How to Bypass Two-Way Authentication on Facebook with Android Script
Hi guys, this is going to be kinda like a follow up to my previous post on hacking facebook with the remote keylogger. If you haven't seen that post I suggest you do. So like you can click here. Anyway let's move on.
Even though people are the weakest form of security, some of them can get pretty smart to be honest. Let's say you managed to get someone's facebook password by any means.(By the way, if you wondering how you can do that, I'm referring you to OTW's post here ). But when you log in, you are told that you gonna receive an SMS....that's a huge red flag, if you don't have the person's phone because the person is gonna know that, someone is trying to hack me and you could get in trouble. That's the annoying thing about a not so new thing called two-way authentication. But today if your victim uses android, you have a way of defeating that easily.
I'm gonna try as much as possible to explain this code. First of all, Broadcast Receivers receive broadcast...lol. They allow us to execute some code based on an event that has happened. In this case, when we receive an sms...So what happens is, when the victim gets an sms, it first checks if the sms contains the string facebook and then starts a service, forwarding the message content with it. You can add a code
abortBroadcast() right before starting the service so the person doesn't get a notification of the message. (Not too sure of it tho...:P)
Now for the service. Services allow us to execute tasks in the background without a fancy interface. They pretty much do the same thing as Activities. An activity is what contains all the buttons and text views and cool stuff that we get to see and click and touch. We don't want our victim to get that luxury so we will use a service ;D..So what happens here is the broadcast receiver sends the message to the service and the service sends it to us.
Broadcast Receiver -> Service -> Hacker
By the way, make sure to change the phone number...lol..you don't want Elliot getting your messages now, do you?!
Finally, the Android Manifest is an xml file, where we define our permissions and activities and all the other stuff...so here since we only have a Broadcast Reciver class and a Service class, that's all we will define in our Android Manifest file. Also we will need permissions to receive the sms and send sms as well, so we will define permissions for them. :D
Because this application doesn't have an activity, it won't be displayed in our home screen so no android icon..that's pretty stealthy....and but then it will still show up in the application manager, so I leave it to your imagination to change the name of the app to deceive your victim.
I also realised that the victim might have locked their phone and won't let you just run an apk on their phone. So here is also another work around for that: https://www.maketecheasier.com/create-android-apps-recovery-zip/ So you can install the app from recovery mode. Kinda like how Tyrell hacked that guy's phone in Mr. Robot.
Alright, so I have come to the end of my tutorial, I hope this helps. And please correct me if there are any mistakes, because I just started learning Android programming. Also, you can use this to hack Google Accounts by using the recovery option. And in case, you don't want to use your phone number, you can figure out a way to send it to your email and share with the rest of us. :D
Thanks for reading.