pjlantz / droidbox Goto Github PK
View Code? Open in Web Editor NEWDynamic analysis of Android apps
Dynamic analysis of Android apps
Hi,
Do you plan to update droidbox for higher SDK level ?
Regards
Hi!
I have used DroidBox, it was ok! DroidBox used android 4.1.2 API 16, now I want to update to android 5.1.1 API 22, but cant find file ramdisk.img and systme.img to root this version andorid 5.1.1. So,I have way to resuilt this my problem?
Thanks!
I left this issue on honeynet/droidbot project honeynet/droidbot#64
However, it seems to be more an issue of DroidBox than droidbot.
Hello everyone i am working on this tool for my presentation in class, i have done all the part as stated in the guide till the ./startemu.sh pixel.
Now after opening the emulator, i am trying to run ./droidbox.sh test.apk 60
Note test.apk is apk file which i renamed it.
All it is saying.
import error: No module named pylab, error on line 41.
I am very confused kindly help me.
I have test Droidbox on some ICC(inter component communication) leakage example and found that Droidbox cannot detect ICC dataleak with Inter-app communication.
What matters it might be?
Hiiiiiii,
I run droidbox in windows 7 but I use bash to write commands .
When I write : ./startemu.sh DroidBox
the emulator runs but when I write : ./droidbox.sh app.apk 100
The next error appear : Traceback (most recent call last):
File "scripts/droidbox.py", line 28, in
import sys, json, time, curses, signal, os, inspect
File "C:\Python27\lib\curses__init__.py", line 15, in
from _curses import *
ImportError: No module named _curses
what that mean I installed python 2.7.11 version
can you help me please in details
Traceback (most recent call last):
File "./apimonitor.py", line 55, in
a = apk.APK(args.filename)
File "/home/pro/Downloads/droidbox-master/APIMonitor/androguard/core/bytecodes/apk.py", line 185, in init
self.get_files_types()
File "/home/pro/Downloads/droidbox-master/APIMonitor/androguard/core/bytecodes/apk.py", line 277, in get_files_types
m = magic.Magic(magic_file=self.magic_file)
TypeError: init() got an unexpected keyword argument 'magic_file'
Are new Updates planned for the future or is this an outdated software?
Is there any way to run droidbox on Windows?
Hi, I tried to use the droidbox to analysis apk, and according to the readme, I did the pre-installation, when I used the "./startmu.sh /_/Nexus_6_API_21" , this is the avd name and in the upper directory there is the .ini file, but there was the error:"HOME is defined out but could not find //.jni file in *_*"
I googled but didn't find proper solutions. Could anyone help me? Thanks!
Hello,
I am trying to run Droidbox 4.1.1 .
I followed the steps that included recompiling Android source code with the patches. Everything is completed with success and I can launch the emulator.
After this I am trying to launch droidbox with
$bash droidbox.sh app.apk
or
$python droidbox.py app.apk [some seconds]
In both cases I can see that the program manages to 'attach' to the emulator in the sense that if I terminate it also droidbox analysis ends.
Despite this, droidbox looks like it hangs at the start of the main activity.
All I can see is the shell art and one line
/\
\ __ /\ \/\ _
\ \ /\ \ _ __ ___ /_\ _\ \ \ \L\ \ ___ __ _
\ \ \ \ /`'\\/\ \ /'_
\ \ _ <' / `/\ /'
\ \ _\ \ \ /\ \L\ \ \ /\ \L\ \ \ \L\ \ \L\ /> </
\ _/\ _\ _/\ _\ ___,\ _/ _//_/_
// //// ///,_ /// /_/ ////
Starting the activity com.xxxxxxxxx.xxxx.MainActivity...
I let it run but nothing happens eventually.
Am I doing something wrong, are there some bits I am missing?
I tested DroidBox4.1.1 with simple apps.
I found that some of the DroidBox logs are not related to the target app but still counted as sensitive behaviors of the app. For example, the following log message:
05-28 03:50:04.743 150 164 W DroidBox: DroidBox: { "FileRW": { "operation": "read", "data": "636f6d2e676e6f6d2e616e746f6e3a7a707274000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000676e6f6d2e616e746f6e2e53686f72740076697479330000", "id": "1981810222" } }
is produced by system_server instead of target app according to the output of adb shell ps -t
command:
USER PID PPID VSIZE RSS WCHAN PC NAME
system 150 37 288764 59420 ffffffff 40032b64 S system_server
To remove these false positive logs, I rewrote the droidbox.py
script and put it in my DroidBot project. The method I used for connecting log message to process is continuously calling ps
command and maintaining a pid-to-process mapping.
If you find it interesting, please let me know. I can help you improve the scripts.
I am using Ubuntu 16.04.4.
I am currently in the directory /home/user1/droidbox-master/external.
And my Android Virtual Device is running on the background through Android Studio.
So, when I run the command ./droidbox.sh <apk name>
on the terminal in the above mentioned directory.
I am getting the error
~/droidbox-master/external$ ./droidbox.sh $HOME/Downloads/apkfile
python: can't open file 'scripts/droidbox.py': [Errno 2] No such file or directory
Hi,
Nice work! Thank you for sharing! I tried to analyze some applications with native code included. However, all of them crashed on the device with the following logs. And I tried to verify them against both a physical device and emulator without system modification; they did not crash.
Thanks
java.lang.ExceptionInInitializerError
E/AndroidRuntime( 1248): at com.bangcle.protect.Util.CopyBinaryFile(Util.java:558)
E/AndroidRuntime( 1248): at com.bangcle.protect.Util.runAll(Util.java:751)
E/AndroidRuntime( 1248): at cow.draw.animaltattoo.tools.MApplication.onCreate(ApplicationTemplate.java:50)
E/AndroidRuntime( 1248): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:999)
E/AndroidRuntime( 1248): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4151)
E/AndroidRuntime( 1248): at android.app.ActivityThread.access$1300(ActivityThread.java:130)
E/AndroidRuntime( 1248): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1255)
E/AndroidRuntime( 1248): at android.os.Handler.dispatchMessage(Handler.java:99)
E/AndroidRuntime( 1248): at android.os.Looper.loop(Looper.java:137)
E/AndroidRuntime( 1248): at android.app.ActivityThread.main(ActivityThread.java:4745)
E/AndroidRuntime( 1248): at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime( 1248): at java.lang.reflect.Method.invoke(Method.java:511)
E/AndroidRuntime( 1248): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
E/AndroidRuntime( 1248): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
E/AndroidRuntime( 1248): at dalvik.system.NativeStart.main(Native Method)
E/AndroidRuntime( 1248): Caused by: java.lang.UnsatisfiedLinkError: unknown failure
E/AndroidRuntime( 1248): at java.lang.Runtime.loadLibrary(Runtime.java:370)
E/AndroidRuntime( 1248): at java.lang.System.loadLibrary(System.java:535)
E/AndroidRuntime( 1248): at com.bangcle.protect.ACall.(ACall.java:30)
E/AndroidRuntime( 1248): ... 15 more
I tried to start an emulator(Pixel XL, Android Q, named 'PixelAVD') with ./startemu.sh PixelAVD
.But I was greeted by an error:-
emulator: ERROR: no init encryptionkey.img
emulator: ERROR: Encryption is requested but failed to create encrypt partition.
How do I proceed? Is this because of the Android Version?
Hi all,
I want to perform automatic android dynamic malware analysis
I prepared a setup with droidbox where continuously an emulator is launched and an apk installed and run for 50s.
SETUP
Do you have similar setups?
How long do you perform analysis, is 50s enough, any data on optimal run time?
PATTERNS
Do you have yara-rules/patterns to identify malware activity or what is your strategy?
What is your approach to finding new rules? Manually, ML, other? What features are you looking at?
EMULATOR
I have multiple apks that fail to run or the emulator restarts, any ideas?
Following the instructions, I am using arm, Nexus4 android jelly, any problem in using a different AVD?
Sorry for such a big list of questions and thanks in advance.
Chrs,
Joao
I was wondering how long does it take for APIMonitor to repack an apk please? The process seems to be frozen at accessing database step as shown below:
wenhui@wenhui:~/Downloads/droidbox/APIMonitor$ sudo ./apimonitor.py ../../VirtualWallet.apk -o ../../out/
min_sdk_version=16
target_sdk_version=22
Parsing ../../out/apimonitor_out/origin_smali...
Done!
Loading and processing API database...```
There are some *smali files in the output folder though when Done!
shows up
yet it seems like the apk file is still unprocessed, as the time stamp does not change
I used both master and taintdriod branch, both of them are introducing the same result
When I try to run
$ ./droidbox.sh some.apk
I get the error
File "scripts/droidbox.py", line 111
sys.stdout.flush()
^
TabError: inconsistent use of tabs and spaces in indentation
There are indeed a few stray tabs in scripts/droidbox.py.
Edit: I'm on Python 3.5.1, which explains why I'm having issues.
I have saved the AVD file in droidbox-master/external/ and when I am running thr command ./startemu.sh
~/droidbox-master/external$ ./startemu.sh Nexus_5_API_25
./startemu.sh: line 3: emulator: command not found
My python version is 2.7.6. When I start droidbox with the command: ./droidbox apkfile. It went wrong with the error message:
Traceback (most recent call last):
File "scripts/droidbox.py", line 520, in
main(sys.argv)
File "scripts/droidbox.py", line 322, in main
ret = call(['monkeyrunner', 'monkeyrunner.py', apkName, packageName, mainActivity], stderr=PIPE, cwd=os.path.dirname(os.path.realpath(file)))
File "/usr/lib/python2.7/subprocess.py", line 522, in call
return Popen(_popenargs, *_kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 710, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
The error comes from L315(script/droidbox.py).
https://github.com/pjlantz/droidbox/blob/master/droidbox4.1.1/scripts/droidbox.py#L315
I fix the problem by add shell.call(shell=True).
-Djava.ext.dirs=/home/hp-sec/Android/Sdk/tools/lib:/home/hp-sec/Android/Sdk/tools/lib/x86_64 is not supported. Use -classpath instead.
Failed to execute the application
The Android simulator is always black when I run ./startemu.sh.
So I run emulator @avd_name to turn on a simulator.
Then I run ./droidbox.sh xx.apk 100.
I try several apks, but some outputs always empty, like sendsms, cryptousage, sendnet and so on. Only I can see are apkName, enfperm, hashes and recvsaction. How can I see other outputs? Thank you very much.
When executing the command ./droidbox.sh <apk_file_name> I am getting the following error. Could you please tell me what is wrong and how I can correct it?
Traceback (most recent call last):
File "scripts/droidbox.py", line 516, in
main(sys.argv)
File "scripts/droidbox.py", line 318, in main
ret = call(['monkeyrunner', 'monkeyrunner.py', apkName, packageName, mainActivity], stderr=PIPE, cwd=os.path.dirname(os.path.realpath(file)))
File "/usr/lib/python2.7/subprocess.py", line 523, in call
return Popen(*popenargs, **kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 711, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
Thank you !
I ran :
./startemu.sh android_4.1.2_droidbox
and I received the following error about the system image:
emulator: ERROR: System image file doesn't exist: images/system.img
Is this an error in the Droidbox startemu.sh script:
#!/usr/bin/env bash
emulator -avd $1 -system images/system.img -ramdisk images/ramdisk.img -prop dalvik.vm.execution-mode=int:portable &
when I write:
sh startemu.sh Nexus_6_API_21_4
the emulator startes with black screen
Tried apps like hike, byjus and khan academy from playstore. Repackaged apk is generated but this new apk gives error while running on emulator. Error: Unfortunately app stopped working.
I am running this script in APIMonitor to automate repackaging, installing and collecting logs.
PS: This works for toy apps.
#!/bin/bash
if [ -z "$1" ]
then
echo "./run.sh apk-path"
exit 1
fi
#getting package name from manifest file
pac_name=$(java -jar APKParser.jar $1|grep -o "package[[:space:]]"='[[:space:]][^ ]+'|cut -d "=" -f2|sed -e 's/[[:space:]]//'|sed 's/.///g'|sed 's/"/L/'|sed 's/"//')
#echo $1 $pac_name
./apimonitor.py $1 $pac_name
dir=$(dirname "$1")
f=$(basename "$1")
f_name="${f%.}"
echo "directory"$dir
echo "file"$f
echo "f_name"$f_name
echo "Installing Modifying apk"
echo $dir"/"$f_name"_name.apk"
adb install -r $dir"/"$f_name"_new.apk"
echo "apk installed"
adb logcat -c
echo "collecting log >logs/"$f_name".log"
adb logcat -s DroidBox>"logs/"$f_name".log"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.