def __init__(self, apk_path, adb_path, aapt_path, is_emulator=False):
self.apk_path = apk_path
self.adb_path = adb_path
self.aapt_path = aapt_path
self.adb_wrapper = ADB(adb_path)
self.apk_manager = Apk_manager(self.adb_wrapper, self.adb_path,
self.apk_path, self.aapt_path)
# self.is_emulator = True if is_emulator else self.is_target_emulator()
self.adb_server_process = None
def __init__(self):
"""Init adb and command.
export CLASSPATH=/data/local/od.zip;
app_process /system/bin org.cf.oracle.Driver
@/data/local/od-targets.json;
"""
self.cmd_dss_start = ['am', 'startservice',
'me.mikusjelly.dss/.DSService']
self.cmd_dss_stop = ['am', 'force-stop', 'me.mikusjelly.dss']
self.cmd_dss = ['am', 'broadcast', '-a', 'dss.start']
self.cmd_get_finish = ['cat', '/data/local/dss_data/finish']
self.cmd_set_finish = ['echo', 'No', '>',
'/data/local/dss_data/finish']
self.cmd_set_new = ['echo', 'Yes', '>', '/data/local/dss_data/new']
self.adb = ADB()
self.adb.run_shell_cmd(self.cmd_set_new)
def __init__(self):
"""Init adb and command.
"""
self.cmd_dss_start = ['am', 'startservice',
'me.mikusjelly.dss/.DSService']
self.cmd_dss_start_foreground = ['am', ' start-foreground-service',
'me.mikusjelly.dss/.DSService']
self.cmd_dss_stop = ['am', 'force-stop', 'me.mikusjelly.dss']
self.cmd_dss = ['am', 'broadcast', '-a', 'dss.start']
self.cmd_get_finish = ['cat', '/sdcard/dss_data/finish']
self.cmd_set_finish = ['echo', 'No', '>',
'/sdcard/dss_data/finish']
self.cmd_set_new = ['echo', 'Yes', '>', '/sdcard/dss_data/new']
self.get_sdk_int = ['getprop', 'ro.build.version.sdk']
self.adb = ADB()
self.sdk_int = self.adb.run_shell_cmd(self.get_sdk_int)
self.sdk_int = self.sdk_int.decode(encoding='utf-8').strip()
self.sdk_int = int(self.sdk_int)
self.adb.run_shell_cmd(self.cmd_set_new)
class Android_native_debug(object):
def __init__(self, apk_path, adb_path, aapt_path, is_emulator=False):
self.apk_path = apk_path
self.adb_path = adb_path
self.aapt_path = aapt_path
self.adb_wrapper = ADB(adb_path)
self.apk_manager = Apk_manager(self.adb_wrapper, self.adb_path,
self.apk_path, self.aapt_path)
# self.is_emulator = True if is_emulator else self.is_target_emulator()
self.adb_server_process = None
def __build_command__(self, cmd):
ret = self.adb_path + ' ' + cmd
if sys.platform.startswith('win'):
return ret
else:
ret = ret.split()
return ret
def install_apk(self):
self.apk_manager.install_apk()
def is_androidServer_exist(self):
base_cmd = 'ls -l /data/local/tmp'
ret = self.adb_wrapper.run_shell_cmd(base_cmd)
if 'android_server' in ret.decode():
print('[+] android_server is existed')
return True
return False
def exec_android_server(self):
if not self.is_androidServer_exist():
print('android_server is not existed!')
print(
'Please push android_server to /data/local/tmp/android_server')
return
self.adb_forward()
print('[+] exec the android_server.')
print(
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++'
)
# The self.run_shell_cmd call adb.shell_command function which using subprocess.popen().communicate() to exec shell cmd.
# But if the target cmd occur a block, such as this case :),
# then we could not continue running other cmds.
# To avoid this situation, I use subprocess.popen and manually read the
# stdout instead of using subprocess.popen(..).communicate()
shell_cmd = '/data/local/tmp/android_server'
print('--')
self.adb_wrapper.__build_command__(shell_cmd)
# self.adb_wrapper.run_shell_cmd(shell_cmd)
# print('???')
# print(self.adb_wrapper.get_output())
cmd = self.__build_command__(' shell ' + shell_cmd)
print(cmd)
adb_process = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
# if i use read() instead of readline, this function maybe block.
# I don't know why~
ret_line = adb_process.stdout.readline().decode()
print(('[+] ' + ret_line.strip('\n')))
print(
'[W] Now you maybe need to wait several seconds, please be patient......'
)
ret_line = adb_process.stdout.readline().decode()
print(('[+] ' + ret_line.strip('\n')))
if ret_line.find('bind') > -1:
print(' (Don\'t be worry, It is also working well )')
def adb_forward(self):
print('[+] Begin adb port forwarding......')
cmd = 'forward tcp:23946 tcp:23946 '
self.adb_wrapper.run_cmd(cmd)
def get_pid_by_name(self, process_name):
pid = ''
ret = self.adb_wrapper.run_shell_cmd('ps')
ret_list = ret.split('\n') # split by '\n'
for rl in ret_list:
if rl.find(process_name) > -1:
elements_list = rl.split(' ') # split by space
for i in range(1, len(elements_list), 1):
# The frist element must be 'root', so we find the send
# element which is not ''
if elements_list[i] != '':
pid = elements_list[i]
print(
('[+] the pid of %s is: %s' % (process_name, pid)))
break
if pid != '':
break
return pid
def kill_android_server(self):
print('[W] Kill the android_server......')
if self.adb_server_process is not None:
self.adb_server_process.terminate()
# first get the pid of android_server
pid = self.get_pid_by_name(' /data/local/tmp/android_server')
if pid != '':
base_cmd = 'kill -9 %s' % pid
self.adb_wrapper.run_shell_cmd(base_cmd)
def exec_apk_in_debugmode(self):
print('++++++++++++++++++++++++++++++++++++++++++++++++')
print(('[+] Begin launch \'%s\' in debug mode......' %
os.path.basename(self.apk_path)))
self.apk_manager.launch_apk()
print("[W]=== Have you attached successfully?(N or Enter):")
cmd = str(stdin.readline())
if cmd.find('N') > -1 or cmd.find('n') > -1:
print('[+] Attach failed, Please try again :)')
# kill android_server
self.kill_android_server()
exit(-3)
else:
print(
'[W]=== Now you can open the DDMS and get the jdwp port of target process......'
)
print('[W]=== Please input the jdwp port of target process: ')
# NOTE: must strip by '\n'! Or the port will be 'xxx\n'
port = str(stdin.readline()).strip('\n')
self.connect_process_by_jdb(port)
def connect_process_by_jdb(self, port):
jdb_cmd = 'jdb -connect com.sun.jdi.SocketAttach:port=%s,hostname=localhost' % port
print(('[+] Exec %s' % jdb_cmd))
os.system(jdb_cmd)
class Driver:
def __init__(self):
"""Init adb and command.
export CLASSPATH=/data/local/od.zip;
app_process /system/bin org.cf.oracle.Driver
@/data/local/od-targets.json;
"""
self.cmd_dss_start = [
'am', 'startservice', 'me.mikusjelly.dss/.DSService'
]
self.cmd_dss_stop = ['am', 'force-stop', 'me.mikusjelly.dss']
self.cmd_dss = ['am', 'broadcast', '-a', 'dss.start']
self.cmd_get_finish = ['cat', '/data/local/dss_data/finish']
self.cmd_set_finish = [
'echo', 'No', '>', '/data/local/dss_data/finish'
]
self.cmd_set_new = ['echo', 'Yes', '>', '/data/local/dss_data/new']
self.adb = ADB()
self.adb.run_shell_cmd(self.cmd_set_new)
def start_dss(self):
self.adb.run_shell_cmd(self.cmd_dss_start)
def stop_dss(self):
self.adb.run_shell_cmd(self.cmd_dss_stop)
def push_to_dss(self, apk_path):
self.adb.run_cmd(['push', apk_path, DSS_APK_PATH])
def decode(self, targets):
'''
推送解密配置到手机/模拟器,让DSS读取解密配置。
'''
self.adb.run_cmd(['push', targets, DSS_TARGETS_PATH])
self.adb.run_shell_cmd(self.cmd_set_finish)
self.adb.run_shell_cmd(self.cmd_dss)
self.start_dss()
import time
counter = 0
while 1:
time.sleep(3)
counter += 3
self.adb.run_shell_cmd(self.cmd_get_finish)
output = self.adb.get_output().decode('utf-8', errors='ignore')
if 'Yes' in output:
break
if counter > 120:
print("Time out")
self.stop_dss()
return
tempdir = tempfile.gettempdir()
output_path = os.path.join(tempdir, 'output.json')
self.adb.run_cmd(['pull', DSS_OUTPUT_PATH, output_path])
if not os.path.exists(output_path):
print('Could not pull the file {}'.format(output_path))
self.stop_dss()
return
with open(output_path, mode='r+', encoding='utf-8') as ofile:
size = len(ofile.read())
if not size:
self.adb.run_cmd(['pull', DSS_EXCEPTION_PATH, 'exception.txt'])
self.adb.run_shell_cmd(['rm', DSS_EXCEPTION_PATH])
else:
ofile.seek(0)
result = json.load(ofile)
if not get_value('DEBUG_MODE'):
self.adb.run_shell_cmd(['rm', DSS_OUTPUT_PATH])
self.adb.run_shell_cmd(['rm', DSS_TARGETS_PATH])
else:
self.adb.run_shell_cmd(['pull', DSS_TARGETS_PATH])
os.unlink(output_path)
self.stop_dss()
return result