def dump_droidmon_logs(package):
filename="/data/data/de.robv.android.xposed.installer/log/error.log"
with open(filename) as log_file:
tag = "Droidmon-apimonitor-"+package
tag_error = "Droidmon-shell-"+package
apimonitor = ""
shell = ""
for line in log_file:
if tag in line:
out = re.sub(tag+":", "", line)
apimonitor=apimonitor+out
if tag_error in line:
out = re.sub(tag_error+":", "", line)
shell=shell+out
utils.send_file("logs/droidmon.log",apimonitor)
utils.send_file("logs/droidmon_error.log",shell)
def dump_droidmon_logs(package):
filename = "/data/data/de.robv.android.xposed.installer/log/error.log"
with open(filename) as log_file:
tag = "Droidmon-apimonitor-" + package
tag_error = "Droidmon-shell-" + package
apimonitor = ""
shell = ""
for line in log_file:
if tag in line:
out = re.sub(tag + ":", "", line)
apimonitor = apimonitor + out
if tag_error in line:
out = re.sub(tag_error + ":", "", line)
shell = shell + out
utils.send_file("logs/droidmon.log", apimonitor)
utils.send_file("logs/droidmon_error.log", shell)
def dump_droidmon_logs(package):
filename = "error.log"
proc=subprocess.Popen(["adb", "pull","/data/data/de.robv.android.xposed.installer/log/"+filename,filename], stdout=subprocess.PIPE)
proc.communicate()
with open(filename) as log_file:
tag = "Droidmon-apimonitor-"+package
tag_error = "Droidmon-shell-"+package
apimonitor = ""
shell = ""
for line in log_file:
if tag in line:
out = re.sub(tag+":", "", line)
apimonitor=apimonitor+out
if tag_error in line:
out = re.sub(tag_error+":", "", line)
shell=shell+out
utils.send_file("logs/droidmon.log",apimonitor)
utils.send_file("logs/droidmon_error.log",shell)
def dump_droidmon_logs(package):
filename = "error.log"
proc = subprocess.Popen(
["adb", "pull", "/data/data/de.robv.android.xposed.installer/log/" + filename, filename], stdout=subprocess.PIPE
)
proc.communicate()
with open(filename) as log_file:
tag = "Droidmon-apimonitor-" + package
tag_error = "Droidmon-shell-" + package
apimonitor = ""
shell = ""
for line in log_file:
if tag in line:
out = re.sub(tag + ":", "", line)
apimonitor = apimonitor + out
if tag_error in line:
out = re.sub(tag_error + ":", "", line)
shell = shell + out
utils.send_file("logs/droidmon.log", apimonitor)
utils.send_file("logs/droidmon_error.log", shell)
def dump_droidmon_logs(package):
xposed_logs = "/data/data/de.robv.android.xposed.installer/log/error.log"
if not os.path.exists(xposed_logs):
log.info("Could not find any Xposed logs, skipping droidmon logs.")
return
tag = "Droidmon-apimonitor-%s" % package
tag_error = "Droidmon-shell-%s" % package
log_xposed, log_success, log_error = [], [], []
for line in open(xposed_logs, "rb"):
if tag in line:
log_success.append(line.split(":", 1)[1])
if tag_error in line:
log_error.append(line.split(":", 1)[1])
log_xposed.append(line)
send_file("logs/xposed.log", "\n".join(log_xposed))
send_file("logs/droidmon.log", "\n".join(log_success))
send_file("logs/droidmon_error.log", "\n".join(log_error))
def dump_droidmon_logs(package):
xposed_logs = "/data/data/de.robv.android.xposed.installer/log/error.log"
if not os.path.exists(xposed_logs):
log.info("Could not find any Xposed logs, skipping droidmon logs.")
return
tag = "Droidmon-apimonitor-%s" % package
tag_error = "Droidmon-shell-%s" % package
log_xposed, log_success, log_error = [], [], []
for line in open(xposed_logs, "rb"):
if tag in line:
log_success.append(line.split(":", 1)[1])
if tag_error in line:
log_error.append(line.split(":", 1)[1])
log_xposed.append(line)
send_file("logs/xposed.log", "\n".join(log_xposed))
send_file("logs/droidmon.log", "\n".join(log_success))
send_file("logs/droidmon_error.log", "\n".join(log_error))
def run(self):
label = "Droidmon-apimonitor-"
adb = subprocess.Popen(["adb", "logcat", "-s", "Xposed"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
md5_list = set()
# Collect Xposed logs
while self.do_run:
try:
logcatInput = adb.stdout.readline()
if not logcatInput:
raise Exception("We have lost the connection with ADB.")
if label in logcatInput:
boxlog = logcatInput.replace(":","$$$",2).split("$$$")
try:
apicall = json.loads(boxlog[2])
if apicall["class"] == "libcore.io.IoBridge" and apicall["method"] == "open":
file_path = apicall["args"][0]
if "/sys/" in file_path or "/proc/" in file_path or '/data/app' in file_path or '/data/misc/keychain' in file_path or '.xml' in file_path:
continue
if ".DROPPED_FILE" in file_path:
continue
file_name = os.path.basename(file_path)+"_"+str(uuid.uuid1())
proc = subprocess.Popen(["adb", "pull", file_path, file_name], stdout=subprocess.PIPE)
proc.communicate()
if os.path.exists(file_name):
if os.stat(file_name).st_size == 0:
continue
with open(file_name) as file_read:
file_data = file_read.read()
md5 = hashlib.md5(file_data).hexdigest()
if md5 in md5_list:
continue
utils.send_file("files/"+file_name, file_data)
md5_list.add(md5)
else:
log.info("FileCollector - File Not Exists: "+file_path)
elif((apicall["class"] == "dalvik.system.DexFile" and apicall["method"] == "openDexFile") or
(apicall["class"] == "java.lang.Runtime" and apicall["method"] == "load")):
if apicall["dump"]:
file_path = apicall["path"]
file_name = os.path.basename(file_path)#+str(random.randrange(10))
proc = subprocess.Popen(["adb", "pull", file_path, file_name], stdout=subprocess.PIPE)
proc.communicate()
if os.path.exists(file_name):
with open(file_name) as file_read:
file_data = file_read.read()
md5 = hashlib.md5(file_data).hexdigest()
if md5 in md5_list:
continue
utils.send_file("files/"+file_name.replace(".DROPPED_FILE", ""), file_data)
md5_list.add(md5)
else:
log.info("FileCollector - File Not Exists: "+file_path)
except:
pass
except:
return False
return True
def run(self):
label = "Droidmon-apimonitor-"
adb = subprocess.Popen(["logcat", "-s", "Xposed"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
md5_list = set()
# Collect Xposed logs
while self.do_run:
try:
logcatInput = adb.stdout.readline()
if not logcatInput:
raise Exception("We have lost the connection with ADB.")
if label in logcatInput:
boxlog = logcatInput.replace(":","$$$",2).split("$$$")
try:
apicall = json.loads(boxlog[2])
if apicall["class"] == "libcore.io.IoBridge" and apicall["method"] == "open":
file_path = apicall["args"][0]
if "/sys/" in file_path or "/proc/" in file_path or '/data/app' in file_path or '/data/misc/keychain' in file_path or '.xml' in file_path:
continue
if ".DROPPED_FILE" in file_path:
continue
file_name = os.path.basename(file_path)+"_"+str(uuid.uuid1())
if os.path.exists(file_path):
if os.stat(file_path).st_size == 0:
continue
with open(file_path) as file_read:
file_data = file_read.read()
md5 = hashlib.md5(file_data).hexdigest()
if md5 in md5_list:
continue
utils.send_file("files/"+file_name, file_data)
md5_list.add(md5)
#log.info("add md5:"+ md5 + " on:"+str(apicall))
else:
log.info("FileCollector - File Not Exists: "+file_path)
elif((apicall["class"] == "dalvik.system.DexFile" and apicall["method"] == "openDexFile") or (apicall["class"] == "java.lang.Runtime" and apicall["method"] == "load")):
if apicall["dump"]:
file_path = apicall["path"]
file_name = os.path.basename(file_path)#+str(random.randrange(10))
#log.info(file_name)
#proc = subprocess.Popen(["adb", "pull", file_path, file_name], stdout=subprocess.PIPE)
#proc.communicate()
if os.path.exists(file_path):
with open(file_path) as file_read:
file_data = file_read.read()
md5 = hashlib.md5(file_data).hexdigest()
#log.info(md5)
if md5 in md5_list:
#log.info(md5_list)
continue
utils.send_file("files/"+file_name.replace(".DROPPED_FILE", ""), file_data)
md5_list.add(md5)
else:
log.info("FileCollector - File Not Exists: "+file_path)
except:
pass
except:
return False
return True