Hello great developers.
I'm trying to implement a sandbox on Android, the main purpose is to analyze some malware. Including their svc call parameters and execution process, so as to realize automatic analysis. Automated output reports and other needs.
My current logic is initialized through static code blocks in the application. The process that comes out of fork() goes to attach the main thread. Modify the parameters and return values of svc in a way similar to proot enabling ptrace and seccomp. Move the following directory to a new directory.
The directories I need to isolate are, these are the common operating directories of apk:
/data/data/packageName/
/data/user/0/
/sdcard/
/storage/emulated/0/
....
Perform IO redirection for these commonly used directories. I have an own sandbox path handler function.
So I did not call the translate_path() method of proot in the translate_path2() method, but called my own method.
But now I occasionally find that there are some problems, and it is found that many directories cannot be redirected. I don't know what is the reason for this (my guess is that many svcs have not been intercepted), and I also imitated proot to enable seccomp in the main thread. The interception function is the same as proot. They are all functions of seccomp.c proot_sysnums array.
1, I only use the syscall module and tracee module in proot now, so I am trying to use the path module in proot now, and I want to call the proot.c -> handle_option_b() method directly. But I don't know what content should be used for value?
Do you have any good suggestions?
3
I want to learn the code logic of this proot, including the function and introduction of each module. Is there a detailed document introduction? It's a really great job and that's my highest rating. I tried to search on google, but found no useful information.
Hello great developers. I'm trying to implement a sandbox on Android, the main purpose is to analyze some malware. Including their svc call parameters and execution process, so as to realize automatic analysis. Automated output reports and other needs. My current logic is initialized through static code blocks in the application. The process that comes out of fork() goes to attach the main thread. Modify the parameters and return values of svc in a way similar to proot enabling ptrace and seccomp. Move the following directory to a new directory. The directories I need to isolate are, these are the common operating directories of apk: /data/data/packageName/ /data/user/0/ /sdcard/ /storage/emulated/0/ .... Perform IO redirection for these commonly used directories. I have an own sandbox path handler function. So I did not call the translate_path() method of proot in the translate_path2() method, but called my own method. But now I occasionally find that there are some problems, and it is found that many directories cannot be redirected. I don't know what is the reason for this (my guess is that many svcs have not been intercepted), and I also imitated proot to enable seccomp in the main thread. The interception function is the same as proot. They are all functions of seccomp.c proot_sysnums array.
1, I only use the syscall module and tracee module in proot now, so I am trying to use the path module in proot now, and I want to call the proot.c -> handle_option_b() method directly. But I don't know what content should be used for value?