Both the paid and community editions of the Pwn Pad and Pwn Plug currently include dSploit: an extremely comprehensive security suite that can map networks, scan for vulnerabilities, crack network passwords, and even launch sophisticated Man-In-The-Middle attacks, all from a slick and intuitive graphical user interface. Licensed as free and open source software under the GPLv3, it was a natural addition to the stock firmware on the Pwn Pad and Phone.
But if you’ve been trying to use dSploit on your Pwn device recently, you may have been in for a surprise. At the end of 2014, principle dSploit developer Simone Margaritelli announced he was officially merging his project with zANTI from Zimperium. Running dSploit now throws up a message about upgrading to the free of charge zANTI 2.0.
Upgrading to zANTI
When you try and start dSploit, it will immediately throw up a message about updating to the latest version. You can say no and continue to use the version of dSploit that came with the device (which will continue to work as normal), and even disable the update check if you don’t want to see this message anymore. If you continue to use dSploit, be aware that it will no longer be getting updates. While that isn’t a problem now, there is no telling what will happen in the future. In the absolute best case, it will be behind the curve, and in the worst, it may stop working in future versions of Android.
But let’s assume that you’re onboard with the change from dSploit to zANTI, and you tap “Yes”. This will begin the file download which you can check by pulling down the notification panel. Once the zANTI package has downloaded, you can install it just like any other side-loaded Android application.
It’s worth mentioning that installing zANTI won’t actually remove dSploit from your device, the two applications are completely separate and can both be installed at the same time.
Note: If you are having problems with the automatic update or would otherwise just jump right to zANTI, you can download the APK directly here.
The first time you start zANTI, you’ll see a prompt asking if you want to give it root-level permissions. Due to the advanced nature of the tools and techniques zANTI makes use of, there’s no way to use many of its features without agreeing by tapping “Grant”.
You’ll then be asked if you are a Community or Registered user. You don’t need to register to use the application, so you can simply stay on the “Community” tab, check the box next to “I accept Zimerium’s EULA”, and then tap “Start Now”. On the following screen you’ll be asked if you want to register, but you can simply touch “Skip” to continue.
There are a few hints and tips that zANTI gives you along with a couple of screenshots you need to move through, and then finally you will be asked if you are authorized the perform penetration testing on the network.
The main screen in zANTI is the network map, which will begin populating with data as soon as you start the application. This will show you pertinent information about all the discovered hosts in your network, such as IP address, MAC, and open ports. Given enough time to complete its scan, zANTI will even list device manufacturer and operating system best-guess for each entry. A full network scan can take awhile, so be patient. There’ll be a sound and notification when it’s complete, so you won’t miss it.
Selecting any one of the entries on this main list will take you to the individual page for that device. From here you can enter in some notes about this device, perform a deeper Nmap scan, and launch exploits and vulnerabilities against it.
Selecting one of these exploits, in this case Main-In-The-Middle attack, you can see the wealth of options zANTI makes available to the operator. For MITM especially, there are some very impressive options to do things like intercept and replace data in real-time on its way to the targeted host.
While it isn’t up to the standard zANTI has set, there is an active fork of dSploit known as cSploit that was broken off of the main project when the merge with Zimperium was announced. For those who may want to hold off on jumping on the zANTI bandwagon, cSploit is probably the best option short of continuing to use the unmaintained final version of dSploit.