How to configure dynamic analyzer with android emulator in Mobsf (Mobile-Security-Framework-MobSF)

[mylamour]

0x00 Prepare ENV

My ENV:

• Windows 11
• WSL2
• Docker Desktop: 4.6.1

0x01 Install Mobsf

Create a customized python Env for Mobsf, and if there was any network issues, you should configure a proxy to solve that.

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
python3 -m venv mobsfvenv
source mobsfvenv/bin/activate
./setup.sh

0x02 Install Android Emulator Within WSL2

cd ~
mkdir -p ~/Android/Sdk
sudo apt-get install -y openjdk-8-jdk
wget https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip
unzip sdk-tools-linux-4333796.zip -d Android/Sdk

sdkmanager --install "platform-tools" "platforms;android-26" "build-tools;26.0.3"
sdkmanager --install "platform-tools" "system-images;android-26;google_apis;x86"

Add those environment variable into ~/.bashrc or ~/.zshrc

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
export ANDROID_HOME=~/Android
export PATH=$PATH:$JAVA_HOME/bin
export PATH=$PATH:~/Android
export PATH=$PATH:~/Android/Sdk/bin
export PATH=$PATH:$ANDROID_HOME/tools
export PATH=$PATH:$ANDROID_HOME/platform-tools

0x03 Create AVD (Android Virtual Device) and Run it

avdmanager create avd -n pixel -k "system-images;android-26;google_apis;x86" --device "pixel"
emulator -list-avds
cd ~/Android/tools
./emulator -avd pixel -writable-system -no-snapshot

you can delete avd with # avdmanager delete avd -n yourdevicename

0x04 Start Mobsf with Android Emulator

change the ADB path to ADB_BINARY = '~/Android/platform-tools/adb' within ~/.MobSF/config.py

0x05 Issues

1. frida.NotSupportedError: need Gadget to attach on jailed Android; its default location is: /home/xxxx/.cache/frida/gadget-android-arm64.so

That' mean gadget was not exists, so we need to download the correctly version and put it into ~/.cache/frida folder

mkdir -p .cache/frida/
wget -O .cache/frida/frida-gadget-arm64.xz https://github.com/frida/frida/releases/download/15.1.17/frida-gadget-15.1.17-android-arm64.so.xz
cd .cache/frida/ && xz -d -v frida-gadget-15.1.17-android-arm64.so.xz
mv frida-gadget-15.1.17-android-arm64.so gadget-android-arm64.so

2. [ERROR] 28/Mar/2022 07:17:11 - Error Connecting to Frida That's mean frida server was not started in Emulator, we need put frida-server into emulator and run it. please select your own version. There was 2 options, first one, you can start it manually, and second one, you can download the frida-server directly and put it into ~/.MobSF/downloads

adb push frida-server /data/local/tmp
adb shell
su
cd /data/local/tmp
chmod 755 frida-server
nohup ./frida-server &