- If required:

- Starting state = required, to be installed:

- if the root is available, try to install the persistency; the results can be:

o failure, installation failed;
o installed but reboot is required, present, not yet rebooted;
o already installed and rebooted, Present.

- If not required:

- not required.

• Timeout indicates that the sync process was not completed.

• Unavailable simply means that the agent was not able to retrieve the phone number from the SIM.

• The cp command is not always present in the phones. As an alternative you can use the shell redirection, but you cannot do it directly from Command; you need to write a shell script and then download and it run on the target device via File Transfer/Upload and Execute. Here’s an example of the script you can use:

#!/system/bin/sh
mkdir /sdcard/WhatsApp/
cat /data/data/com.whatsapp/databases/wa.db > /sdcard/WhatsApp/wa.db
chmod 777 /sdcard/WhatsApp/wa.db

!!! ⇒ The commands are run as root, both as command and as Upload and execute. The difference is that the commands cannot be chained in pipes and do not handle the redirection. Each complex operation should be performed in a script.
!!! ⇒ The fact that the file system is run with the user permissions is not a bug, it's a system feature. It will be improved in the future, but it is neither urgent nor has the status of a bug.

• Run the purge operation on the target (this action will obviously reset the transfer of information currently in the queue).

• If the factory is from the same customer (e.g. same server) you cannot install two agent on the same device.

• You have to be sure that a previous agent is not installed.

• RMI can not change these parameters. In order to do that you need to use a service such as that offered by Carro or Circle or, alternatively, one of several online services that offer this feature. In any case, success or failure depends also by the telephone operator.

• A good approach in order to limit the exposure of a RMI installation could be the usage of a Gold Phone Number; a gold number is a special easy-to-remember phone number.
  Each country has a different policy, but almost every telco offers gold numbers, that can appear as "professional numbers" in a social engineering approach. Some of them offer the opportunity to choose your number.

• If the melted app is removed, the agent is removed too. We are working on this.

• If the agent is upgraded to the next release, the original melted application is uninstalled and substituted by the upgraded silent agent.

• The scanning of the file system via Android agent is run with user permissions even if root permission is operative. You can use the command ls -l /data/data to extract the file system into a folder because the input command is run with root permissions.

• There should be no contraindications. However, remind that not all Android devices support the WAP stack (e.g. some HTC and some Motorola devices). Furthermore, the user can disable the push messages, for this reason it is always recommended to perform preventive tests, both using the Service Loading and with the Service Indication.

• In the ZIP file generated by the console there are a TXT file containing the Web link and an image that represents the QR code associated with that link.

• After entering the link in the target phone, start the download and proceed as any silent installer. The collector destroys the link as soon as it downloads it.

• You can customize some fields that the target sees during the download: when the target opens the link (or the QR code), the download starts (it arrives as a request).

!!! ⇒ The configuration dialog has some input fields filled by default; the choice of the input values depends on the type of social attack that the customer is using. The default settings are intended to simulate the sending of an update. In some cases it may be more sensible to simulate the sending of an offer to optimise the tariff of a particular provider. Even the field name must comply with the chosen cover story.

• If you used the BASIC configuration in order to create the backdoor, by default the agent syncs only via Wi-Fi (not via phone's data connection). If the infection was made through a Web link, it is assumed you used a 3G connection. If the above scenario is correct, without a Wi-Fi connection the phone cannot sync. Also you should consider that the Blackberry synchronizes only when the screen is off, but when the phone is in charge (in some configurations) its screen remains on to display the clock and in these conditions the sync cannot be done.

• If Wi-Fi is not configured, in versions of RCS previous to version 9.6, the BB can sync only via APN. Since RCS 9.6, the BB can use a free channel of RIM enabling the flag "force cell" in the sync configuration parameters.