This software is the outcome of our accademic research.
If you use this code, please cite our accademic paper as:
@inproceedings{Wen2021A,
title={App’s Auto-Login Function Security Testing via Android OS-Level Virtualization},
author={Wenna, Song and Jiang, Ming and Lin, Jiang and Han, Yan and Yi, Xiang and Yuan, Chen and Jianming, Fu and Guojun, Peng},
booktitle={Proceedings of 43rd International Conference on Software Engineering},
year={2021}
}
We now provide is the VPDroid source version of Android 6.0.
We develop a lightweight Android OS-level virtualization architecture, VPDroid, to assist apps’ account security testing. With VPDroid, security analysts are able to configure different device attributes according to a target phone’s profiles and then boot up a virtual phone (VP) environment that closely approximates the target device. To deceive the cloned apps into thinking the smartphone is not changed, VPDroid has to meet two requirements (RQ1 & RQ2):
-
RQ1: the VP always gets direct access to hardware devices; this design provides a close-to-native virtual environment with high performance.
-
RQ2: user-mode apps in the VP are imperceptible to the change of device; this requires our virtualization and device-attribute customization functions are invisible to user-mode apps running in the VP.
VPDroid is built on top of Cells, because its foreground VP design meets RQ1. However, Cells fails to meet RQ2: it is not designed to edit device attributes, and its user-level device virtualization modifies the VP’s application framework layer, which can be detected by VP’s apps. Besides, Cells’s kernel-level device virtualization to many hardware devices are not compatible with Android 6.0 and later versions any more. We improve Cells significantly to achieve our requirements on mainstream Android versions.
Our clone attack demo video (https://youtu.be/cs6LxbDGPXU) shows that VPDroid enables the attacker to bypass KakaoTalk’s device-consistency check, and the victim is unaware that her account has been compromised.
The grey boxes represent Cells's modules reused by VPDroid. The white boxes represent functional modules updated by VPDroid. For updated code implementation, please see the section of the code introduction below.
Since VPDroid is an os-level code with a vast amount of code, we will upload the part of the code that belongs to “NEW USER-LEVEL DEVICE VIRTUALIZATION,” some kernel virtualization, and “CUSTOMIZE THE VP’S DEVICE ATTRIBUTES.” The basic code included in the VPDroid is from the operation system source code of android that we have not modified; we will no longer upload it but will provide a download link.
We have created the VPDroid code as follows, which are based on the Android Open Source Project (AOSP) (https://android.googlesource.com/platform/manifest) and Cells (https://cells-source.cs.columbia.edu/ ).
cells/: VP manager daemons
cellsservice/: VP manager
switchsystem/: switch applications
Kernel_Kmsg/: Linux kernel message daemons
logcat/: logcat message daemons
angler/: 6p angler device config files (host & VP rc files)
core/adb/: adb mutex virtualization
core/init/: VP startup
drivers/base/core.c: drv namespace initialization
kernel/drv_namespace.c: drv namespace api
kernel/nsproxy.c: namespaces proxy
drivers/staging/android/binder.c: binder virtualization
drivers/staging/android/logger.c: logcat virtualization
drivers/staging/android/alarm-dev.c: alarm virtualization
drivers/input/evdev.c: input virtualization
kernel/power/wakelock.c: wakelock virtualization
av/: camera audio video media virtualization
native/libs/binder/: binder virtualization
native/services/surfaceflinger/: display virtualization
base/core/java/android/app/CellsPrivateServiceManager.java: cellsservice java service
build.VPDroid.prop/: custom configuration file for update customized environment
The Android source code is: android-6.0.1_r62
The ways to download source code: https://source.android.com/setup/develop/repo
VMWare Operating System: Ubuntu 20.04 LTS
JDK version:openJDK version 7
source build/envsetup.sh
lunch 17
make -j4
Linpack (v1.1) for CPU;
Quadrant advanced edition (v2.1.1) for 2D graphics and file I/O;
3DMark (v2.0.4646) for 3D graphics;
SunSpider (v1.0.2) for web browsing;
BusyBox wget (v1.21.1) for networking.
Target apps from Google Play store and Huawei/Xiaomi app markets in China.
The selection criteria are: 1) the app is among the top 300 apps in that market; 2) it has more than 1 million downloads. After that, we have to install each app on a real device to test whether it can work properly.