Android x86 4.4 on virutalbox, IP configured propely but it become 0.0.0.0 when I submit an apk (when snapshot is restored)

[wickywaka]

My configuration:

Ubuntu 16.04
Virtualbox 5.0.40
Android x86 4.4
cuckoo 1.2

I configured IP addresses according to this guide

Below is the result of netcfg on android terminal. Android vm IP = 192.168.56.10

After doing everything and checking on nmap that guest is listening on port 8000 (see screenshot) I took the snapshot with name "clean_snapshot" and turned the guest off.

But when I run cuckoo and submits an apk for analysis, it gives error of the guest initialization hit the critical timeout, analysis aborted, looking in #823 I tried to nmap or ping the ip which the guest supposed to have but it gives me nothing. Since the wondow of guest visible at that time, I tried to check its ip by using netcfg in its terminal and it gives the following result:

I am also getting one error related to resultserver, Which can be seen below:

Here is my virtualbox.conf file contents:

[virtualbox]
# Specify which VirtualBox mode you want to run your machines on.
# Can be "gui", "sdl" or "headless". Refer to VirtualBox's official
# documentation to understand the differences.
mode = gui

# Path to the local installation of the VBoxManage utility.
path = /usr/bin/VBoxManage

# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)
machines = Android-4.4

[Android-4.4]
# Specify the label name of the current machine as specified in your
# VirtualBox configuration.
label = Android-4.4

# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = android_device

# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.56.10

# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the VirtualBox MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
# snapshot = clean_snapshot

# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in cuckoo.conf
# Example (vboxnet0 is the interface name):
# interface = vboxnet0

# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here 
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
# resultserver_ip = 192.168.56.1

# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
# resultserver_port = 2042

# (Optional) Set your own tags. These are comma separated and help to identify
# specific VMs. You can run samples on VMs with tag you require.
# tags = windows_xp_sp3,32_bit,acrobat_reader_6

I am new to cuckoo so there may be something in the installation or configuration that I hadn't done properly. Let me know if you need more information.

[wickywaka]

nmapping my host shows that VBoxXPCOMIPCD is listening on ports 2042. I changed the port in cuckoo.conf to 3042 and now the warning is gone.. But the ip(0.0.0.0) problem is persistent.

[wickywaka]

This time the error is Analysis failed: No Apps Were Lunched! and the analysis webpage show

[wickywaka]

By taking a look at the kernel log after the snapshot is restored using dmesg, I notice that the eth0 is is made down and then up. I am not perfectly sure if it happens after restoring the snapshot or during the process of making the snapshot. Here is the screenshot of dmesg:

[wickywaka]

I took a snapshot(snappy) of restored snapshot(clean_snapshot) session and when I restored the snappy and had a look at the dmesg, it looks like this:

[wickywaka]

By cheating a little bit I managed to launch the app in x86 emulator. The way I did it was that I move it to dhcp and in the virutalbox configuartion for dhcp selected the range so that only one IP address is available and hence emulator gets that ip address when its restored.

[seantree]

Hi @waqarrashid33 just want to know one thing is internet working on android machine?? If Yes then How ?? I also configured the same thing waiting for positive reply.

[wickywaka]

I don't remember exactly but I think internet doesn't work when the snapshot is restored and apk is submitted. I don't have the setup right now to verify it.

[code-error]

@waqarrashid33 I am also facing the same problem ? Guest vm ip is set to 0.0.0.0 . How can i get rid of this problem . Can you elaborate ?

[code-error]

By cheating a little bit I managed to launch the app in x86 emulator. The way I did it was that I move it to dhcp and in the virutalbox configuartion for dhcp selected the range so that only one IP address is available and hence emulator gets that ip address when its restored.

can you explain it more clearly ?

[wickywaka]

I don't remember exactly but I think I meant that dhcp ip range 192.168.1.100-192.168.1.101 or something like that so that there is only one IP address left to be assigned by dhcp and hence that would be assigned to vm.

I didn't have any success with x86 android and had to move to Goldfish android emulator. I read somewhere in the issues that some people managed to make Android x86 work. I don't know but you should look for those and may be they can help you.