Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

[GSoC] Upgrade Android analysis components #2845

Open
wants to merge 128 commits into
base: master
Choose a base branch
from
Open

[GSoC] Upgrade Android analysis components #2845

wants to merge 128 commits into from

Conversation

muhzii
Copy link

@muhzii muhzii commented Aug 26, 2019
edited
Loading

Thanks for contributing! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html

What I have added/changed is:
The goal of my change is:
What I have tested about my change is:

There is a write-up/ summary about the work done in these upgrades: https://gist.github.com/muhzii/a65334123880d808f33dc01a24c0e5fa

muhzii added 30 commits June 23, 2019 16:38
Add script to prepare Android VMs for analysis.
b521dbe
remove some stuff
333f19d
Tweak configurations for Avd module
d98415e
Define paths for Android guests
6d012a8
Make the agent py2-3 compatible
f538599
Add agent runner script for Android guests
08e506b
Add support for NAT configurations
b2cb6d0
Upgrade avd module
e3fdee7
Upgrades for android analyzer
266df0a 
Adding integration for Frida and a bunch of analysis features for the analyzer..
Avd configurations fixes..
434280b
Tweaks for avd module
10d282f
Tweaks for Android analyzer
0b5d43b
Fix avd configuration test
9ec975f
More tweaks for avd module
67205c8
fix py docs
61fb0a0
relocate config file
4296584
Some fixes for the agent
0d7e218
add logs to RESULTS_UPLOADABLE
d193d07
modify upload path for android guest
26e7e2d
Fix init scripts
f4db1f5
Add memdmp binaries
5026475
add aux module for ui interaction
3239b58
fix screenshots
44f1f54
tweak handling for behavioral logs
d7e6418
add support for dumping process memory
2de95f8
fix config for java hooks
b020d2a
delete constants.py
1190ce0
tweaks/ fixes for frida's agent
eb30644
tweaks for apk package
5f98a6b
Add utility functions
90f7202
muhzii added 18 commits October 16, 2019 23:34
Wire spawn with the activity info
8e74bf5
relocate Frida's spawn logic to the apk package
7433f89 
for clarity
update dynamic API hooks
ac92c69
Bump cuckoo version to 2.1.0
7e9829a
Make the headless option in Avd machine-specific
c72bba8
run the stop procedure for Avd as root
335e9ba 
as we would normally need to query the authentication token which is created as user-read-only
so ideally, we need to issue the kill command using the root user to be able to read the token
Update avd tests
004df60
Add more helper functions for Android signatures
4dc2858
Pass a 'process' event when handling AndroidFileMonitor
a87c22a 
The current way of handling behavioral events is that one 'process' event needs to be sent before handling any other events.
In case of Android, we have more than one behaviral log with separate handlers. So the best way to remedy this is by
emitting a process event for each handler.. that way the other handlers can recognize the process
remove assertion for the headless option
053f3c6
Improve build script when checking-out. Also the bump the version of …
2737029 
…Frida to 12.7.11
Refactor the AndroidPackage static handler
a149f49
use 'session' scope in favor of 'module' scope with pytest fixtures
e174d81
Refactor and improve cuckoo's UI for Android results
2b8165c
remove unused import
1200a53
Fix migration tests
359c49a
Fix processing tests
3824dd6
Fix api calls in static analysis page
67981e4
This was referenced Dec 9, 2019
Open
Closed
@doomedraven doomedraven mentioned this pull request Jan 27, 2020
Closed
4 tasks
@nblog
Copy link

nblog commented Jun 9, 2020

@muhzii

after I build it, submit a sample analysis
the results obtained

analysis.log

2020-06-09 13:00:11,335 [lib.core.Frida] ERROR: ReferenceError: methodName is not defined
at patchMethodCall (/script1.js:697:15)
at /script1.js:862:48
at Array.forEach ()
at setupEnv (/script1.js:862:13)
at applyPreAppLoadingInstrumentation (/script1.js:608:5)
at /script1.js:970:17
at frida/node_modules/frida-java-bridge/index.js:170:1
at o.perform (frida/node_modules/frida-java-bridge/lib/vm.js:12:1)
at m.performNow (frida/node_modules/frida-java-bridge/index.js:164:1)
at Object.start (/script1.js:969:18)

https://github.com/muhzii/cuckoo/blob/master/cuckoo/data/analyzer/android/lib/core/agent.js#L697

I tried to change it to "klass[hookConfig.method].overloads[0].implementation = function () {"

Still error:
ERROR: TypeError: Cannot read property'overloads' of undefined

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@muhzii @coveralls @codecov-io @nblog