isecpartners / introspy-android Goto Github PK
View Code? Open in Web Editor NEWSecurity profiling for blackbox Android
Home Page: http://isecpartners.github.io/Introspy-Android/
License: GNU General Public License v2.0
Security profiling for blackbox Android
Home Page: http://isecpartners.github.io/Introspy-Android/
License: GNU General Public License v2.0
Hello,
Using Introspy-Android, we can get package-name, class-name, method-name, etc.
Is it possible to get application name also in log?
there'nothing to output...
i hava installed all requried app.
Introspy is not requesting root when I select the application. It used to with an old install.
I have burned an entire day trying to get it working with no success.
The devices are Genymotion Nexus 4 - 4.1.1 and 4.2.2
Devices are both rooted
I have tried the unaltered apk versions
I have tried recompiling the application with added permissions as some stack-exchange threads have suggested and also added ACCESS_SUPERUSER but it still won't create an introspy.config or database file.
If I manually create an introspy.config file and get logcat telling me Unknown id:GENERAL after it tries to echo GENERAL CRYPTO to the config file.
I have had this working in the past. I only added the Superuser permissions after it would not work any other way, as a last resort.
Logcat output when I select the app to spy:
D/dalvikvm( 645): GC_CONCURRENT freed 395K, 5% free 9060K/9492K, paused 2ms+1ms, total 9ms
I/IntrospyGUI( 1569): su -c echo 'GENERAL CRYPTO,KEY,HASH,FS,IPC,PREF,URI,SSL,WEBVIEW,CUSTOM HOOKS,SQLite (NO DB)' > /data/data//introspy.config ; su -c chmod 664 /data/data/.debug/introspy.config ;
W/genymotion_audio( 124): out_write() limiting sleep time 44149 to 23219
W/genymotion_audio( 124): out_write() limiting sleep time 45759 to 23219
W/genymotion_audio( 124): out_write() limiting sleep time 37369 to 23219
W/genymotion_audio( 124): out_write() limiting sleep time 28979 to 23219
I/CydiaSubstrate( 1921): MS:Notice: Injecting: /system/bin/toolbox
D/su ( 1921): su invoked.
W/genymotion_audio( 124): out_write() limiting sleep time 31178 to 23219
I/CydiaSubstrate( 1922): MS:Notice: Injecting: /system/bin/toolbox
E/su ( 1922): Unknown id: 'GENERAL
E/su ( 1922):
W/genymotion_audio( 124): out_write() limiting sleep time 30204 to 23219
Any help is greatly appreciated
W/IntrospyError(): --> Error with DB: java.lang.NullPointerException
The databases is not being written in any application. Tried with both jellybean and kitkat variants of android with no success. Still do have value from the logcat output.
Using Introspy-Android, How can I get Permissions related to that API call?
new HookConfig(true, // set to true to enable the hook
"java.lang.StringBuilder", "append", new Class<?>[]{java.lang.String.class},
// class, method name, arguments
new StringBuilderHook(),
// instance of the implementation extending IntroHook (here in HookExampleInpl.java)
"StringBuilder Hook"),
I tried to hook the ``append'' method of StringBuilder, but the app crashed after hooking.
In addition, after hooking, the device cannot launch after rebooting. I also tried to hook the "equals"
method of "java.lang.String", it worked fine. So please check the StringBuilder class hooking.
Is that even possible?
I am using Android 4.3 Galaxy S3. I have already rooted the device and performed the actions as mentioned in the userguide for introspy. I am not able to find the introspy.db file and introspy.config file even after following the below instructions.
"I know this was asked a long time ago but in case anyone else who searches needs an answer:
I also had this problem when running Introspy on a Galaxy S4 running KitKat (4.4.2). I have ran Introspy with zero problems on a Nexus S running JellyBean (4.2.1). Because of this I believe it is an Android SDK problem with newer versions.
If you look at the AndroidManifest file for Introspy-Android Core, the targetSdkVersion is 18, which denotes Jellybean. I looked at logcat files and found that I was getting the error:
Permission Denial: get/set setting for user asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL
I simply added this permission to the Android Core AndroidManifest.xml file as well as the Android Config AndroidManifest.xml with the command:
Am i missing something?
Can someone please help me to resolve this issue?
Thanks in advance!
Hey guys, there are some applications that are not getting by the plugin, I've tried to change this line but it didn't work. Any idea?
Thanks,
I really like this tool, I recommend adding a feature to send plaintext data https print out, I wanted to achieve this function myself, but I did not find a suitable API to Hook it. I hope you can join this function or give me some tips. Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.