def amdh(): arguments = args_parse() if arguments.adb_path: adb_path = arguments.adb_path dump_apks = False apks_dump_folder = "" if arguments.apks_dump_folder: dump_apks = True apks_dump_folder = arguments.apks_dump_folder adb_instance = ADB(adb_path) device_id = device_choice(adb_instance) adb_instance = ADB(adb_path, device_id) settings_check = None packages = [] if arguments.app_type: packages = adb_instance.list_installed_packages(arguments.app_type) report_apps = {} for package in packages: dumpsys_out = adb_instance.dumpsys(["package", package]) perm_list = adb_instance.get_req_perms_dumpsys_package(dumpsys_out) app = App(adb_instance, package, dump_apks, apks_dump_folder, perm_list) perms, dangerous_perms = app.check_apps() print("") if dangerous_perms.items(): print_warning_header("Package " + package + " have some dangerous permissions: ") for perm, desc in dangerous_perms.items(): print_warning("\t " + perm + " : ") print_warning("\t\t" + desc) report_apps[package] = { "permissions": perms, "dangerous_perms": dangerous_perms } print("") print( "************************************************************************" ) else: print_info("Package " + package + " have no dangerous permissions") print("") print( "************************************************************************" ) if arguments.H: settings_check = Settings(settings_file, adb_instance, True) else: settings_check = Settings(settings_file, adb_instance) settings_check.check()
def __init__(self, device=None): self.logger = logging.getLogger(self.__class__.__name__) if device is None: from .DeviceHelper import get_available_devices all_devices = get_available_devices() if len(all_devices) == 0: self.logger.warning("ERROR: No device connected.") sys.exit(-1) device = all_devices[0] if "emulator" in device: self.is_emulator = True else: self.is_emulator = False self.device = device self.grant_perm = False ## Grant all permissions while installing. Useful for Android 6.0+ # basic device information self.display_info = None self.sdk_version = None self.release_version = None self.ro_debuggable = None self.ro_secure = None self.connected = True # adapters self.adb = ADB(device=self) self.adapters = { self.adb: True, # self.telnet: False, }
def test_get_devices(self): adb = ADB() adb.set_adb_path() adb.start_server() err, devices = adb.get_devices() print(str(err)) if len(devices) > 0: print(str(devices))
def __init__(self, adb_path): self.adb_path = adb_path self.adb = None self.devices = [] self.adb = ADB(adb_path) if NEED_RESTART_ADB: self.restart_adb()
def test_get_pid_on_device(self): adb = ADB() adb.enable_debug() adb.set_adb_path() adb.set_target_device() pid = utils.get_pid_on_device(adb, 'com.android.commands.monkey') utils.kill_proc_on_device(adb, pid) print(pid)
def test_install(self): adb = ADB() adb.set_adb_path() _, ds = adb.get_devices() device_id = ds[0] adb.set_target_device(device_id) adb.enable_debug() output = adb.install(reinstall=True, pkgapp='ctssetup.apk') print("output: " + str(output))
def __init__(self, p2adb, logtype="logcat", pollrate=0.5): self.adb = ADB(p2adb) self.logtype = logtype self.pollrate = pollrate self._event_list = [] self._isRunning = False self.logcat_monitor_tread = None self.cacheMutex = Lock() self.cacheLineNum = 0
def install_app_and_install_frida(app_path): app = APK(app_path) package_name = app.get_package() logger.info("Start ADB") adb = ADB() logger.info("Install APP") adb.install_app(app_path) logger.info("Frida Initialize") push_and_start_frida_server(adb) return package_name
def adb_init(): adb = ADB() adb.set_adb_path(parameter.variables.executable_path) adb.DEFAULT_TCP_PORT = parameter.variables.default_tcp_port adb.DEFAULT_TCP_HOST = parameter.variables.wireless_address if not adb.get_version(): raise ConnectionError("Unable to communicate with adb daemon!") return adb
def ping(): trytime = 30 success = 0 adb = ADB() cmd = "ping -c 4 {0} | grep -q 'ttl=' && echo '{0} ok' || echo '{0} failed'".format( '61.135.169.125') print(cmd) for i in range(trytime): result = adb.shell(cmd) if 'ok' in result[1]: success += 1 print(result) return success
def catchSysLog(): powerUsbController.OPEN_MAIN_POWER() powerUsbController.OPEN_KL15() powerUsbController.USB_ON() time.sleep(20) logging.info("swith to Diagnostics Mode") openADB(TBOX_IP, TBOX_DIAG_KEY) time.sleep(20) adb = ADB() logPath = os.path.join( LOG_DIR, time.strftime('sysLog-%m-%d-%H_%M_%S', time.localtime(time.time()))) adb.pull('/logfs', logPath, TBOX_ADB_SN)
def run(self): adb1 = ADB() sender = Sender() while True: if "{}" not in str(adb1.get_devices()): pass else: try: sender.send("android-remove", json.loads("{}")) print "Android remove event was sent" except Exception as e: print e return time.sleep(self.interval)
def create_adb_and_start_frida(package_name): """ Parameters ---------- package_name Returns ------- """ logger.info(f"App Already Installed, start to monitoring ${package_name}") adb = ADB() logger.info("Frida Initialize") push_and_start_frida_server(adb) return package_name
def create_adb_and_start_frida(package_name, is_google_emulator: bool = False): """ Parameters ---------- package_name Returns ------- """ logger.warning( f"[*] App Already Installed, start to monitoring ${package_name}") adb = ADB() logger.info("[*] Frida Initialization") if not is_google_emulator: push_and_start_frida_server(adb) else: push_and_start_frida_server_google_emulator(adb) return package_name
def install_app_and_install_frida(app_path): """ Install app and Frida script Parameters ---------- app_path Returns ------- """ app = APK(app_path) package_name = app.get_package() logger.info("Start ADB") adb = ADB() logger.info("Install APP") adb.install_app(app_path) logger.info("Frida Initialize") push_and_start_frida_server(adb) return package_name
def loopInit(): powerUsbController.OPEN_MAIN_POWER() powerUsbController.OPEN_KL15() powerUsbController.USB_ON() time.sleep(20) logging.info("swith to Diagnostics Mode") openADB(TBOX_IP, TBOX_DIAG_KEY) time.sleep(20) powerUsbController.SHUTDOWN_KL15() time.sleep(2) adb = ADB() #adb.stopAdb() #adb.startAdb() logging.info( "adb shell zte_topsw_mcutest 29 02000600060002000200020004000000") ret = adb.shell("zte_topsw_mcutest 29 02000600060002000200020004000000", TBOX_ADB_SN) if (0 != ret[0]): raise Exception("send adb shell zte_topsw_mcutest failed! " + ret[2]) logging.info(ret[1]) time.sleep(1)
def install_app_and_install_frida(app_path, is_google_emulator: bool = False): """ Install app and Frida script Parameters ---------- app_path Returns ------- """ app = APK(app_path) package_name = app.get_package() logger.info("[*] Start ADB") adb = ADB() logger.info(f"[*] Install App {package_name}") adb.install_app(app_path) logger.info("[*] Frida Initialization") if not is_google_emulator: push_and_start_frida_server(adb) else: push_and_start_frida_server_google_emulator(adb) return package_name
def __init__(self): self.ADB = ADB(device_Name=os.environ.get('DEVICE_NAME'), screen_Size=(560, 960)) self.package = os.environ.get('PACKAGE_NAME') self.activity = os.environ.get('ACTIVITY_NAME')
EMULATOR_PATH = "/home/udev/android-sdk-linux/tools/" NUM_EMULATORS = 1 API_LEVEL = "android-15" SDCARD = True ADB_PATH = "/home/udev/android-sdk-linux/platform-tools/" FUZZ_SAMPLE_DIR = "/home/udev/android-sdk-linux/platform-tools/fuzz/corpus/FIXME/" CRASH_DIR = "/home/udev/android-sdk-linux/platform-tools/fuzz/crashes/" MIMETYPE = "audio/mid" MAX_ITERATION = 4096 #bit_flip window_replace PRIMITIVES = ["window_replace"] emu = Emulator(EMULATOR_PATH) adb = ADB(ADB_PATH) class FuzzThread(threading.Thread): def __init__(self, device, queue): threading.Thread.__init__(self) self.device = device self.queue = queue self.fuzz_file = None self.mutation_method = None self.fuzz_data = None self.mutation_stop = 0 self.mutation_start = 0 #restart emulator stuff #use self.device to get the process and args... kill it delete the emulator and use the args to restart self.max_iterations = 1000
from adb import ADB debug = ADB() print debug.devices() debug.shell("input keyevent 26") debug.shell("input keyevent 82") debug.shell("input swipe 50 50 800 50") #debug.screenShot("./ss.png")
if len(sys.argv) > 2: device = sys.argv[1] imsi = sys.argv[2] else: print("ERROR: Device name not found.") print("Call the script with: ./smarter_fuzzer #DEVICE #IMSI") print( "Where #DEVICE is the name and #IMSI is the IMSI of the mobile device." ) sys.exit(0) ############################################### SETTINGS ############################################# # Default OpenBTS port TESTCALL_PORT = 28670 adb = ADB() date = str(time.strftime("%Y%m%d-%H%M%S")) location_prefix = "logs/logs_packets/smarter_fuzzer/incomplete/" log_packets_title = location_prefix + device + "_log_" + date + ".txt" # Turn on/off prints verbose = True # Turn on/off adb logs adb_logging = False # Creat socket tcsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) tcsock.settimeout(2)
from adb import ADB from model.task_anotations import * from model.task_model import TaskInfo, Author GITHUB_REPO_URL = "https://github.com/ilihydrogen/Python-ADB-Utils" created_by = "iiihydrogen" version = "1.0" adbx = ADB() @entry def run_app(adb, cfg): adbx = adb pass @module_summary def summary(): return TaskInfo("test", Author(nickname=created_by), version, GITHUB_REPO_URL)
def start_analysis(list_apps: list, timeout_privacy: int, max_actions: int, type: str, emulator_name: str): logger.info("Start Analysis of {} apps".format(len(list_apps))) start = time.time() stats = Statistic(type) if type == "random": type = start_appium_node(type) logger.info("Upload model p3 detector") # upload model pdetector = PredictionModel() logger.info("P3detector model uploaded") # start analysis count = 0 tentative = 0 num_log = len(glob.glob(os.path.join(os.getcwd(), "logs", "log_analysis_*"))) log_analysis_file = os.path.join(os.getcwd(), "logs", "log_analysis_{}.json".format(num_log + 1)) log_permission_file = os.path.join(os.getcwd(), "logs", "permissions_stats_{}.json".format(num_log + 1)) log_trackers_file = os.path.join(os.getcwd(), "logs", "tracker_stats_{}.json".format(num_log + 1)) while count < len(list_apps): app = list_apps[count] dict_analysis_app = {} md5_app = md5(app) dir_result = os.path.join(os.getcwd(), "logs", md5_app) if not os.path.exists(dir_result): os.makedirs(dir_result) try: dict_analysis_app["md5"] = md5_app apk_object = APK(app) dict_analysis_app["package_name"] = apk_object.get_package() if not check_app_already_analyzed_md5(md5_app) or tentative > 0: logger.info("3PDroid start Analysis {}".format(app)) write_package_name_and_md5(apk_object.get_package(), md5_app, os.path.join(os.getcwd(), "logs", "package_md5.txt")) # start emulator r_start_emulator = requests.get("{}/start/{}".format(LOCAL_URL_EMULATOR, emulator_name)) # if the emulator star ok if r_start_emulator.status_code == 200: # get trackers libraries and list permissions logger.info("Start emulator ok") logger.info("Get application information") app_trackers, app_permissions_list, api_to_monitoring_trackers, application, dict_analysis_app = app_analyzer. \ analyze_apk_androguard(app, md5_app, dict_analysis_app) # get permissions privacy relevant logger.info("Package name {}".format(application.get_package())) dict_analysis_app["package_name"] = application.get_package() logger.info("MD5 {}".format(md5_app)) logger.info("Get permission-api mapping") permissions_api_mapping = app_analyzer.get_api_related_to_permission_privacy_relevant() logger.info("Creation list api to be monitored during dynamic analysis") list_api_to_monitoring = app_analyzer.create_list_api_to_monitoring_from_file( permissions_api_mapping, app_permissions_list, app_trackers) # if API == 0 --> app is cleaned if len(list_api_to_monitoring) == 0: logger.info("Application does not need privacy policy page, " "close the emulator and " "pass to the next application") # write on file file_name = md5_app dir_result = os.path.join(os.getcwd(), "logs", file_name) dict_analysis_app["dynamic_analysis_needed"] = False with open(os.path.join(dir_result, "{}.json".format(file_name)), "w") as json_file: json.dump(dict_analysis_app, json_file, indent=4) count += 1 r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) # UPDATE STATS logger.info("Update stats") stats.update_stats_permission(app_permissions_list) stats.update_stats_trackers(app_trackers) stats.add_app_cleaned() # STORE INFORMATION logger.info(stats.stats_trackers) logger.info(stats.stats_permission) # write on file stats.write_on_file(log_analysis_file, count) stats.write_stats_permissions(log_permission_file) stats.write_stats_trackers(log_trackers_file) shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) continue # APP should be analyzed in a dynamic way logger.info("Number of APIs to monitoring: {}".format(len(list_api_to_monitoring))) file_name = md5_app dir_result = os.path.join(os.getcwd(), "logs", file_name) dict_analysis_app["api_to_monitoring_all"] = len(list_api_to_monitoring) with open(os.path.join(dir_result, "{}.json".format(file_name)), "w") as json_file: json.dump(dict_analysis_app, json_file, indent=4) # disable verify installer and set correct time time.sleep(5) logger.info("Set correct time on emulator") adb = ADB() adb.kill_server() adb.connect() time.sleep(2) try: command_settings_verify = ["settings put global verifier_verify_adb_installs 0"] adb.shell(command_settings_verify) date_command = ['su 0 date {0}; am broadcast -a android.intent.action.TIME_SET'. format(time.strftime('%m%d%H%M%Y.%S'))] adb.shell(date_command) except Exception as e: logger.error("Exception as e {}, restart and re-connect to emulator".format(e)) adb.kill_server() adb.connect() command_settings_verify = ["settings put global verifier_verify_adb_installs 0"] adb.shell(command_settings_verify) date_command = ['su 0 date {0}; am broadcast -a android.intent.action.TIME_SET'. format(time.strftime('%m%d%H%M%Y.%S'))] adb.shell(date_command) dir_hook_file = os.path.join(os.getcwd(), "hook", md5_app) logger.info("Creation hook dir frida") if not os.path.exists(dir_hook_file): os.makedirs(dir_hook_file) hook_is_created = app_analyzer.create_api_list_frida(list_api_to_monitoring, os.path.join(dir_hook_file, "frida_api.txt")) frida_monitoring.push_and_start_frida_server(adb) frida_monitoring.set_file_log_frida(os.path.join(os.getcwd(), "logs", md5_app, "monitoring_api_{}.json".format(md5_app))) frida_monitoring.clean_list_json_api_invoked() signal.signal(signal.SIGALRM, handler_timeout) signal.alarm(MAX_TIME_ANALYSIS) result_app, dict_analysis_app = dynamic_testing_environment.start_analysis(type_analysis=type, app=app, max_actions=max_actions, timeout_privacy=timeout_privacy, pdetector=pdetector, md5_app=md5_app, frida_monitoring=frida_monitoring, dict_analysis_app=dict_analysis_app) # END DYNAMIC ANALYSIS NOW STORE DATA result_directory = os.path.join(os.getcwd(), "logs", md5_app) if not os.path.exists(result_directory): os.makedirs(result_directory) logger.info("Analysis api invoked during dynamic analysis") # Get API Invoked list_json_api_invoked = frida_monitoring.get_list_api_invoked() # set_list_json_api_invoked = list(set(list_json_api_invoked)) logger.info("Api invoked during dynamic analysis {}".format(len(list_json_api_invoked))) # store on json file the api invoked if len(list_json_api_invoked) > 0: file_log_frida = frida_monitoring.get_file_log_frida() with open(file_log_frida, "w") as outfile_api: json.dump(list_json_api_invoked, outfile_api, indent=4) # Action not needed # DETECT IF THE APP IS COMPLIANT OR NOT WITH GOOGLE PLAY STORE app_is_compliant = result_app.detected and not (result_app.back_button_change_page or result_app.home_button_change_page or len(list_json_api_invoked) > 0 ) dict_analysis_app["api_invoked_during_dynamic_analysis"] = len(list_json_api_invoked) if app_is_compliant: stats.add_app_compliant() else: stats.add_app_not_compliant() dict_analysis_app["app_is_compliant_with_google_play_store"] = app_is_compliant dict_analysis_app["app_analyzed"] = True dict_analysis_app["num_tentative"] = tentative + 1 write_json_file_log(md5_app, dict_analysis_app) stats.add_api_privacy_relevant_invoked(len(list_json_api_invoked)) # r_reset_emulator = requests.get("{}/reset/{}".format(LOCAL_URL_EMULATOR, emulator_name)) r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) # UPDATE stats analysis logger.info("Update stats") stats.list_max_actions.append(result_app.max_actions) stats.update_value_dynamic_analysis(result_app) stats.update_stats_permission(app_permissions_list) stats.update_stats_trackers(app_trackers) # debug logger.info(stats.stats_trackers) logger.info(stats.stats_permission) # write on file count += 1 tentative = 0 stats.write_on_file(log_analysis_file, count) stats.write_stats_permissions(log_permission_file) stats.write_stats_trackers(log_trackers_file) logger.info("End update stats") logger.info("3PDroid end analysis") str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) else: tentative += 1 if tentative < MAX_TENTATIVE: logger.error("Unable to start emulator, try again this app") str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) else: tentative = 0 count += 1 r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) stats.add_app_not_analyzed() dict_analysis_app["app_analyzed"] = False write_json_file_log(md5_app, dict_analysis_app) logger.error("Unable to start emulator, pass to next app") str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) else: logger.info("App already analyzed, pass to next app") shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) count += 1 except MyTimeoutExcpetion as e: tentative += 1 if tentative < MAX_TENTATIVE: logger.error("Exception stop emulator, Exception: {}".format(e)) str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) else: tentative = 0 count += 1 r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) stats.add_app_not_analyzed() logger.error("Exception stop emulator pass to next apps, Exception: {}".format(e)) dict_analysis_app["app_analyzed"] = False write_json_file_log(md5_app, dict_analysis_app) str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) except Exception as e: tentative += 1 if tentative < MAX_TENTATIVE: logger.error("Exception stop emulator, Exception: {}".format(e)) str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) else: tentative = 0 count += 1 r_stop_emulator = requests.get("{}/stop/{}".format(LOCAL_URL_EMULATOR, emulator_name)) stats.add_app_not_analyzed() logger.error("Exception stop emulator pass to next apps, Exception: {}".format(e)) dict_analysis_app["app_analyzed"] = False write_json_file_log(md5_app, dict_analysis_app) str_end_file = "*" * 20 logger.info("{}\n\n".format(str_end_file)) shutil.move(app, os.path.join(os.getcwd(), "apps_analyzed")) end = time.time() logger.info("\n\n") logger.info("Execution time: {}, mean: {}".format(end - start, (end - start) / count))
def shell_adb(cmd, adb=ADB()): v("execute shell command: %s" % cmd) remote = adb.shell_command(cmd) return remote[0] if remote and len(remote) > 0 else -1
def connect_adb(wireless_address, adb=ADB()): v("Trying to connect to %s " % wireless_address) remote = adb.connect_remote(wireless_address) return remote[0] if remote and len(remote) > 0 else -1
def __init__(self): #self.ADB = ADB(device_Name='127.0.0.1:62001',screen_Size=(720,1280)) #夜神 self.ADB = ADB(device_Name='emulator-5554', screen_Size=(560, 960))