CVE-2025-48543 (ART UAF → system UID):
- Works on Android 13-16 with patch < September 2025
- System UID (1000) can read any app's /data/data/ directory
- No bootloader unlock needed, no root needed
- Pushes exploit APK, executes post-exploit script at system level
- Tasks: extract_rcs, extract_app:<pkg>, disable_mdm, shell
extract_rcs_locked_device():
- Auto-selects best available exploit for the device
- Priority: CVE-2025-48543 → CVE-2024-0044 → content providers
- Extracts bugle_db + WAL + shared_prefs (key material)
- Falls back to SMS/MMS content providers if all exploits fail
CLI: [r] Extract RCS (auto), [e] CVE-2025-48543
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New exploit paths for current Android versions:
- CVE-2025-48543: ART runtime UAF → system UID (Android 13-16, pre-Sep 2025)
Public PoC available. Works from malicious app — no ADB needed.
- CVE-2025-48572/48633: Framework info leak + EoP chain (Android 13-16, pre-Dec 2025)
CISA KEV listed, confirmed in-the-wild. No public PoC yet.
- pKVM kernel bugs (CVE-2025-48623/24, CVE-2026-0027/28/37): kernel/hypervisor
escalation from system UID. Chain: ART UAF → pKVM → full kernel root.
- avbroot + KernelSU-Next/Magisk for GKI 6.1/6.6 on Android 15/16 Pixel 9
assess_vulnerabilities() now covers Android 12 through 16 with automatic
exploit path selection based on SDK version and security patch level.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- bugle_db uses SQLCipher/Android encrypted SQLite, not plaintext
- Root extraction now pulls shared_prefs/ and files/ for key material
- Archon relay prefers decrypted JSON dump from app context over raw DB copy
- Updated module docstrings, web UI descriptions, and user manual
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed from web.routes.auth_routes to web.auth — the decorator
lives in web/auth.py, not web/routes/auth_routes.py. Flask app
now starts cleanly with all 45 blueprints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add autarch-dns.exe to PyInstaller spec data files and Inno Setup
installer. Bump version to 2.2 in installer.iss and setup_msi.py.
Add DNS server kill to uninstall. Update devjournal with v2.2.0
session notes. Add concept.md (project origin document).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add WiFi Audit, API Fuzzer, Cloud Scanner, Threat Intel, Log Correlator,
Steganography, Anti-Forensics, BLE Scanner, Forensics, RFID/NFC, Malware
Sandbox, Password Toolkit, Web Scanner, Report Engine, Net Mapper, and
C2 Framework. Each module includes CLI interface, Flask routes, and web
UI template. Also includes Go DNS server source + binary, IP Capture
service, SYN Flood, Gone Fishing mail server, and hack hijack modules
from v2.0 work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix Hal chat: add Chat/Agent mode toggle so users can switch between
direct LLM streaming (Chat) and tool-using Agent mode
- Fix Agent system: graceful degradation when model can't follow
structured THOUGHT/ACTION/PARAMS format (falls back to direct answer
after 2 parse failures instead of looping 20 times)
- Fix frozen build: remove llama_cpp from PyInstaller excludes list
so LLM works in compiled exe
- Add system tray icon: autarch.ico (from icon.svg) used for exe icons,
installer shortcuts, and runtime tray icon
- Update tray.py to load .ico file with fallback to programmatic generation
- Add inline critical CSS for FOUC prevention
- Bump version to 1.5.1
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Inlines dark theme colors, sidebar layout, and flex container styles
directly in <head> so they apply immediately. Prevents FOUC when the
external stylesheet is delayed by self-signed cert negotiation or
slow network.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sidebar button at bottom re-scans modules/ directory on click
- POST /api/modules/reload endpoint returns updated counts and module list
- Button shows success/failure feedback, auto-reloads category pages
- Enables hot-dropping new modules without restarting the server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Threat Monitor: 7-tab monitoring page (live, connections, network intel,
threats, packet capture, DDoS mitigation, counter-attack) with real-time
SSE streaming and optimized data collection (heartbeat, cached subprocess
calls, bulk process name cache)
- Drill-down popups: Every live monitor stat is clickable, opening a popup
with detailed data (connections list with per-connection detail view,
GeoIP lookup, process kill, bandwidth, ARP spoof, port scan, DDoS status)
- Hal agent mode: Chat routes rewritten to use Agent system with
create_module tool, SSE streaming of thought/action/result steps
- Windows defense module with full security audit
- LLM trainer module and routes
- Defense landing page with platform-specific sub-pages
- Clean up stale files (get-pip.py, download.png, custom_adultsites.json)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Includes ASCII banner, feature overview, architecture docs, acknowledgements
for all open-source dependencies, and essays by darkHal Security Group on
AI liberty, hacker ethics, and geopolitics.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full security platform with web dashboard, 16 Flask blueprints, 26 modules,
autonomous AI agent, WebUSB hardware support, and Archon Android companion app.
Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit
integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
