Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android: Add ability to enumerate dynamically registered broadcast receivers. #4

Merged
merged 4 commits into from
Jul 27, 2017
Merged

Android: Add ability to enumerate dynamically registered broadcast receivers. #4

merged 4 commits into from
Jul 27, 2017

Conversation

bernard-wagner
Copy link
Contributor

Description

Inspect application's heap to find all the Broadcast Receivers that have been registered at Runtime. Does not list receivers defined in AndroidManifest.xml

Test Application

package com.bw.receiverexample;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        BroadcastReceiver receiver = new BroadcastReceiver() {
            @Override
            public void onReceive(Context context, Intent intent) {
                Log.d("ReceiverExample","Received intent with action:" + intent.getAction());
            }
        };

        this.registerReceiver(receiver, new IntentFilter("pew.pew.pew"));
    }
}

Usage

     _     _         _   _
 ___| |_  |_|___ ___| |_|_|___ ___
| . | . | | | -_|  _|  _| | . |   |
|___|___|_| |___|___|_| |_|___|_|_|
        |___|(object)inject(ion) v0.1.1

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
Nexus 5X on (google: 7.1.2) [usb] # android hooking list receivers
com.bw.receiverexample.MainActivity$1

Found 1 classes

@leonjza
Copy link
Member

leonjza commented Jul 27, 2017

Woohoo thanks so much for a very neat PR! 🎉

Will test and merge later today.

@leonjza
Copy link
Member

leonjza commented Jul 27, 2017

Having a bit of a think about the command name, wouldn't having it as android hooking list runtime_receivers make more sense?

@bernard-wagner
Copy link
Contributor Author

Could probably go for something in that line. Will see if I can find a way to add the Receivers that are in the Manifest as well, then the current name will be more fitting.

@leonjza
Copy link
Member

leonjza commented Jul 27, 2017

Ah yeah totally. Could maybe achieve this with getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_RECEIVERS)

Ill have to setup a sample app to test, but maybe something like this can help.

Java.perform(function () {

    var ActivityThread = Java.use('android.app.ActivityThread');
    var currentApplication = ActivityThread.currentApplication();
    var context = currentApplication.getApplicationContext();

    var receivers = context.getPackageManager().getPackageInfo(context.getPackageName(), 0x00000002);
    console.log(JSON.stringify(receivers, null, 2));
});

@bernard-wagner
Copy link
Contributor Author

Haha. Was literally doing just that, messed up my local branches but should be a clean commit now.

@leonjza leonjza merged commit 1414473 into sensepost:master Jul 27, 2017
@leonjza
Copy link
Member

leonjza commented Jul 27, 2017

Thanks again! 🎉

@luke13456 luke13456 mentioned this pull request Jan 4, 2022
Closed
@sfz009900 sfz009900 mentioned this pull request Dec 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bernard-wagner @leonjza