Carder
Professional
- Messages
- 2,619
- Reaction score
- 1,935
- Points
- 113
Carding training 2021
Lecture - "Android"I would single out 2 types of work with android:
1) for those who do not want to dig too much - this is by driving from the browser
2) by driving from the application, the option is more difficult, but in general it can be useful to everyone.But
in any case, to work with android, you need to get root is right.
I always do this through Kingo root (google), download the apk file and install, the simplest and most effective method of obtaining root rights.
Now I will throw off the list of programs for working with android and go over them:
Kingo root
xposed installer (framework)
device id changer Pro
Proxy Droid
DNS Forwarder
xprivacy
ccleaner
root cloak
Location cheater
And so, what they are for:
The basis for carding from applications on a bucket is the xposed framework. This is a system program for changing firmware settings (OS versions). We will touch on it in the parsing of the drive from the
device id application changer Pro changes the data about the hardware of your phone (imei) and other parameters, this is the xposed frameworka
Proxy droid module - we put socks through it, I do not work with tunnels and I do not advise you
DNS Forwarder - in the proxy droid, sometimes the connection of dns from socks does not work correctly (just the Internet does not work on the phone) for substitution we use this application
ccleaner I think everyone knows, it is convenient to clean garbage on the phone
Location cheater - serves to substitute the
root cloak location data (framework module) serves to hide from other applications that the phone has root rights
xprivacy is a program that replaces a sim card and not only, it either allows or prohibits all applications from seeing certain information. In addition to it, I recommend the sim card application, on it you can hone what to prohibit and what to allow applications to see so that they display correct information about devices.
All applications above (except for the cleaner) do not work without root rights.
Let's start parsing the drive with applications
We put the xposed installer after we got the root rights, and through it we install the framework. I will say right away that here we will face the difficulty of installing a framework, we need an android on version 4.4.4 (the easiest way to install this program on it) on versions above is extremely problematic to do this, but if you know how to install custom recovery and flash archives, you can try. Otherwise, I advise whoever has the firmware higher, roll back the bucket to 4.4.4 or take it to the service center and they will flash it there, it's not expensive. Plus 4.4.4 is much more convenient to work with than the versions above.
But the link to w3bsit3-dns.com there you will find an installer for 4.4.4. (And versions above) http://w3bsit3-dns.com/forum/index.php?showtopic=425052
After installing the xposed framework, we install the following programs:
device id changer Pro, namely Pro
Proxy Droid
DNS Forwarder
ccleaner
Location cheater
These all programs are downloaded in the
xprivacy
root cloak playmarket
These programs are downloaded by the xposed installer, go to the download section and look for them there and install.
Well, an important note. apkpure.com immediately bookmark the site and download the sim card application (green sim card on the shortcut).
When you have installed all of the above programs, you need to go to the xposed installer, the modules section and check the boxes on all modules (device id ch / root cloak / xprivacy)
Then go to the framework section and press a quick reboot so that the modules are installed, if the modules are not done will not work correctly.
At this stage, our android itself is almost ready for carding.
Now I'll tell you a little about the xprivacy module, a very useful thing when you work with serious shops, banks, etc., personally I use it to replace a SIM card, in fact it has more opportunities.
We go into it and go to the parameters section, touch only those values that are associated with the sim card
phone number
MCC
MNC
country code
operator
ICC ID
Subscription ID
Let's take the number 4356681778 as a basis, if someone adjusts to the holder and he needs to break through the operator, go here http://www.whitepages.com
What is MCC, you can read it here https://ru.wikipedia.org/wiki/Mobile_Country_Code, from the same page you can take the value for our parameter in the program
MNC is the operator's code, you can also see the code of the required operator (the required country) here https://en.wikipedia.org/wiki/Mobile_country_code
Country and operator everything is clear here.
Now what is the icc id and subscription id, and how to write it
icc id is the serial number of the SIM card, which always consists of 19 digits
http://prntscr.com/d27lq9
Now we look at the first 2 digits 89 are always set by default, this applies to industry, its identifier.
Next, what is highlighted is the country code, 1 to 3 digits long http://prntscr.com/d27mnh
For yus it is 01, for other countries the values differ.
Since we are adjusting to the USA, the first 4 digits in the ICC ID value will always be 8901, and the remaining 15 digits can be written randomly.
Subscription ID (in xprivacy) In general, this is called sim imsi. How to register it. We look at the picture http://prntscr.com/d27o1f, it always consists of 15 digits, First we register the value of MCC, then MNC, then we write the rest of the digits randomly so that in the end there are 15 characters in this field
How to make the data change when you install new application, xprivacy throws a notification, and the data that needs to be changed, click on the deny button
And this is where the sim card application comes in handy, which will help you get your hands on what values to replace.
Now I will describe how it is driven.
We put the socks5 in the proxy droid. There we register ip, port, do not forget to indicate the type of proxy, also try to check the box so that the dns is from the sox, but if the Internet does not work, turn off this option and everything will work (if the sox is not dead) and turn it on.
We go to whoer.net, look at what time zone, go to the settings, set the time zone and language under the holder.
If dns does not work through the proxy droid, then go to the dns forwarder, select the ip and turn it on.
Then in the location cheater we set the coordinates, I usually put it a couple of meters from the desired address (under the ip or spike).
We go back to the vhuer and see if everything is fine.
If flied socks, turn off the Proxy the droid, DNS forwarder and a cheater, and to re-include them, this does not happen on all devices, but personally I get things worked a couple of times switched on and off the bend, annoying, but what can you do)
to check if location cheater works or not, download google map, and look there (press the button my location).
If everything works, then download the required application.
Then we open the root cloak.
We go to the root of the cloak, go to the first section (add / remove an application), click on the plus sign, and look for our application, after that, to save the settings, go to the xposed installer, the framework section, and click on quick restart. After that, even if you delete this application, it will remember the root of the cloaca and do not need to do this every time.
After driving, in order to start the next one, you need to go to the device id changer, in the first section of the device id, click random all and apply, then go to the xposed installer section of the framework, and click a quick reboot so that the hardware changes
And so we actually learned how to replace data, hardware and etc.
Now we reinstall the application and drive it in, do not forget to change the data in xprivacy
If you need to conditionally beat the stick with brute force and so that every time you do not download the application, do not register Google account, which is very tiring, we use the apkpure.com site, where you can download the application and add it to your phone.
That is, how did the acc work, deleted the application, changed the data, rebooted the device, just install the application again
Now let's move on to driving from the browser
Everything is much simpler here, in general, any version of android is suitable for work
To work with the browser, we need:
1) The browser itself (chrome, firefox, native phone browser, etc.)
2) ссleaner (or an application manager is a priori on every android)
3) proxy droid
4) DNS Forwarder
5) Location cheater (browsers generally request gps data, it makes sense to change coordinates for ip)
In the case of working with a browser, it is not necessary to change the hardware, but it is advisable to reinstall the browser and clean it by
driving in almost the same as with the app, just missing the point, with the device id changer / root cloak / xprivacy
mostly hit with Mozilla (since there webrtc switched off as well as on your computer), or with the native browser (the new versions of the bucket on - redkost)
Cleaning: cache (and history) via ccleaner or application manager after each drive is required.
To search for different versions of the browser for driving in, go to apkpure.com, look for browsers, and there will be their previous versions
In general, Tunnel Bear is convenient (download it to google play), everything is intuitive there, turn it on in front of the proxy!
-------------------------------
Lecturer: partyboy
(6:37:11 PM) partyboy: Hello everyone!
(7:01:42 PM) partyboy: Everyone got ready to read carefully and immerse
themselves in the flow of information) (7:02:45 PM) partyboy: Android devices (like the iphone) have recently been gaining more and more popularity among the workers of our specialty and in general, people use gadgets more than ordinary PCs.
Competently driving through applications (flowers, banks, shops, etc.) - we can achieve a high percentage of transactions. In general, we do it by driving either through applications that we download from the google market, or through the browser (built-in by default or downloaded (opera, mozilla, etc.)
(7:05:33 PM) partyboy: Any application (or site) requests different information from the device and transfers it to the store / merchandise. Apps usually collect a lot of additional information from the device
(7:07:31 PM) partyboy: They (apps) can see your geolocation, wifi networks around the device and deeper things: device serial number, MAC address, build number, kernel version, etc. .d (application, if anyone does not understand, this is any thing downloaded from the google market. instagram is an application, a game is also an application, a browser is an application too =))
(7:07:59 PM) partyboy: Our task - be able to change all these parameters on the device, depending on the specific drive!
(7:08:55 PM) partyboy: If we bring to mind the settings of our device, then our device will please antifraud)
(7:09:42 PM) partyboy: I will not load you with the technical aspects of setting up the phone-tablet, I will tell you right away - everything solutions, answers to questions - this is all the great site w3bsit3-dns.com (add to bookmarks)
(7:10:08 PM) partyboy: I'll try to convey to you the main base of the drive through the device.
(7:10:57 PM) partyboy: In order to spoof the device information of the tablet phone for carding, we need to have root access on it
(7:11:35 PM) partyboy: Root is like an administrator account in Windows or superuser in Linux, which allows you to do almost anything you want with the device.
(7:12:42 PM) partyboy: What does root give us?
(7:13:13 PM) partyboy: Ability to operate the phone settings, up to changing the poppy address, changing the gps location, changing the serial number, changing our device to the outside world
beyond recognition (7:14:11 PM) partyboy: And so, first, we need to have a device on hand that runs on the android system.
(7:14:38 PM) partyboy: The first thing we do is put root on our device
(7:15:39 PM) partyboy: The non-system (modern) root wrapper is the Magisk program.
(7:17:09 PM) partyboy:
(7:17:24 PM) partyboy: Watch this video after the lecture to gain basic knowledge and understanding of what root and magisk are
(7:18:52 PM) partyboy: I repeat - first of all, find your device on w3bsit3-dns.com and look in the forum thread about magisk and configuring / installing it, because each device is configured in the same way, but has its own peculiarities / nuances
(7:20:52 PM) partyboy: From myself, I will say that the easiest way is to install magisk, and in general * pick * devices from the series samsung galaxy tab 2 10.1, galaxy s3 \ 4 \ 5, etc. (roughly speaking up to androyd version 7, although devices with version 10-11 on board can also successfully rut and are also subject to change)
(7:21:41 PM) partyboy: don't ask me which phone / device I can recommend for driving) - choose yourself, see 4pda.ru)
(7:22:06 PM) partyboy: next
(7:22: 46 PM) partyboy: Putting root as magisk on your device, then you should install the xposed framework (or edXposed framework, depending on the phone)
(7:23:14 PM) partyboy: What is the Xposed Framework?
(7:23:55 PM) partyboy: This is an add-on for Android that provides ample opportunities to customize installed applications and the OS itself.
Directly in Xposed itself, we can install various modules, ranging from those that change the splash screen when the phone boots up to deep customization and changing data inside the device.
For example: fake gps location, change poppy address, build number, android version, etc
(7:24:03 PM) partyboy: https://upload.wikimedia.org/wikipedia/commons/5/54/Xposed_Framework_screenshot.png
(7:24:11 PM) partyboy: This is how the main xposed framework looks like
(7:26:19 PM) partyboy: Next
(7:27:46 PM) partyboy: To * shaman * with device settings and change data, we need to install the Xprivacy module inside xposed (or other modules that you find inside xposed, there is a directory)
(7:28:00 PM ) partyboy: https://airteltrickz.sextgem.com/im...20Tutorial%20with%20Screenshot]%203_thumb.png
(7:28:26 PM) partyboy:
(7:28:47 PM) partyboy: Watch this video about Xprivacy after the lecture
(7:29:06 PM) partyboy: So
(7:29:14 PM) partyboy: Now let's refresh our brain and remember the sequence of our actions:
(7 : 30: 16 PM) partyboy: We buy the device => set root (magisk) => set the xposed framework => set up Xprivacy (+ other modules)
(7:30:56 PM) partyboy: We're half way there =)))
( 7:31:49 PM) partyboy: Now we need to think about how we will spoof our IP to look like we are KX)
(7:32:12 PM) partyboy: There are several options:
(7:34:29 PM) partyboy: 1) via VPN (download any application, paid / free, connect to vpn and work). The most important thing in this option, as in others, is that we need all traffic / data from the device to go through the proxy \ tunnel \ vpn. Usually this is a button in the application - redirect all traffic or something like that.
2) through socks. To do this, we install the Proxydroid program, it is ideal for these purposes. If, when checking on whoer.net, DNS is fired, then we install the DNS Forwarder program in addition, specify the necessary dns in it.
3) SSH tunnels. Here everything is more complicated, but solvable. In my personal long journey of getting the right solution, I settled on a program called ki4a.
(7:35:55 PM) partyboy: Overall, to keep things running smoothly, my advice to you is to use a second device to connect to the proxy / tunnel.
Whether it's a phone or a tablet.
It will act as a router and our device for driving will connect to it via wifi or bluetooth, as if we are a Pindos who connected to their wifi at home)))
(7:36:46 PM) partyboy: Read my author's article, everything with pictures is described in detail in this regard:
(AFTER THE LECTURE)
(7:38:24 PM) partyboy: You can, of course, configure a regular router or microcomputers of the raspberry PI series (raspberry is also called it) so that it distributes wifi in the room, the traffic of which goes through a proxy ...
But this requires either perseverance or money)
(7:38:48 PM) partyboy: The choice is yours anyway, always !!!!!
(7:39:58 PM) partyboy: There are no perfect solutions - there are only working brains, straight arms, and the pursuit of goals
(7:44:02 PM) partyboy: Once you have successfully connected to your proxy and on whoer.net + f.vision checker everything is clear - then register the google device account. It is enough to go to the play market (or when you turn on the phone for the first time) and you will be offered to create an account yourself.
(7:44:35 PM) partyboy: We make an account accordingly (as a geray) under the cardholder.
(7:45:31 PM) partyboy: If your proxy is clean and the device is clean, then you will not be asked for SMS confirmation, or even more captcha. (so, for example, I register google accounts * left and right *)
(7:46:02 PM) partyboy: This completes the system setup and preparation for work!
(7:46:18 PM) partyboy: NEXT
(7:46:34 PM) partyboy: Now we decide how and where to drive.
(7:46:54 PM) partyboy: There are two options: through the browser or through the apps.
(7:47:44 PM) partyboy: There are a huge number of applications, all of them stupidly find in the google market (for example, you can drive in a virtual number, the application is called PHONER)
(7:48:35 PM) partyboy: Use either the default browser, which is already in the system, or another, it's a matter of taste, as they say (you can download the opera, mozilla, dolphin browser, etc.)
(7:49:22 PM) partyboy: But, before launching any application or entering the browser - we MUST check that the xposed and xpivacy services are successfully launched on the system + we are connected to the proxy (check f.vision and whoer. net your ip)
(7:49:37 PM) partyboy: After launching any application, the xprivacy module will issue the following notifications:
(7:49:47 PM) partyboy: https://www.naldotech.com/wp-content/uploads /2015/02/xprivacy-xposed-lollipop-module.jpg
(7:50:00 PM) partyboy: In the photo, on the left, in the red alert, the xprivacy module tells us where the app wants to * look * and what to do about it. Deny \ Allow \ Configure
(7:50:24 PM) partyboy:
(7:50:36 PM) partyboy: This moment is shown here in detail
(watch after the lecture)
(7:52:21 PM) partyboy: There is a request to access your google account? Great, let's go. We registered our device on CH)
(7:52:29 PM) partyboy: Asks about GPS? In xprivacy, we change the coordinates.
(7:52:35 PM) partyboy: And so on)
(7:53:00 PM) partyboy: The more the app knows about you and your device, the more trust you get when buying
(7:54:10 PM) partyboy : You can think of this as a kind of * verification *.
All shops / merchandise have long been suspicious when a person from an ordinary computer under Windows 7 makes an order.
More confidence in mobile devices
(7:55:32 PM) partyboy: Look after the lecture for another article of mine on the forum:
(7:56:09 PM) partyboy: There I tell you how to change the agent's username in the browser for android (without root
)(7:56:43 PM) partyboy: In general, we are ready to drive in, but remember - after each carding (via the application), you need (preferably) reset the device to factory settings and register a Google account from a clean system, etc.
(7:57:27 PM) partyboy: But in order to minimize the time spent, I advise you to make a system backup.
This is done easily - either through a device recovery (read w3bsit3-dns.com), or through the titanium backup pro program.
(7:58:00 PM) partyboy: Driven into different applications => reset the phone settings to factory settings => downloaded a backup and voila - all programs seem to have just been installed)
Saves time decently
(7:58:27 PM) partyboy: Now)
(7:59:04 PM) partyboy: We smoke, swear and ask me questions) (in turn, put +)
(7:59:26 PM) Tayna: is it much worse if you don't distribute wi-fi, but write the sox directly on the device and work?
by the degree of fraud - the browser is much weaker than the application. right?
How do PP self-registers behave from a mobile phone? have experience?
(8:00:51 PM) partyboy: 1) no worse, but on some devices there may be traffic leak * by * proxy
2) true, applications are more trustworthy
3) did not work with a PP, but as far as I know, self-registers in times better than with a computer)
(8:01:04 PM) Izolentna:
1) [08:36:05] <partyboy> In general, to keep everything running smoothly, my advice to you is to use a second device to connect to the proxy / tunnel.
Whether it's a phone or a tablet.
Not understood. Should we have another device that will distribute?
Why can't you use Wi-Fi in a cafe, for example?
2) When we drive and check the ip on the computer and everything else in f.vision, we clear the cookies. You don't have to do this here?
3) How often do you need to change devices?
(8:01:34 PM) Izolentna: I know the questions are stupid. But you need to know the answers : D
(8:03:00 PM) partyboy: 1) yes. Wi-Fi in a cafe will give you an ip, and your task is to have a Pindos ip
2) you also need to clean cookies, everything is like on a computer
3) I change once a week)
(8:03:42 PM) OTJlU4HUK: On the second device we put any SIM card operator and change it once a month?
(8:04:07 PM) OTJlU4HUK: but the fucking device still needs to be changed ... ok let's
go (8:04:11 PM) partyboy: you don't have to put a SIM card, you can also connect
via wifi (8:04:42 PM) goldenbaum : 1. Why iPhones and poppies are identical - is it your preference - or a subject matter - or what was meant?))
2. Is a jailbroken iPhone better than a rooted android - purely statistically? Or is there no fundamental difference?
3. The question is already purely hypothetical - the newer the phone, the more expensive - the more trassty?)
4. Are there any recommendations on how to tie up the CC in the NFS?
5. There is a shop or an aggregator (for example, Farfetch) - put the application + if there is a log stolen from this service of a real user + payment from NSF = super fucking situation worth striving for?)
6. And still, if I'm ready to fucking jailbreak - iPhone will be more justified for antifraud?)
7. Is it possible to extrapolate the scheme of working with mobile devices - as the most effective method for today - in all such cases except for driving?
8. Are there any lists of serial numbers of devices - which were determined in which country they were sold - in theory, you can replace the serial number in all these pieces that you described -> respectively, set the number more accurately under CH -> or is it already paranoia?
Sorry, the questions could be repeated. The lecture is very eye-opening, thanks for your time.
(8:05:11 PM) Tayna: is it possible to accumulate browsers through the copying application and each of them will accumulate their cookies? cookies will not get anywhere further than the browser?
I apologize for skipping the line. in front of everyone. you need to move away
(8:09:50 PM) partyboy: 1) identical, because they use the same system, but my attitude, in terms of * identical *, is the place to be)
2) jailbreak does not give those spaces for modifying the device that the root can on android. jailbreak - * a parody * of the root *
3) individually
4) only by tests
5) yes, you should strive for what inspires you and contributes to your enrichment, so that the rustling rustles in your pocket
6) yes
7) yes, mobile devices rule!
8) paranoia
(8:10:11 PM) yarah: 1.can you use Android emulator, such as Bluestacks on the computer?
2.from your experience, did it increase the chance of more successful carding using phone vs computer?
thank you
(8:11:37 PM) partyboy: 1) of course Bro, but more effectively will be using REAL device, rather using emulators
2) yes Bro
(8:14:00 PM) SPARK_LQ: partyboy: 1.how to browser fingerprint?
2. Do you need to change the characteristics of the phone before each new drive in the same shop?
3. If safetynet pixelscan does not pass, what could be the problem? Does it affect the drives from the browser or only from the attachment?
four . Haven't heard anything about McFly and his product?
(8:15:23 PM) panacash: What are the ways to work with FNS videos on android?
(8:16:23 PM) partyboy: 1) fake a phone through xprivacy or use the APP CLONER program - you clone a browser with new prints (works without root)
2) if in the same shop, from the same card, then no need, if you change the card - you change everything
3) for the browser it does not matter, for applications - yes
4) write in the LAN on the forum)
(8:17:06 PM) Tayna: this is for every self-registration, for example
(8:17:48 PM) Goodman: Partyboy, from the heart for the lecture, was not present, unfortunately, but I was familiar with mobile phones, even when only iphone 4 at & t came out unlocked Jail them for money, worked in the service on firmware, but still, if there are questions in a personal, I'll write it down ok?
(8:17:56 PM) partyboy: Mystery - yes) you can. APP CLONER
App Cloner - Official Home Page
Welcome to the official home page of App Cloner. App Cloner lets you create & install multiple copies of Android apps and safeguards your privacy and identity. App Cloner is the only multi-account app that creates true, installable clones. Follow @AppCloner on X to get notified about new...
(8:18:15 PM) Tayna: yes I mean him) the question was, do not cookies fall somewhere beyond the browser? partyboy
(8:18:21 PM) Tayna: ever cookie like on a computer. if you've heard about them
(8:19:06 PM) Koba787: 1. Since we're talking about socks again, here's a purely personal opinion pliz, I understand that the lecturer is neutral, but nevertheless - apart from luxury - what kind of socks are good for work and are famous for maximum cleanliness? And by the way, socks and tunnels should also be meticulously selected?
2. from mobile phones all those directions come in: merchandise, hotels
3. how much younger the topic with mobile phones than the classic))
4. Does it also have a lot of schoolchildren?
(8:20:35 PM) partyboy: 1) depending on where you hit and what kind of service, there are sites / shops that absolutely do not give a shit)
2) yes
3) xs Bro, I don't keep a record))))
4) yes they are everywhere)
(8:22:09 PM) partyboy: socks are everywhere, both good and bad
(8:22:18 PM) partyboy: keep 2-3 socks
shops in stock (8:22:32 PM) Izolentna: rated socks?
(8:22:35 PM) Izolentna: maybe
(8:22:50 PM) partyboy: check socks for blacklists
(8:22:50 PM) Izolentna: or try everything and search
(8:22:55 PM) partyboy: on f.vision's site
(8:23:27 PM) panacash: What are the ways to work with FNS videos? I mean, an online store through the terminal, applications, this is understandable, but maybe some other ways?
(8:23:31 PM) Goodman: I need a zip, I've tested 10 socks
(8:23:34 PM) Goodman: or black
(8:23:36 PM) Goodman: or ping
(8:23:51 PM) ) partyboy: I can't say anything about the NFC, sorry, not my topic
(8:24:06 PM) Goodman: The computer is ready to break the fucking 911
(8:24:19 PM) partyboy: goodman - see socks at other shops
(8:24:20 PM) Goodman: Is Ping krety?
(8:24:30 PM) Koba787: Goodman: Wait) we still have to stream all night
long ) (8:24:33 PM) partyboy: zip does not have to match, all 5 digits are like
(8:24:41 PM) partyboy: the first 2 digits are already hbs
(8:25:44 PM) partyboy: Friends, who still have questions - reread the lecture, then think about it, then google it, then write to me in the PM on the forum) I will answer everyone)
(8:26: 10 PM) partyboy: dat_user1: When will the sphere be given?) - I know the dick) ask Mans) it seems that by the end of the training they will give
(8:26:51 PM) partyboy: Good luck to everyone! ) And .. have a great weekend!
Last edited by a moderator:
