Vault 7: Projects

SECRET//20330530
NightSkies v1.2 User Guide
Reference Documents
NightSkies v1.1.0 CONOPS, July 2008 (S)
NightSkies v1.1.0 User Guide
IMIS Requirement #2008-1508
IMIS Requirement #2008-
(U) Overview
(S) NightSkies (NS) version 1.2 is a beacon/loader/implant tool for the Apple iPhone 3G v2.1. The tool
operates in the background providing upload, download and execution capability on the device. NS is
installed via physical access to the device and will wait for user activity before beaconing. When user
activity is detected, NS will attempt to beacon to a preconfigured LP to retrieve tasking, execute the
instructions, and reply with the responses in one session.
User activity is detected by monitoring specific directories on the phone such as the browser history
file, Youtube video cache, map files cache, or mail files meta data.
(S) Features:
Retrieves files from iPhone including Address Book, SMS, Call Logs (when available), etc.
Sends files and binaries to the iPhone such as future tools
Executes arbitrary commands on the iPhone
Grants full remote command and control
Masquerades as standard HTTP protocol for communications
Uses XXTEA block encryption to provide secure communications
Provides self-upgrade capability
(S) This user’s guide provides instructions to configure and install NS on a factory fresh device. It also
includes instructions on how to create and maintain the Listening Post and Response Processing
components on the backend.
(U) System Requirements
(S) Configuration and Post Processing
OS X 10.5 (except OS X 10.5.6)
iTunes 8.0
(S) Target Device
Apple iPhone 3G - OS version 2.1
(S) Listening Post
Apache 2.x
PHP 5.2.5
SECRET//20330530
1

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh