search

1ultimat3 / BadIntent

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
BSD 3-Clause "New" or "Revised" License
322 stars 62 forks source link

Can't get any Intent message #2

Open jinyu00 opened 6 years ago

jinyu00 commented 6 years ago

I try all function of InsecureBankv2 app, but could't get any message from BadIntent

xx

my env: android 4.4 and Xposed v54, burpsuite 1.7.11 pro the xposed log:

Loading Xposed v54 (for Zygote)...                                                                                                          
Running ROM 'aosp_mako-userdebug 4.4 KRT16S eng.hac425.20161023.101329 test-keys' with fingerprint 'Android/aosp_mako/mako:4.4/KRT16S/eng.ha
101329:userdebug/test-keys'                                                                                                                 
Loading modules from /data/app/com.pyler.xinstaller-2.apk                                                                                   
  Loading class com.pyler.xinstaller.XInstaller                                                                                             
Loading modules from /data/app/just.trust.me-2.apk                                                                                          
  Loading class just.trust.me.Main                                                                                                          
Loading modules from /data/app/de.mat3.badintent-1.apk                                                                         
  Loading class de.mat3.badintent.app.AppAnalyzer                                                                                           
java.lang.NoSuchMethodError: android.os.Parcel#writeBlob(byte[],int,int)#exact                                                              
        at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)                                                     
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)                                                   
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)                                                   
        at de.mat3.badintent.hooking.proxy.hooks.ParcelProxyHooks.hookParcel(ParcelProxyHooks.java:76)                                      
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:63)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
java.lang.NoSuchMethodError: android.os.Parcel#writeBlob(byte[],int,int)#exact                                                              
        at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)                                                     
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)                                                   
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)                                                   
        at de.mat3.badintent.hooking.proxy.hooks.ParcelProxyHooks.hookParcel(ParcelProxyHooks.java:76)                                      
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:63)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
java.net.SocketException: socket failed: EACCES (Permission denied)                                                                         
        at libcore.io.IoBridge.socket(IoBridge.java:576)                                                                                    
        at java.net.PlainSocketImpl.create(PlainSocketImpl.java:201)                                                                        
        at java.net.PlainServerSocketImpl.create(PlainServerSocketImpl.java:38)                                                             
        at java.net.ServerSocket.<init>(ServerSocket.java:99)                                                                               
        at java.net.ServerSocket.<init>(ServerSocket.java:70)                                                                               
        at de.mat3.badintent.app.AppAnalyzer.getRandomPort(AppAnalyzer.java:97)                                                             
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:54)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
Caused by: libcore.io.ErrnoException: socket failed: EACCES (Permission denied)                                                             
        at libcore.io.Posix.socket(Native Method)                                                                                           
        at libcore.io.BlockGuardOs.socket(BlockGuardOs.java:181)                                                                            
        at libcore.io.IoBridge.socket(IoBridge.java:561)                                                                                    
        ... 23 more                                                                                                                         
java.net.SocketException: socket failed: EACCES (Permission denied)                                                                         
        at libcore.io.IoBridge.socket(IoBridge.java:576)                                                                                    
        at java.net.PlainSocketImpl.create(PlainSocketImpl.java:201)                                                                        
        at java.net.PlainServerSocketImpl.create(PlainServerSocketImpl.java:38)                                                             
        at java.net.ServerSocket.<init>(ServerSocket.java:99)                                                                               
        at java.net.ServerSocket.<init>(ServerSocket.java:70)                                                                               
        at de.mat3.badintent.app.AppAnalyzer.getRandomPort(AppAnalyzer.java:97)                                                             
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:54)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
Caused by: libcore.io.ErrnoException: socket failed: EACCES (Permission denied)                                                             
        at libcore.io.Posix.socket(Native Method)                                                                                           
        at libcore.io.BlockGuardOs.socket(BlockGuardOs.java:181)                                                                            
        at libcore.io.IoBridge.socket(IoBridge.java:561)                                                                                    
        ... 23 more                                                                                                                         
java.lang.NoSuchMethodError: android.os.Parcel#writeBlob(byte[],int,int)#exact                                                              
        at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)                                                     
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)                                                   
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)                                                   
        at de.mat3.badintent.hooking.proxy.hooks.ParcelProxyHooks.hookParcel(ParcelProxyHooks.java:76)                                      
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:63)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
java.lang.NoSuchMethodError: android.os.Parcel#writeBlob(byte[],int,int)#exact                                                              
        at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)                                                     
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)                                                   
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)                                                   
        at de.mat3.badintent.hooking.proxy.hooks.ParcelProxyHooks.hookParcel(ParcelProxyHooks.java:76)                                      
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:63)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)                                                                                    
java.lang.NoSuchMethodError: android.os.Parcel#writeBlob(byte[],int,int)#exact                                                              
        at de.robv.android.xposed.XposedHelpers.findMethodExact(XposedHelpers.java:179)                                                     
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:129)                                                   
        at de.robv.android.xposed.XposedHelpers.findAndHookMethod(XposedHelpers.java:136)                                                   
        at de.mat3.badintent.hooking.proxy.hooks.ParcelProxyHooks.hookParcel(ParcelProxyHooks.java:76)                                      
        at de.mat3.badintent.app.AppAnalyzer.handleLoadPackage(AppAnalyzer.java:63)                                                         
        at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)                          
        at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:34)                                                     
        at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:70)                                                            
        at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:208)                                                  
        at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:611)                                                    
        at android.app.ActivityThread.handleBindApplication(Native Method)                                                                  
        at android.app.ActivityThread.access$1400(ActivityThread.java:135)                                                                  
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1457)                                                             
        at android.os.Handler.dispatchMessage(Handler.java:102)                                                                             
        at android.os.Looper.loop(Looper.java:137)                                                                                          
        at android.app.ActivityThread.main(ActivityThread.java:4998)                                                                        
        at java.lang.reflect.Method.invokeNative(Native Method)                                                                             
        at java.lang.reflect.Method.invoke(Method.java:515)                                                                                 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:777)                                                  
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:593)                                                                     
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)                                                                  
        at dalvik.system.NativeStart.main(Native Method)
1ultimat3 commented 6 years ago

True... the Parcel implementation has changed over the different Android versions. I will have a look at it in the next days.