#python#adb#agents#ai#android#appium#automation#dynamic_analysis#frida#magisk#mcp#mcp_server#mobile_security#pentesting#remote_control#reverse_engineering#security#uiautomation#uiautomator2#workflow#xposed
FIRERPA is a powerful Android automation tool that runs on-device with root access, works on versions 6.0 to 16, and offers low-latency remote desktop, 160+ APIs, Python SDK, and AI integration for tasks like testing, data collection, and forensics. It needs no extra setup, stays stable for large-scale use, and beats other tools in compatibility. You benefit by automating mobile tasks quickly, saving time on development and monitoring, with easy visual control for reliable results.
https://github.com/firerpa/lamda
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
#security
This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it.
However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how easy it is to exploit.
DisableGoogleAnalytics
https://gitlab.com/adrian.m.miller/disablegoogleanalytics
Attempts To Disable Common Google Analytics And Ads Receivers In All Affected Packages
What it does/How it works:
On 1st run after rebooting after install the module is assuming you want it to disable the listed analytics and ad receivers, so it will:
Wait till boot is completed
Then sleep for 2 minutes
Then test that cpu usage is under 30% before running
It will then disable the analytics and ad receivers as listed below, and log its progress to /sdcard/fixgoogleanalytics.log
Common Analytics And Ad Recievers:
com.google.android.gms.analytics.AnalyticsJobServicecom.google.android.gms.analytics.CampaignTrackingServicecom.google.android.gms.measurement.AppMeasurementServicecom.google.android.gms.measurement.AppMeasurementJobServicecom.google.android.gms.analytics.AnalyticsReceivercom.google.android.gms.analytics.CampaignTrackingReceivercom.google.android.gms.measurement.AppMeasurementInstallReferrerReceivercom.google.android.gms.measurement.AppMeasurementReceivercom.google.android.gms.measurement.AppMeasurementContentProvidercom.crashlytics.android.CrashlyticsInitProvidercom.google.android.gms.ads.AdActivitycom.google.firebase.iid.FirebaseInstanceIdService
Once complete the service.sh script will delete itself
Once that happens any further interaction is purely via the included dga script as a binary in /system/(x)bin
dga takes 2 arguments, disable or enable, though i doubt too many will be looking to enable analytics and ad receivers, unless the disabling has unwanted effects on their system, which is high time to include the usual disclaimer that you run this at your own risk and not even dga enable is garaunteed to undo the changes
Module Installation:
Download from Releases
Install the module via #Magisk app/Fox Magisk Module Manager/MRepo
Reboot
Usage:
After first run optmization has completed, any further interaction is purely via the included dga script as a binary
in /system/(x)bin:
dga takes 2 arguments, disable or enable, though i doubt too many will be looking to enable
analytics and ad receivers, unless the disabling has unwanted effects on their system, which
is high time to include the usual disclaimer that you run this at your own risk and not even
dga enable is garaunteed to undo the changes
Uninstall Note: Uninstalling the module will not reverse the changes, if your intention is to uninstall the module and re-enable the
analytics and ad receivers, please run dga enable first
#Magisk fork by TheHitMan7 keeping the removed "Magisk Hide" functionality
Repository:
https://github.com/TheHitMan7/Magisk
Files:
https://github.com/TheHitMan7/Magisk-Files
Or
https://t.me/magiskcustom
Discussion:
https://t.me/custommagisk
Remember that Google corporation bought Magisk developer and extorted him to remove that functionality:
https://t.me/NoGoolag/5202
https://t.me/NoGoolag/5229
https://t.me/NoGoolag/7628
https://t.me/NoGoolag/7712
ChatterUI - A simple app for LLMs
https://github.com/Vali-98/ChatterUI
https://t.me/chatterui
ChatterUI is a native mobile frontend for LLMs.
Run LLMs on device or connect to various commercial or open source APIs. ChatterUI aims to provide a mobile-friendly interface with fine-grained control over chat structuring.
Features:
Run LLMs on-device in Local Mode
Connect to various APIs in Remote Mode
Chat with characters. (Supports the Character Card v2 specification.)
Create and manage multiple chats per character.
Customize Sampler fields and Instruct formatting
Integrates with your device’s text-to-speech (TTS) engine
Usage
Download and install latest APK from the releases page.
iOS is Currently unavailable due to lacking iOS hardware for development
Local Mode
ChatterUI uses a llama.cpp under the hood to run gguf files on device. A custom adapter is used to integrate with react-native: cui-llama.rn
To use on-device inferencing, first enable Local Mode, then go to Models > Import Model / Use External Model and choose a gguf model that can fit on your device's memory. The importing functions are as follows:
Import Model: Copies the model file into ChatterUI, potentially speeding up startup time.
Use External Model: Uses a model from your device storage directly, removing the need to copy large files into ChatterUI but with a slight delay in load times.
After that, you can load the model and begin chatting!
Note: For devices with Snapdragon 8 Gen 1 and above or Exynos 2200+, it is recommended to use the Q4_0 quantization for optimized performance.
Remote Mode
Remote Mode allows you to connect to a few common APIs from both commercial and open source projects.
Open Source Backends:
koboldcpp
text-generation-webui
Ollama
Dedicated API:
OpenAI
Claude (with ability to use a proxy)
Cohere
Open Router
Mancer
AI Horde
Generic backends:
Generic Text Completions
Generic Chat Completions
These should be compliant with any Text Completion/Chat Completion backends such as Groq or Infermatic.
Custom APIs:
Is your API provider missing? ChatterUI allows you to define APIs using its template system.
Read more about it here!
#ai#Android
https://github.com/4Catalyzer/pykubectl
A python bridge to kubectl providing additional functionalities useful for CD and #automation.
#machine_learning
https://github.com/spotify/luigi
Writing batch jobs is generally only one part of processing heaps of data; you also have to string all the jobs together into something resembling a #workflow or a #pipeline. #Luigi, created by Spotify and named for the other plucky plumber made famous by Nintendo, was built to "address all the plumbing typically associated with long-running batch processes."
With Luigi, a developer can take several different unrelated data processing tasks — "a Hive query, a Hadoop job in Java, a Spark job in Scala, dumping a table from a database" — and create a workflow that runs them, end to end. The entire description of a job and its dependencies are created as Python modules, not as XML config files or another data format, so it can be integrated into other Python-centric projects.
#Machine_learning