How To: Bypass Two-Way Authentication on Facebook with Android Script

Bypass Two-Way Authentication on Facebook with Android Script

Hi guys, this is going to be kinda like a follow up to my previous post on hacking facebook with the remote keylogger. If you haven't seen that post I suggest you do. So like you can click here. Anyway let's move on.

Even though people are the weakest form of security, some of them can get pretty smart to be honest. Let's say you managed to get someone's facebook password by any means.(By the way, if you wondering how you can do that, I'm referring you to OTW's post here ). But when you log in, you are told that you gonna receive an SMS....that's a huge red flag, if you don't have the person's phone because the person is gonna know that, someone is trying to hack me and you could get in trouble. That's the annoying thing about a not so new thing called two-way authentication. But today if your victim uses android, you have a way of defeating that easily.

Step 1: Creating the Broadcast Reciever

I'm gonna try as much as possible to explain this code. First of all, Broadcast Receivers receive They allow us to execute some code based on an event that has happened. In this case, when we receive an sms...So what happens is, when the victim gets an sms, it first checks if the sms contains the string facebook and then starts a service, forwarding the message content with it. You can add a code

abortBroadcast() right before starting the service so the person doesn't get a notification of the message. (Not too sure of it tho...:P)

Image via

Step 2: Creating the Servie

Now for the service. Services allow us to execute tasks in the background without a fancy interface. They pretty much do the same thing as Activities. An activity is what contains all the buttons and text views and cool stuff that we get to see and click and touch. We don't want our victim to get that luxury so we will use a service ;D..So what happens here is the broadcast receiver sends the message to the service and the service sends it to us.

Image via

Broadcast Receiver -> Service -> Hacker

By the way, make sure to change the phone don't want Elliot getting your messages now, do you?!

Step 3: Creating the Android Manifest

Finally, the Android Manifest is an xml file, where we define our permissions and activities and all the other here since we only have a Broadcast Reciver class and a Service class, that's all we will define in our Android Manifest file. Also we will need permissions to receive the sms and send sms as well, so we will define permissions for them. :D

Image via

Added Bonus( I :P)

Because this application doesn't have an activity, it won't be displayed in our home screen so no android icon..that's pretty stealthy....and but then it will still show up in the application manager, so I leave it to your imagination to change the name of the app to deceive your victim.

I also realised that the victim might have locked their phone and won't let you just run an apk on their phone. So here is also another work around for that: So you can install the app from recovery mode. Kinda like how Tyrell hacked that guy's phone in Mr. Robot.


Alright, so I have come to the end of my tutorial, I hope this helps. And please correct me if there are any mistakes, because I just started learning Android programming. Also, you can use this to hack Google Accounts by using the recovery option. And in case, you don't want to use your phone number, you can figure out a way to send it to your email and share with the rest of us. :D

Thanks for reading.

Wuzi out!!

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

1 Comment

Can I just at you to do it for me? I've been locked out for 4 weeks.

Share Your Thoughts

  • Hot
  • Latest