Outbound SMS messages on device not being retrieved

[airwilb]

This is an issue with the

• [x] AhMyth Client

Describe the bug

When connected to a device and attempting to retrieve SMS messages, only the devices incoming SMS messages are retrieved. None of the device's outbound SMS messages (the texts sent from the device) are retrieved.

To Reproduce

Steps to reproduce the behavior:

1. Begin listening and connect to target device
2. Retrieve SMS messages from Victim Panel
3. View SMS messages and only incoming SMS messages are retrieved

Expected behavior

Upon SMS retrieval I expected that all SMS messages would be retrieved, incoming and outgoing SMS messages.

Client Issue

please complete the following information:

• Android Version: 10

Checklist

• [x] Is this really an issue?
• [x] Have I looked at previous issues to see if this has already been addressed?
• [x] Have I used some initiative to try and solve the issue myself?

[Morsmalleo]

I think I've discovered why you can't see outbound (sent) SMS's, if you look here in the screenshot of SMSManager.java file for the AhMyth Client, we can see that only the SMS Inbox is declared. It's the highlighted part where it says Uri.parse("content://sms/inbox"); 🙂 So this would explain why outbound (sent) SMS's are not being seen, so this should be relatively easy to fix hopefully

[airwilb]

I think I've discovered why you can't see outbound (sent) SMS's, if you look here in the screenshot of SMSManager.java file for the AhMyth Client, we can see that only the SMS Inbox is declared. It's the highlighted part where it says Uri.parse("content://sms/inbox"); 🙂 So this would explain why outbound (sent) SMS's are not being seen, so this should be relatively easy to fix hopefully

That make's total sense. Happy to hear it's something real simple like that!

[Morsmalleo]

I think I've discovered why you can't see outbound (sent) SMS's, if you look here in the screenshot of SMSManager.java file for the AhMyth Client, we can see that only the SMS Inbox is declared. It's the highlighted part where it says Uri.parse("content://sms/inbox"); 🙂 So this would explain why outbound (sent) SMS's are not being seen, so this should be relatively easy to fix hopefully

That make's total sense. Happy to hear it's something real simple like that!

Yeah, it actually made me laugh a bit when I seen it lol, I'll let you know once the update has been pushed officially to AhMyth

[airwilb]

So I'm guessing to call the sent messages it would be as simple as declaring "content://sms/sent"? I wonder if there's a way to write it so you don't have to specify in two lines of code that you want both the inbox and sent messages, just one code to call all SMS. Doesn't really matter to be honest but just curious.

Also I was thinking, is there anyway to have the SMS messages update automatically every time there's a new message? As it currently functions, you have to select the "get SMS" button and retrieve the messages all over again if you want to see if there have been any new messages. It would be really useful if the SMS tab would update automatically every time there's a change in the inbox

[Morsmalleo]

So I'm guessing to call the sent messages it would be as simple as declaring "content://sms/sent"? I wonder if there's a way to write it so you don't have to specify in two lines of code that you want both the inbox and sent messages, just one code to call all SMS. Doesn't really matter to be honest but just curious.

Also I was thinking, is there anyway to have the SMS messages update automatically every time there's a new message? As it currently functions, you have to select the "get SMS" button and retrieve the messages all over again if you want to see if there have been any new messages. It would be really useful if the SMS tab would update automatically every time there's a change in the inbox

Yes as well as a few more lines of coding as well, and don't worry I've already been working on auto updating the SMS tab 🙂

[airwilb]

Nice, appreciate the hard work!

[airwilb]

I'll experience rapid connection and disconnect sometimes, not sure why. It'll connect about 30-50 seconds disconnect and then in another 30 seconds connect again and this cycle continues sometimes for a long time and the connection is coming in through various different ports not the same port each time. I assumed it was due to poor mobile data connection, but I saw you mentioned AhMyth uses WiFI, so it never connects via mobile data or it can use either? I'm fairly certain I've been receiving connections via mobile data usually

[Morsmalleo]

I'll experience rapid connection and disconnect sometimes, not sure why. It'll connect about 30-50 seconds disconnect and then in another 30 seconds connect again and this cycle continues sometimes for a long time and the connection is coming in through various different ports not the same port each time. I assumed it was due to poor mobile data connection, but I saw you mentioned AhMyth uses WiFI, so it never connects via mobile data or it can use either? I'm fairly certain I've been receiving connections via mobile data usually

Couple of questions..

• How did you obtain AhMyth?
• Is this with a standalone payload or a bound one?

[airwilb]

I'll experience rapid connection and disconnect sometimes, not sure why. It'll connect about 30-50 seconds disconnect and then in another 30 seconds connect again and this cycle continues sometimes for a long time and the connection is coming in through various different ports not the same port each time. I assumed it was due to poor mobile data connection, but I saw you mentioned AhMyth uses WiFI, so it never connects via mobile data or it can use either? I'm fairly certain I've been receiving connections via mobile data usually

Couple of questions..

• How did you obtain AhMyth?
• Is this with a standalone payload or a bound one?

I installed AhMyth on my kali box as it says in the walkthrough, made sure I set it up exactly as recommended and had no issue. Built standalone APK and then transferred it to a server I use for file storing and downloading. Then with the target device, I downloaded the APK and installed. I also turned off Play Protect just in case, but based on other tests Play Protect on or off doesn't make a difference for succesfull installation of the ahMyth APK.

[Morsmalleo]

Can I see your AhMyth GUI please just so I know you're using the correct version

[airwilb]

[Morsmalleo]

Wrong directory for the package file you need to be in the app folder when you run that command

cat AhMyth/AhMyth-Server/app/package.json

But yes this is definitely the correct version, I just need to see the socket.io version with the command above

[airwilb]

Oops sorry, wasn't paying attention to what directory I was in. Here you go

[Morsmalleo]

Ok we're going to try something here run this command inside the AhMyth/AhMyth-Server/app directory you're in now

npm install --save socket.io@1.4.5

Run the CAT command again in the same directory

cat package.json

And show me the output so I can confirm the changes

[airwilb]

[Morsmalleo]

Ok run Server again and build yourself a payload now and see how it works after you install, if it still doesn't work I'll have to run some tests tomorrow

[airwilb]

Okay I'll give it a shot let you know how it goes.

Any downsides to downgrading the socket.io version?

[Morsmalleo]

Okay I'll give it a shot let you know how it goes.

Any downsides to downgrading the socket.io version?

No not that I can think of no

[airwilb]

Okay cool hopefully this solves the issue.

Any specific reason why this would help the situation? I just like understanding things I'm doing lol

[Morsmalleo]

Yes so currently the client is using socket.io-client-java v0.8.3 and the Server was using Socket.io V2.4.2... so if the problem is coming from socket.io it's most likely because of the version upgrade I made to the Server when I updated the servers socket.io version from 1.4.5 to 2.4.2

[airwilb]

Ah okay I see. Well I installed the new APK, and it connected and disconnected but that might be the disconnect on sleep bug its not connecting/disconnecting in a loop atm. But it's not connected at all right now device is in sleep mode so I'll know more tomorrow if the disconnect loop bug is still happening.

[Morsmalleo]

That's good the loop has stopped, Take the phone off of sleep mode, if it doesn't reconnect then open the payload application, let me know results!

yes the client really needs some work, all my work so far has been focused on the server... So these client reports are good it gives a me a list of what needs to be done

[airwilb]

Unfortunately the disconnect/connect loop is still occurring. I'm leaning towards this being a bug specific to this device (OnePlus 7Pro Android 10) or just poor wifi connectivity. On my other device (OnePlus 6t Android 9) the loop doesnt happen, but the wifi it's connected to is much more stable so again could be a wifi issue.

Any progress on the Outbound SMS issue?

[Morsmalleo]

Unfortunately the disconnect/connect loop is still occurring. I'm leaning towards this being a bug specific to this device (OnePlus 7Pro Android 10) or just poor wifi connectivity. On my other device (OnePlus 6t Android 9) the loop doesnt happen, but the wifi it's connected to is much more stable so again could be a wifi issue.

Any progress on the Outbound SMS issue?

Ok I'm going to jump on AhMyth in a few minutes and run a test on my own device which is a Vivo y11s running Android 12, also haven't managed to get to work on the SMS thing yet however I'm going to make a quick test update on that in about 10 minutes, so once I'm ready, I'll get you test this update to the SMS feature, if you feel keen?

[Morsmalleo]

Unfortunately the disconnect/connect loop is still occurring. I'm leaning towards this being a bug specific to this device (OnePlus 7Pro Android 10) or just poor wifi connectivity. On my other device (OnePlus 6t Android 9) the loop doesnt happen, but the wifi it's connected to is much more stable so again could be a wifi issue. Any progress on the Outbound SMS issue?

Ok I'm going to jump on AhMyth in a few minutes and run a test on my own device which is a Vivo y11s running Android 12, also haven't managed to get to work on the SMS thing yet however I'm going to make a quick test update on that in about 10 minutes, so once I'm ready, I'll get you test this update to the SMS feature, if you feel keen?

If I face this problem I'll open a fresh issue template about it

[Morsmalleo]

Unfortunately the disconnect/connect loop is still occurring. I'm leaning towards this being a bug specific to this device (OnePlus 7Pro Android 10) or just poor wifi connectivity. On my other device (OnePlus 6t Android 9) the loop doesnt happen, but the wifi it's connected to is much more stable so again could be a wifi issue.

Any progress on the Outbound SMS issue?

This must be a problem with your network bro, because everything is working fine on my end, I'll try to upload a video here to show you

[airwilb]

Yeah that's what I'm thinking as well because every other device I've tried hasnt had this issue, but this OnePlus is usually around crappy wifi so I'm guessing that's the issue.

There's other issues on that device that I didnt mention because I don't care about the features but camera and mic doesnt really work, I know in Android 11 the new update means the camera/mic could only work if the app was open but this device is on Android 10 and the camera and mic never work. Camera and mic work fine though on my other OnePlus running Android 9. So maybe there's something about this specific phone, I'll play around with the settings see if there's something causing any of these issues on the phone.

Oh I wanted to ask you, the other day you mentioned AhMyth connects through WiFi I understand that. But can it connect through mobile data? or is there a setting preventing mobile data connection?

And I'll be on the computer for the next few hours so if you want me to test anything new that's fine.

[Morsmalleo]

For the camera and mic to work the payload needs to actually be open, i plan on fixing this in the future anyway here's the Connection Test video I made for you hopefully it works, it was to big to upload to github, the link to it is below

https://easyupload.io/nipzqs

[airwilb]

For the camera and mic to work the payload needs to actually be open, i plan on fixing this in the future anyway here's the Connection Test video I made for you hopefully it works, it was to big to upload to github, the link to it is below

https://easyupload.io/nipzqs

I was pretty sure that the camera and mic only working if the payload is open was a change that started in Android 11. Android 10 and below doesnt need the payload to be open, tested it myself on Android 10 and 9. But that's why I found it odd that the OnePlus 7pro camera and mic weren't responding since it theoretically should because it's running Android 10

[Morsmalleo]

For the camera and mic to work the payload needs to actually be open, i plan on fixing this in the future anyway here's the Connection Test video I made for you hopefully it works, it was to big to upload to github, the link to it is below https://easyupload.io/nipzqs

I was pretty sure that the camera and mic only working if the payload is open was a change that started in Android 11. Android 10 and below doesnt need the payload to be open, tested it myself on Android 10 and 9. But that's why I found it odd that the OnePlus 7pro camera and mic weren't responding since it theoretically should because it's running Android 10

It seems that some models adopted this around android 10 but wasn't officially implemented until android 11

[Morsmalleo]

Also the SMS bug is going to take me a while, so for now if users feel it would be better, I can switch it, so you can see what messages the victim has sent instead of seeing what messages the victim recieves, until I can eventually integrate both

[airwilb]

For the camera and mic to work the payload needs to actually be open, i plan on fixing this in the future anyway here's the Connection Test video I made for you hopefully it works, it was to big to upload to github, the link to it is below https://easyupload.io/nipzqs

I was pretty sure that the camera and mic only working if the payload is open was a change that started in Android 11. Android 10 and below doesnt need the payload to be open, tested it myself on Android 10 and 9. But that's why I found it odd that the OnePlus 7pro camera and mic weren't responding since it theoretically should because it's running Android 10

It seems that some models adopted this around android 10 but wasn't officially implemented until android 11

ah okay that makes sense.

Also the SMS bug is going to take me a while, so for now if users feel it would be better, I can switch it, so you can see what messages the victim has sent instead of seeing what messages the victim recieves, until I can eventually integrate both

I had a feeling it would be a bit tougher to figure out than it seemed. Are you going to have to make a separate tab in the victim lab for outbound messages is that what the issue is?

[Morsmalleo]

For the camera and mic to work the payload needs to actually be open, i plan on fixing this in the future anyway here's the Connection Test video I made for you hopefully it works, it was to big to upload to github, the link to it is below https://easyupload.io/nipzqs

I was pretty sure that the camera and mic only working if the payload is open was a change that started in Android 11. Android 10 and below doesnt need the payload to be open, tested it myself on Android 10 and 9. But that's why I found it odd that the OnePlus 7pro camera and mic weren't responding since it theoretically should because it's running Android 10

It seems that some models adopted this around android 10 but wasn't officially implemented until android 11

ah okay that makes sense.

Also the SMS bug is going to take me a while, so for now if users feel it would be better, I can switch it, so you can see what messages the victim has sent instead of seeing what messages the victim recieves, until I can eventually integrate both

I had a feeling it would be a bit tougher to figure out than it seemed. Are you going to have to make a separate tab in the victim lab for outbound messages is that what the issue is?

Oh no it will all be in the same tab when it's fixed, but for no what I mean is I can make it so users can see the victims outbound messages only for now instead of the victims recieved messages until I fix this bug

[Morsmalleo]

Fixes for this will be available in version 1.0-beta.5, which will be released on an Unknown Date of 2023 hopefully

[Morsmalleo]

could not implement the fixes for this in beta.5, but I'm jumping on to this issue next week.

[Morsmalleo]

Finally sorted this one out, these new features will be released with the upcoming version that will be released in time