Base

.classpath

@@ -1,7 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" path="src"/>
-	<classpathentry kind="src" path="gen"/>
-	<classpathentry kind="con" path="com.android.ide.eclipse.adt.ANDROID_FRAMEWORK"/>
-	<classpathentry kind="output" path="bin"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="com.android.ide.eclipse.adt.ANDROID_FRAMEWORK"/>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="src" path="gen"/>
+	<classpathentry kind="con" path="com.android.ide.eclipse.adt.LIBRARIES"/>
+	<classpathentry kind="output" path="bin/classes"/>
+</classpath>

.gitignore

@@ -0,0 +1,5 @@
+*.class
+
+
+bin/
+

AndroidManifest.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="com.securitycompass.labs.falsesecuremobile"
+      package="com.securitycompass.androidlabs.base"
       android:versionCode="1"
       android:versionName="1.0">
     <application android:icon="@drawable/icon" android:label="@string/app_name" android:name=".BankingApplication">
@@ -20,10 +20,18 @@
         <activity android:name=".SetServerCredentialsActivity" android:label="@string/app_name"/>
         <activity android:name=".ViewStatementActivity" android:label="@string/app_name"/>
         <activity android:name=".EditPreferencesActivity" android:label="@string/app_name"/>
-
+		<activity android:name=".DebugActivity" android:label="@string/app_name"/>        
+        <activity android:name=".ContactActivity" android:label="@string/app_name">
+			<intent-filter>
+                <data android:scheme="emm" />
+    			<action android:name="android.intent.action.VIEW" />
+    			<category android:name="android.intent.category.BROWSABLE" />
+    			<category android:name="android.intent.category.DEFAULT" />    			
+            </intent-filter>
+		</activity>
     </application>
 
 <uses-permission android:name="android.permission.INTERNET"/>
 <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
 
-</manifest>
+</manifest>

LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2011, Security Compass
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Security Compass.
+4. Neither the name of Security Compass nor the names of its contributors may be
+   used to endorse or promote products derived from this software without
+   specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY Security Compass ''AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+EVENT SHALL Security Compass BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

assets/emm_contact.html

@@ -0,0 +1,84 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+	<link href="bootstrap/bootstrap.min.css" rel="stylesheet">
+	<style>
+      body {
+        padding-top: 60px; /* 60px to make the container go all the way to the bottom of the topbar */
+      }
+    </style>
+	<link href="bootstrap/bootstrap-responsive.min.css" rel="stylesheet">
+
+	<script type="text/javascript">
+		// taken from http://papermashup.com/read-url-get-variables-withjavascript/
+		function getUrlVars() {
+			var vars = {};
+			var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) {
+				vars[key] = value;
+
+			});
+			return vars;
+		}
+	</script>
+</head>
+
+
+<body>
+	<script src="jquery.min.js"></script>
+	<script>
+     $(document).ready(function(){
+
+     });
+   </script>
+
+	<div class="navbar navbar-fixed-top">
+      <div class="navbar-inner">
+        <div class="container">
+          <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </a>
+          <a class="brand" href="#">EMM Bank</a>
+          <div class="nav-collapse">
+            <ul class="nav">
+              <li class="active"><a href="#">Home</a></li>              
+            </ul>
+          </div><!--/.nav-collapse -->
+        </div>
+      </div>
+    </div>
+
+<div class="container">
+
+	<h1>Contact Us</h1>
+
+	<div class="row">
+
+		<h3 class="name">Hello</h3>
+		<p>We're available 24/7 to help you.  Please contact us at the address below.</p>
+
+		<address><strong>EMM Bank</strong><br>
+		281828 Bank St.<br>
+		London, UK<br>
+		Phone: 1-866-222-2222<br>
+		</address>
+
+		<!-- Get the user's name from the URL parameter for a personal touch -->
+		<!-- expoit: file:///C:/Users/securitycompass/git/AndroidLabs/assets/emm_contact.html?name=%3Cscript%3Ealert%28%27test%27%29%3C/script%3E -->
+		<script type="text/javascript">
+
+			var urlparam = getUrlVars()["name"];
+			if (urlparam != undefined){
+				$('.name').append(decodeURIComponent(urlparam));
+			}
+		</script>
+
+	</div>
+</div>
+
+</body>
+</html>

assets/uritest.html

@@ -0,0 +1,14 @@
+<html>
+
+<body>
+	<!--  this file is meant to be pushed to the SDCard to test the EMM:// URI handler -->
+	<a href="emm://emmbank/Oliver">emm://emmbank/Oliver - Test URL handler normal case</a><br>
+
+	<a href="emm://emmbank/">emm://emmbank/Oliver - Test blank case</a><br>
+
+	<a href="emm://emmbank/%3Cscript%3Ealert('test')%3C%2Fscript%3E">Malicious alert</a>	<br>
+
+	<a href="emm://emmbank/%3Cscript%3Ewindow.location.replace(%22http%3A%2F%2Fstackoverflow.com%22)%3B%3C%2Fscript%3E">Malicious redit</a>	<br>
+
+</body>
+</html>

default.properties

@@ -1,11 +1,2 @@
-# This file is automatically generated by Android Tools.
-# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
-# 
-# This file must be checked in Version Control Systems.
-# 
-# To customize properties used by the Ant build system use,
-# "build.properties", and override values to adapt the script to your
-# project structure.
-
 # Project target.
-target=android-8
+target=android-15

gen/com/securitycompass/androidlabs/base/BuildConfig.java

@@ -0,0 +1,6 @@
+/** Automatically generated file. DO NOT MODIFY */
+package com.securitycompass.androidlabs.base;
+
+public final class BuildConfig {
+    public final static boolean DEBUG = true;
+}