Land rapid7#6577, add controls for Android ringer

Brent Cook · Brent Cook · commit 7acba69e37b0 · 2016-02-26T07:02:49.000-06:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -13,7 +13,7 @@ PATH
       metasploit-concern (= 1.0.0)
       metasploit-credential (= 1.0.1)
       metasploit-model (= 1.0.0)
-      metasploit-payloads (= 1.1.0)
+      metasploit-payloads (= 1.1.1)
       metasploit_data_models (= 1.2.10)
       msgpack
       network_interface (~> 0.0.1)
@@ -124,7 +124,7 @@ GEM
       activemodel (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
       railties (>= 4.0.9, < 4.1.0)
-    metasploit-payloads (1.1.0)
+    metasploit-payloads (1.1.1)
     metasploit_data_models (1.2.10)
       activerecord (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
diff --git a/lib/rex/post/meterpreter/extensions/android/android.rb b/lib/rex/post/meterpreter/extensions/android/android.rb
@@ -71,6 +71,12 @@ def device_shutdown(n)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
   end
+  
+  def set_audio_mode(n)
+    request = Packet.create_request('set_audio_mode')
+    request.add_tlv(TLV_TYPE_AUDIO_MODE, n)
+    response = client.send_request(request)
+  end
 
   def interval_collect(opts)
     request = Packet.create_request('interval_collect')
diff --git a/lib/rex/post/meterpreter/extensions/android/tlv.rb b/lib/rex/post/meterpreter/extensions/android/tlv.rb
@@ -75,6 +75,7 @@ module Android
 TLV_TYPE_CELL_BASE_LONG              = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9072)
 TLV_TYPE_CELL_NET_ID                 = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9073)
 TLV_TYPE_CELL_SYSTEM_ID              = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9074)
+TLV_TYPE_AUDIO_MODE                  = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9075)
 
 TLV_TYPE_URI_STRING                  = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9101)
 TLV_TYPE_ACTIVITY_START_RESULT       = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9102)
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
@@ -30,7 +30,8 @@ def commands
       'send_sms'          => 'Sends SMS from target session',
       'wlan_geolocate'    => 'Get current lat-long using WLAN information',
       'interval_collect'  => 'Manage interval collection capabilities',
-      'activity_start'    => 'Start an Android activity from a Uri string'
+      'activity_start'    => 'Start an Android activity from a Uri string',
+      'set_audio_mode'    => 'Set Ringer Mode'
     }
 
     reqs = {
@@ -43,7 +44,8 @@ def commands
       'send_sms'         => ['send_sms'],
       'wlan_geolocate'   => ['wlan_geolocate'],
       'interval_collect' => ['interval_collect'],
-      'activity_start'   => ['activity_start']
+      'activity_start'   => ['activity_start'],
+      'set_audio_mode'   => ['set_audio_mode']
     }
 
     # Ensure any requirements of the command are met
@@ -153,6 +155,36 @@ def cmd_device_shutdown(*args)
     end
   end
 
+  def cmd_set_audio_mode(*args)
+    help = false
+    mode = 1
+    set_audio_mode_opts = Rex::Parser::Arguments.new(
+      '-h' => [ false, "Help Banner" ],
+      '-m' => [ true, "Set Mode - (0 - Off, 1 - Normal, 2 - Max) (Default: '#{mode}')"]
+    )
+
+    set_audio_mode_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when '-h'
+        help = true
+      when '-m'
+        mode = val.to_i
+      else
+        help = true
+      end
+    end
+
+    if help || mode < 0 || mode > 2
+      print_line('Usage: set_audio_mode [options]')
+      print_line('Set Ringer mode.')
+      print_line(set_audio_mode_opts.usage)
+      return
+    end
+
+    client.android.set_audio_mode(mode)
+    print_status("Ringer mode was changed to #{mode}!")
+  end
+
   def cmd_dump_sms(*args)
     path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
     dump_sms_opts = Rex::Parser::Arguments.new(
@@ -536,7 +568,7 @@ def cmd_activity_start(*args)
       print_line("Start an Android activity from a uri")
       return
     end
-    
+
     uri = args[0]
     result = client.android.activity_start(uri)
     if result.nil?
@@ -545,7 +577,7 @@ def cmd_activity_start(*args)
       print_error("Error: #{result}")
     end
   end
- 
+
   #
   # Name for this dispatcher
   #
diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec
@@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model', '1.0.0'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.1.0'
+  spec.add_runtime_dependency 'metasploit-payloads', '1.1.1'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.
