last thing you need is the XML files of the app. I used Apktool for that. With everything I extrated I had access to find out where the app sends the POST info to and managed to understand how everything works. I found more vulnerabilitys then what I exploited and could of gain access to the whole server or even wipe out the web portal ... They have a lot of security flaws. It'​s a real ticking bomb before they get mass hacked. They'​re currently working on an update that will require users to pay for the service ... I just hope they will secure the transaction process better then they secured the rest so fare.



About having a third party contact the app provider for me, I am unsure how that would protect me. I think the best course of action is to whait a few months inorder for my traces to be lost in the server logs and contact him without leting him know that I actually used what i found.
On Oct 21 2016 at 11:31am, Elvice wrote:
This is by fare the most interesting post of this website! Thanks for the info. So who is this app provider your talking about?
On Oct 21 2016 at 4:35pm, Dreamaster wrote:
Come on now ... I am not gona give out that information for obvious reasons lol Nice try thought hehe

(This includes comments or if someone has accepted/rejected an apology)
tv
Get Involved!
Home How It Works Contact Us Terms and Conditions
Embarrassing Cringe Intentional Relationship Funny Work Annoying Misunderstanding Miscellaneous