cuckoo agent on Android Emulator not responding

[donatasiv]

Hi, few days trying to solve issue with Android guest environment. I`m using the second configuration (http://cuckoo-droid.readthedocs.org/en/latest/installation/guest_android_avd/) to set up my sandbox. Everything looks fine except one moment: agent on guest machine does not respond. Did investigation: agent is running. Logs from guest manager: .... 2016-04-01 15:30:55,192 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=android_x86, ip=192.168.56.105) 2016-04-01 15:30:55,923 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet 2016-04-01 15:30:57,928 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet

Logs from wireshark (host sends GET request, but nothing comes from agent side): 40 23.003890000 192.168.56.105 192.168.56.1 HTTP/XML 271 HTTP/1.1 200 OK 45 23.013883000 192.168.56.1 192.168.56.105 HTTP 252 GET / HTTP/1.1 User-Agent: python-requests/2.7.0 CPython/2.7.6 Linux/4.2.0-30-generic\r\n Full request URI: http://192.168.56.105:8000/

curl 192.168.56.105:8000 does not respond.

Android emulator screenshot:

Manager logo screenshot:

Please help, have no clue what to to :)

[jbremer]

You're going to have to configure the avd machinery module, not VirtualBox.

[donatasiv]

Thanks for answering, I just made an mistake - I`m using that configuration with Android-x86 Open Source on virtual machine (Android Device Cross-platform).

[donatasiv]

Just noticed that agent on guest listening on 8000 port using TCPv6 is that not suppose to be TCPv4?

[jbremer]

Is it listening on only ipv6? Both is fine I guess, but it should also listen on ipv4.

[donatasiv]

I dug deeper into the code to see which part is failing. Failing on lib.cuckoo.core.guest module. Just inserted printout in to code which is visible in debug mode. Here what I get:

2016-04-08 10:47:26,693 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=android_x86, ip=192.168.56.105) 2016-04-08 10:47:27,698 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket timeout 2016-04-08 10:47:28,702 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket timeout 2016-04-08 10:47:29,695 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket error 2016-04-08 10:47:31,700 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket timeout 2016-04-08 10:47:32,704 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket timeout 2016-04-08 10:47:33,143 [lib.cuckoo.core.guest] DEBUG: android_x86: not ready yet - socket error 2016-04-08 10:47:34,147 [lib.cuckoo.core.guest] DEBUG: wait for agent to come alive - ok 2016-04-08 10:47:34,149 [lib.cuckoo.core.guest] DEBUG: db.guest_get_status - ok

Next step is: # Check whether this is the new Agent or the old one (by looking at the status code of the index page). r = self.get("/") Host sends http GET / request and everything stops, because agent does not do anything.

[GoldeNi92]

I'm having the same issue with my CuckooDroid (Android Device cross-platform) -installation. Have you figured out any solution for this?

[donatasiv]

Nop, I give up:) I have no idea whats under agent app and how it suppose to behave, actually there is no information or evidence about this type of configuration.

[ghost]

It is probably because you are using x86 Android, the create_guest_avd.sh script transfers a Python interpreter to the device, which is currently only available as binaries compiled for ARM devices.

You could try again with an AVD that is based on ARM, I have verified that Android 4.1 ARM works (with the small patch I just submitted).

[donatasiv]

I`m using Android_x86 for Cross-platform configuration, which is default way to do it. I have tryed the other solution (guest avd) and I use ARM based AVD and i got also other isues.

[jbremer]

As @RuneTM said, the Android x86 approach is not supported, simply because I only ported the avd solution (which in my opinion at the time looked like the best approach anyway). So please try that. Or alternatively try the patch provided by Cuckoo Droid based on Cuckoo 1.2.

[lovina37]

@jbremer @heipei can you tell me what to do in such scenario ?? the repost is generated but id does not have any setails like dynamic or behaviour....

Also can you give an example what is to be included in the android id username and password field for google play ?

[lovina37]