search

FrenchYeti / dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Apache License 2.0
1.05k stars 128 forks source link

Use dexcalibur docker with an emulator #2

Open cryptax opened 5 years ago

cryptax commented 5 years ago

Hi, Is it possible to use dexcalibur docker image with an Android emulator and not a real device? I fail to understand what to provide in --device=... argument.

For example, if you have an emulator running, it seems the name emulator-5554 cannot be used, and is waiting for a path.

$ adb devices
List of devices attached
emulator-5554

Example: docker run -it -v $PWD:/home/dexcalibur/workspace -p 9999:8080 --device=.... frenchyeti/dexcalibur

FrenchYeti commented 5 years ago

I introduce the new option --emu and updated the docker image. So, i encourage you to pull the latest version.

You don't need to use --device with emulator because adb communicate with it via TCP. So, you can start docker container with the following command : docker run -it -v $PWD:/home/dexcalibur/workspace --net=host frenchyeti/dexcalibur

If your emulator is running, check if you see the device with adb devices from the container.

And start dexcalibur by appending at the end of command the new --emu options like it : ./dexcalibur --app=<your_target> --port=8000 --pull --emu

If you expect to perform hooking with emulator, you need to add frida-server (< 12.5.0) on the emulated device and start it before to run dexcalibur. Else, you can disable hook feature with --no-frida option.

cryptax commented 5 years ago

Thanks for adding emulator support!

you need to add frida-server (< 12.5.0)

Do you absolutely need to use below 12.5.0? I'm currently with 12.6.5.

So, I did:

  1. docker pull frenchyeti/dexcalibur (again)
  2. docker run -it -v $PWD:/home/dexcalibur/workspace -p 9999:8000 --net=host frenchyeti/dexcalibur,
  3. Push frida-server and launch it on the emulator
  4. ./dexcalibur --app=my.app.fr --port=8000 --pull --emu inside Dexcalibur container. I believe port 8000 is correct here, because you want the port inside the container?

And it crashes frida-server and that's what dexcalibur says:

[*] Working directory : /home/dexcalibur/workspace/my.app.fr/
[!] Warning ! : device not selected. Searching ...
adb server version (40) doesn't match this client (41); killing...
ADB server didn't ACK
Full server startup log: /tmp/adb.0.log
Server had pid: 42
--- adb starting (pid 42) ---
adb I 06-04 14:28:27    42    42 main.cpp:60] Android Debug Bridge version 1.0.41
adb I 06-04 14:28:27    42    42 main.cpp:60] Version 28.0.3-5475833
adb I 06-04 14:28:27    42    42 main.cpp:60] Installed as /home/dexcalibur/platform-tools/platform-tools/adb
adb I 06-04 14:28:27    42    42 main.cpp:60] 
adb I 06-04 14:28:27    42    42 auth.cpp:405] adb_auth_init...
adb I 06-04 14:28:27    42    42 auth.cpp:230] User key '/root/.android/adbkey' does not exist...
adb I 06-04 14:28:27    42    42 auth.cpp:77] generate_key(/root/.android/adbkey)...
adb I 06-04 14:28:28    42    42 auth.cpp:380] adb_auth_inotify_init...
adb server killed by remote request

* failed to start daemon
adb: failed to check server version: cannot connect to daemon
child_process.js:661
    throw err;
    ^

Error: Command failed: /home/dexcalibur/platform-tools/platform-tools/adb  devices -l
adb server version (40) doesn't match this client (41); killing...
ADB server didn't ACK
Full server startup log: /tmp/adb.0.log
Server had pid: 42
--- adb starting (pid 42) ---
adb I 06-04 14:28:27    42    42 main.cpp:60] Android Debug Bridge version 1.0.41
adb I 06-04 14:28:27    42    42 main.cpp:60] Version 28.0.3-5475833
adb I 06-04 14:28:27    42    42 main.cpp:60] Installed as /home/dexcalibur/platform-tools/platform-tools/adb
adb I 06-04 14:28:27    42    42 main.cpp:60] 
adb I 06-04 14:28:27    42    42 auth.cpp:405] adb_auth_init...
adb I 06-04 14:28:27    42    42 auth.cpp:230] User key '/root/.android/adbkey' does not exist...
adb I 06-04 14:28:27    42    42 auth.cpp:77] generate_key(/root/.android/adbkey)...
adb I 06-04 14:28:28    42    42 auth.cpp:380] adb_auth_inotify_init...
adb server killed by remote request

* failed to start daemon
adb: failed to check server version: cannot connect to daemon

    at checkExecSyncError (child_process.js:621:11)
    at Object.execSync (child_process.js:658:15)
    at AdbWrapper.listDevices (/home/dexcalibur/dexcalibur/src/AdbWrapper.js:67:23)
    at DeviceManager.scan (/home/dexcalibur/dexcalibur/src/DeviceManager.js:52:36)
    at Project.pull (/home/dexcalibur/dexcalibur/src/Project.js:336:22)
    at Object.<anonymous> (/home/dexcalibur/dexcalibur/dexcalibur:114:17)
    at Module._compile (internal/modules/cjs/loader.js:774:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:785:10)
    at Module.load (internal/modules/cjs/loader.js:641:32)
    at Function.Module._load (internal/modules/cjs/loader.js:556:12) {
  status: 1,
  signal: null,
  output: [
    null,
    <Buffer >,
    <Buffer 61 64 62 20 73 65 72 76 65 72 20 76 65 72 73 69 6f 6e 20 28 34 30 29 20 64 6f 65 73 6e 27 74 20 6d 61 74 63 68 20 74 68 69 73 20 63 6c 69 65 6e 74 20 ... 879 more bytes>
  ],
  pid: 40,
  stdout: <Buffer >,
  stderr: <Buffer 61 64 62 20 73 65 72 76 65 72 20 76 65 72 73 69 6f 6e 20 28 34 30 29 20 64 6f 65 73 6e 27 74 20 6d 61 74 63 68 20 74 68 69 73 20 63 6c 69 65 6e 74 20 ... 879 more bytes>

:(

FrenchYeti commented 5 years ago

The Frida version required is not the problem. It seems there is an issue between the ADB version of the device and the local version. I will try to reproduce your issue with adb ASAP.