pjlantz / droidbox Goto Github PK

Hi,

Do you plan to update droidbox for higher SDK level ?

Regards

Hi!
I have used DroidBox, it was ok! DroidBox used android 4.1.2 API 16, now I want to update to android 5.1.1 API 22, but cant find file ramdisk.img and systme.img to root this version andorid 5.1.1. So,I have way to resuilt this my problem?
Thanks!

I left this issue on honeynet/droidbot project honeynet/droidbot#64
However, it seems to be more an issue of DroidBox than droidbot.

Hello everyone i am working on this tool for my presentation in class, i have done all the part as stated in the guide till the ./startemu.sh pixel.

Now after opening the emulator, i am trying to run ./droidbox.sh test.apk 60
Note test.apk is apk file which i renamed it.
All it is saying.

import error: No module named pylab, error on line 41.

I am very confused kindly help me.

I have test Droidbox on some ICC(inter component communication) leakage example and found that Droidbox cannot detect ICC dataleak with Inter-app communication.

What matters it might be?

Nothing Happens in droidbox Terminal or in Emulator What may be the issue ?
When i try to start emulator from startemu.sh its showing that its starting amulator which is in power off mode which i cant power On and also a statement in terminal saying that " Encryption is OFF"

Hiiiiiii,
I run droidbox in windows 7 but I use bash to write commands .
When I write : ./startemu.sh DroidBox
the emulator runs but when I write : ./droidbox.sh app.apk 100

The next error appear : Traceback (most recent call last):
File "scripts/droidbox.py", line 28, in
import sys, json, time, curses, signal, os, inspect
File "C:\Python27\lib\curses__init__.py", line 15, in
from _curses import *
ImportError: No module named _curses
what that mean I installed python 2.7.11 version
can you help me please in details

Traceback (most recent call last):
File "./apimonitor.py", line 55, in
a = apk.APK(args.filename)
File "/home/pro/Downloads/droidbox-master/APIMonitor/androguard/core/bytecodes/apk.py", line 185, in init
self.get_files_types()
File "/home/pro/Downloads/droidbox-master/APIMonitor/androguard/core/bytecodes/apk.py", line 277, in get_files_types
m = magic.Magic(magic_file=self.magic_file)
TypeError: init() got an unexpected keyword argument 'magic_file'

Are new Updates planned for the future or is this an outdated software?

Is there any way to run droidbox on Windows?

Hi, I tried to use the droidbox to analysis apk, and according to the readme, I did the pre-installation, when I used the "./startmu.sh /_/Nexus_6_API_21" , this is the avd name and in the upper directory there is the .ini file, but there was the error:"HOME is defined out but could not find //.jni file in *_*"
I googled but didn't find proper solutions. Could anyone help me? Thanks!

Hello,

I am trying to run Droidbox 4.1.1 .
I followed the steps that included recompiling Android source code with the patches. Everything is completed with success and I can launch the emulator.

After this I am trying to launch droidbox with

$bash droidbox.sh app.apk
or
$python droidbox.py app.apk [some seconds]
In both cases I can see that the program manages to 'attach' to the emulator in the sense that if I terminate it also droidbox analysis ends.

Despite this, droidbox looks like it hangs at the start of the main activity.

All I can see is the shell art and one line

---

/\ \ __ /\ \/\ _
\ \ /\ \ _ __ ___ /_\ _\ \ \ \L\ \ ___ __ _
\ \ \ \ /`'\ \/\ \ /'_ \ \ _ <' / `/\ /'
\ \ _\ \ \ /\ \L\ \ \ /\ \L\ \ \ \L\ \ \L\ /> </
\ _/\ _\ _/\ _\ ___,\ _/ _//_/_
// //// ///,_ /// /_/ ////
Starting the activity com.xxxxxxxxx.xxxx.MainActivity...

I let it run but nothing happens eventually.

Am I doing something wrong, are there some bits I am missing?

I tested DroidBox4.1.1 with simple apps.

I found that some of the DroidBox logs are not related to the target app but still counted as sensitive behaviors of the app. For example, the following log message:

05-28 03:50:04.743   150   164 W DroidBox: DroidBox: { "FileRW": { "operation": "read", "data": "636f6d2e676e6f6d2e616e746f6e3a7a707274000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000676e6f6d2e616e746f6e2e53686f72740076697479330000", "id": "1981810222" } }

is produced by system_server instead of target app according to the output of adb shell ps -t command:

USER     PID   PPID  VSIZE  RSS     WCHAN    PC         NAME
system    150   37    288764 59420 ffffffff 40032b64 S system_server

To remove these false positive logs, I rewrote the droidbox.py script and put it in my DroidBot project. The method I used for connecting log message to process is continuously calling ps command and maintaining a pid-to-process mapping.

If you find it interesting, please let me know. I can help you improve the scripts.

I am using Ubuntu 16.04.4.
I am currently in the directory /home/user1/droidbox-master/external.
And my Android Virtual Device is running on the background through Android Studio.
So, when I run the command ./droidbox.sh <apk name> on the terminal in the above mentioned directory.
I am getting the error
~/droidbox-master/external$ ./droidbox.sh $HOME/Downloads/apkfile
python: can't open file 'scripts/droidbox.py': [Errno 2] No such file or directory

Hi,

Nice work! Thank you for sharing! I tried to analyze some applications with native code included. However, all of them crashed on the device with the following logs. And I tried to verify them against both a physical device and emulator without system modification; they did not crash.

Thanks

java.lang.ExceptionInInitializerError
E/AndroidRuntime( 1248): at com.bangcle.protect.Util.CopyBinaryFile(Util.java:558)
E/AndroidRuntime( 1248): at com.bangcle.protect.Util.runAll(Util.java:751)
E/AndroidRuntime( 1248): at cow.draw.animaltattoo.tools.MApplication.onCreate(ApplicationTemplate.java:50)
E/AndroidRuntime( 1248): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:999)
E/AndroidRuntime( 1248): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4151)
E/AndroidRuntime( 1248): at android.app.ActivityThread.access$1300(ActivityThread.java:130)
E/AndroidRuntime( 1248): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1255)
E/AndroidRuntime( 1248): at android.os.Handler.dispatchMessage(Handler.java:99)
E/AndroidRuntime( 1248): at android.os.Looper.loop(Looper.java:137)
E/AndroidRuntime( 1248): at android.app.ActivityThread.main(ActivityThread.java:4745)
E/AndroidRuntime( 1248): at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime( 1248): at java.lang.reflect.Method.invoke(Method.java:511)
E/AndroidRuntime( 1248): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
E/AndroidRuntime( 1248): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
E/AndroidRuntime( 1248): at dalvik.system.NativeStart.main(Native Method)
E/AndroidRuntime( 1248): Caused by: java.lang.UnsatisfiedLinkError: unknown failure
E/AndroidRuntime( 1248): at java.lang.Runtime.loadLibrary(Runtime.java:370)
E/AndroidRuntime( 1248): at java.lang.System.loadLibrary(System.java:535)
E/AndroidRuntime( 1248): at com.bangcle.protect.ACall.(ACall.java:30)
E/AndroidRuntime( 1248): ... 15 more

I tried to start an emulator(Pixel XL, Android Q, named 'PixelAVD') with ./startemu.sh PixelAVD.But I was greeted by an error:-

emulator: ERROR: no init encryptionkey.img
emulator: ERROR: Encryption is requested but failed to create encrypt partition.

How do I proceed? Is this because of the Android Version?

@floort

Hi all,
I want to perform automatic android dynamic malware analysis
I prepared a setup with droidbox where continuously an emulator is launched and an apk installed and run for 50s.

SETUP
Do you have similar setups?
How long do you perform analysis, is 50s enough, any data on optimal run time?

PATTERNS
Do you have yara-rules/patterns to identify malware activity or what is your strategy?
What is your approach to finding new rules? Manually, ML, other? What features are you looking at?

EMULATOR
I have multiple apks that fail to run or the emulator restarts, any ideas?
Following the instructions, I am using arm, Nexus4 android jelly, any problem in using a different AVD?

Sorry for such a big list of questions and thanks in advance.
Chrs,
Joao

I was wondering how long does it take for APIMonitor to repack an apk please? The process seems to be frozen at accessing database step as shown below:

wenhui@wenhui:~/Downloads/droidbox/APIMonitor$ sudo ./apimonitor.py ../../VirtualWallet.apk  -o ../../out/
min_sdk_version=16
target_sdk_version=22
Parsing ../../out/apimonitor_out/origin_smali...
Done!
Loading and processing API database...```

There are some *smali files in the output folder though when Done! shows up

yet it seems like the apk file is still unprocessed, as the time stamp does not change

I used both master and taintdriod branch, both of them are introducing the same result

When I try to run
$ ./droidbox.sh some.apk

I get the error

  File "scripts/droidbox.py", line 111
    sys.stdout.flush()
                     ^
TabError: inconsistent use of tabs and spaces in indentation

There are indeed a few stray tabs in scripts/droidbox.py.

Edit: I'm on Python 3.5.1, which explains why I'm having issues.

I have saved the AVD file in droidbox-master/external/ and when I am running thr command ./startemu.sh

~/droidbox-master/external$ ./startemu.sh Nexus_5_API_25
./startemu.sh: line 3: emulator: command not found

My python version is 2.7.6. When I start droidbox with the command: ./droidbox apkfile. It went wrong with the error message:
Traceback (most recent call last):
File "scripts/droidbox.py", line 520, in
main(sys.argv)
File "scripts/droidbox.py", line 322, in main
ret = call(['monkeyrunner', 'monkeyrunner.py', apkName, packageName, mainActivity], stderr=PIPE, cwd=os.path.dirname(os.path.realpath(file)))
File "/usr/lib/python2.7/subprocess.py", line 522, in call
return Popen(_popenargs, *_kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 710, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

The error comes from L315(script/droidbox.py).
https://github.com/pjlantz/droidbox/blob/master/droidbox4.1.1/scripts/droidbox.py#L315

I fix the problem by add shell.call(shell=True).

http://stackoverflow.com/questions/18962785/oserror-errno-2-no-such-file-or-directory-while-using-python-subprocess-in-dj

I tried to launch emulator using ./startemu.sh AVDNAME. But it takes infinite long time to launch. It shows a black screen in emulator. I have attached the screen shot. Please help me in this case

-Djava.ext.dirs=/home/hp-sec/Android/Sdk/tools/lib:/home/hp-sec/Android/Sdk/tools/lib/x86_64 is not supported. Use -classpath instead.
Failed to execute the application

The Android simulator is always black when I run ./startemu.sh.
So I run emulator @avd_name to turn on a simulator.
Then I run ./droidbox.sh xx.apk 100.
I try several apks, but some outputs always empty, like sendsms, cryptousage, sendnet and so on. Only I can see are apkName, enfperm, hashes and recvsaction. How can I see other outputs? Thank you very much.

When executing the command ./droidbox.sh <apk_file_name> I am getting the following error. Could you please tell me what is wrong and how I can correct it?

Traceback (most recent call last):
File "scripts/droidbox.py", line 516, in
main(sys.argv)
File "scripts/droidbox.py", line 318, in main
ret = call(['monkeyrunner', 'monkeyrunner.py', apkName, packageName, mainActivity], stderr=PIPE, cwd=os.path.dirname(os.path.realpath(file)))
File "/usr/lib/python2.7/subprocess.py", line 523, in call
return Popen(*popenargs, **kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 711, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

Thank you !

I ran :
./startemu.sh android_4.1.2_droidbox

and I received the following error about the system image:
emulator: ERROR: System image file doesn't exist: images/system.img

Is this an error in the Droidbox startemu.sh script:

#!/usr/bin/env bash
emulator -avd $1 -system images/system.img -ramdisk images/ramdisk.img -prop dalvik.vm.execution-mode=int:portable &

when I write:
sh startemu.sh Nexus_6_API_21_4
the emulator startes with black screen

Tried apps like hike, byjus and khan academy from playstore. Repackaged apk is generated but this new apk gives error while running on emulator. Error: Unfortunately app stopped working.
I am running this script in APIMonitor to automate repackaging, installing and collecting logs.
PS: This works for toy apps.
#!/bin/bash
if [ -z "$1" ]
then
echo "./run.sh apk-path"
exit 1
fi
#getting package name from manifest file
pac_name=$(java -jar APKParser.jar $1|grep -o "package[[:space:]]"='[[:space:]][^ ]+'|cut -d "=" -f2|sed -e 's/[[:space:]]//'|sed 's/.///g'|sed 's/"/L/'|sed 's/"//')
#echo $1 $pac_name
./apimonitor.py $1 $pac_name
dir=$(dirname "$1")
f=$(basename "$1")
f_name="${f%.}"
echo "directory"$dir
echo "file"$f
echo "f_name"$f_name
echo "Installing Modifying apk"
echo $dir"/"$f_name"_name.apk"
adb install -r $dir"/"$f_name"_new.apk"
echo "apk installed"
adb logcat -c
echo "collecting log >logs/"$f_name".log"
adb logcat -s DroidBox>"logs/"$f_name".log"