search

tweaselORG / cli

Command-line tool for the libraries of the tweasel project.
MIT License
3 stars 0 forks source link

`record-traffic`: Make app ID/path argument optional #27

Closed baltpeter closed 1 year ago

baltpeter commented 1 year ago

With #15, we added support for analysing already installed apps. But for that you have to find out the app ID. On Android, that is a little annoying but not much of a problem, but on iOS, it's genuinely really hard since the OS doesn't display that info anywhere and the App Store URLs use a different, numerical ID. Personally, I've been using ideviceinstaller -l for this, but have pymobiledevice3 in a custom venv that users can't easily access.

Instead, we should make the argument optional and just interactively prompt the user which app they want to analyse from a list of all installed apps.

baltpeter commented 1 year ago

For this, I want to implement a listApps() function in appstraction. Ideally, that would not only return the app IDs but also the app names/labels (or maybe we'll have a separate function to get the same details as parseAppMeta() for an installed app—that would also be helpful for #25).

But as it turns out, that is harder than expected on Android. The only documented method I've found it to run aapt on the app's APK. But for that, we'd either have to pull the APK from the device or install aapt on it. Neither is particularly nice.

baltpeter commented 1 year ago

Just for the record: dumpsys package packages doesn't work:

  Package [com.wireguard.android] (95647c9):
    userId=10191
    pkg=Package{211fece com.wireguard.android}
    codePath=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==
    resourcePath=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==
    legacyNativeLibraryDir=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==/lib
    extractNativeLibs=true
    primaryCpuAbi=arm64-v8a
    secondaryCpuAbi=null
    cpuAbiOverride=null
    versionCode=492 minSdk=21 targetSdk=30
    minExtensionVersions=[]
    versionName=1.0.20220516
    usesNonSdkApi=false
    splits=[base]
    apkSigningVersion=3
    flags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ]
    privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE PRIVATE_FLAG_ALLOW_NATIVE_HEAP_POINTER_TAGGING ]
    forceQueryable=false
    queriesIntents=[Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] }]
    dataDir=/data/user/0/com.wireguard.android
    supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]
    usesOptionalLibraries:
      androidx.window.extensions
      androidx.window.sidecar
    timeStamp=2023-03-07 14:52:49
    lastUpdateTime=2023-03-07 14:52:50
    installerPackageName=com.android.packageinstaller
    packageSource=3
    signatures=PackageSignatures{ea071ef version:3, signatures:[ae0266ee], past signatures:[]}
    installPermissionsFixed=true
    pkgFlags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ]
    declared permissions:
      com.wireguard.android.permission.CONTROL_TUNNELS: prot=dangerous, INSTALLED
    install permissions:
      android.permission.RECEIVE_BOOT_COMPLETED: granted=true
      android.permission.INTERNET: granted=true
      android.permission.USE_FINGERPRINT: granted=true
      android.permission.USE_BIOMETRIC: granted=true
    User 0: ceDataInode=36084 installed=true hidden=false suspended=false distractionFlags=0 stopped=true notLaunched=false enabled=0 instant=false virtual=false
      installReason=4
      firstInstallTime=2023-03-07 14:52:50
      uninstallReason=0
      overlay paths:
        /system/product/overlay/NavigationBarMode3Button/NavigationBarMode3ButtonOverlay.apk
        /data/resource-cache/com.android.systemui-neutral-Pc1Z.frro
        /data/resource-cache/com.android.systemui-accent-F1vs.frro
      legacy overlay paths:
        /system/product/overlay/NavigationBarMode3Button/NavigationBarMode3ButtonOverlay.apk
      gids=[3003]
      runtime permissions:
        android.permission.POST_NOTIFICATIONS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
        android.permission.CAMERA: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED|ONE_TIME]
baltpeter commented 1 year ago

We can get more info about an app like this, but still not label:

❯ adb shell dumpsys package com.wireguard.android
Activity Resolver Table:
  Non-Data Actions:
      android.intent.action.MAIN:
        96c07a6 com.wireguard.android/.activity.MainActivity filter db805e7
          Action: "android.intent.action.MAIN"
          Category: "android.intent.category.LAUNCHER"
        211783d com.wireguard.android/.activity.TvMainActivity filter 40f832
          Action: "android.intent.action.MAIN"
          Category: "android.intent.category.LEANBACK_LAUNCHER"
        ff51983 com.wireguard.android/.activity.LogViewerActivity filter 773f700
          Action: "android.intent.action.MAIN"
      android.service.quicksettings.action.QS_TILE_PREFERENCES:
        96c07a6 com.wireguard.android/.activity.MainActivity filter d11594
          Action: "android.service.quicksettings.action.QS_TILE_PREFERENCES"

Receiver Resolver Table:
  Non-Data Actions:
      com.wireguard.android.action.SET_TUNNEL_UP:
        65cadf com.wireguard.android/.model.TunnelManager$IntentReceiver filter 6a1832c
          Action: "com.wireguard.android.action.REFRESH_TUNNEL_STATES"
          Action: "com.wireguard.android.action.SET_TUNNEL_UP"
          Action: "com.wireguard.android.action.SET_TUNNEL_DOWN"
      com.wireguard.android.action.REFRESH_TUNNEL_STATES:
        65cadf com.wireguard.android/.model.TunnelManager$IntentReceiver filter 6a1832c
          Action: "com.wireguard.android.action.REFRESH_TUNNEL_STATES"
          Action: "com.wireguard.android.action.SET_TUNNEL_UP"
          Action: "com.wireguard.android.action.SET_TUNNEL_DOWN"
      com.wireguard.android.action.SET_TUNNEL_DOWN:
        65cadf com.wireguard.android/.model.TunnelManager$IntentReceiver filter 6a1832c
          Action: "com.wireguard.android.action.REFRESH_TUNNEL_STATES"
          Action: "com.wireguard.android.action.SET_TUNNEL_UP"
          Action: "com.wireguard.android.action.SET_TUNNEL_DOWN"
      android.intent.action.BOOT_COMPLETED:
        ba25b39 com.wireguard.android/.BootShutdownReceiver filter 302657e
          Action: "android.intent.action.ACTION_SHUTDOWN"
          Action: "android.intent.action.BOOT_COMPLETED"
      android.intent.action.ACTION_SHUTDOWN:
        ba25b39 com.wireguard.android/.BootShutdownReceiver filter 302657e
          Action: "android.intent.action.ACTION_SHUTDOWN"
          Action: "android.intent.action.BOOT_COMPLETED"

Service Resolver Table:
  Non-Data Actions:
      android.service.quicksettings.action.QS_TILE:
        8c471f5 com.wireguard.android/.QuickTileService filter edb5b8a permission android.permission.BIND_QUICK_SETTINGS_TILE
          Action: "android.service.quicksettings.action.QS_TILE"
      android.net.VpnService:
        635fb com.wireguard.android/.backend.GoBackend$VpnService filter 239a618 permission android.permission.BIND_VPN_SERVICE
          Action: "android.net.VpnService"

Domain verification status:

Permissions:
  Permission [com.wireguard.android.permission.CONTROL_TUNNELS] (15edaad):
    sourcePackage=com.wireguard.android
    uid=10191 gids=[] type=0 prot=dangerous
    perm=PermissionInfo{2108475 com.wireguard.android.permission.CONTROL_TUNNELS}

Registered ContentProviders:
  com.wireguard.android/.activity.LogViewerActivity$ExportedLogContentProvider:
    Provider{ee626c0 com.wireguard.android/.activity.LogViewerActivity$ExportedLogContentProvider}
  com.wireguard.android/androidx.startup.InitializationProvider:
    Provider{f484827 com.wireguard.android/androidx.startup.InitializationProvider}

ContentProvider Authorities:
  [com.wireguard.android.androidx-startup]:
    Provider{f484827 com.wireguard.android/androidx.startup.InitializationProvider}
      applicationInfo=ApplicationInfo{ad201e2 com.wireguard.android}
  [com.wireguard.android.exported-log]:
    Provider{ee626c0 com.wireguard.android/.activity.LogViewerActivity$ExportedLogContentProvider}
      applicationInfo=ApplicationInfo{ec9d973 com.wireguard.android}

Key Set Manager:
  [com.wireguard.android]
      Signing KeySets: 65

Packages:
  Package [com.wireguard.android] (95647c9):
    userId=10191
    pkg=Package{211fece com.wireguard.android}
    codePath=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==
    resourcePath=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==
    legacyNativeLibraryDir=/data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==/lib
    extractNativeLibs=true
    primaryCpuAbi=arm64-v8a
    secondaryCpuAbi=null
    cpuAbiOverride=null
    versionCode=492 minSdk=21 targetSdk=30
    minExtensionVersions=[]
    versionName=1.0.20220516
    usesNonSdkApi=false
    splits=[base]
    apkSigningVersion=3
    flags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ]
    privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE PRIVATE_FLAG_ALLOW_NATIVE_HEAP_POINTER_TAGGING ]
    forceQueryable=false
    queriesIntents=[Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] }]
    dataDir=/data/user/0/com.wireguard.android
    supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]
    usesOptionalLibraries:
      androidx.window.extensions
      androidx.window.sidecar
    timeStamp=2023-03-07 14:52:49
    lastUpdateTime=2023-03-07 14:52:50
    installerPackageName=com.android.packageinstaller
    packageSource=3
    signatures=PackageSignatures{ea071ef version:3, signatures:[ae0266ee], past signatures:[]}
    installPermissionsFixed=true
    pkgFlags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ]
    declared permissions:
      com.wireguard.android.permission.CONTROL_TUNNELS: prot=dangerous, INSTALLED
    requested permissions:
      android.permission.CAMERA
      android.permission.INTERNET
      android.permission.RECEIVE_BOOT_COMPLETED
      android.permission.USE_BIOMETRIC
      android.permission.USE_FINGERPRINT
      android.permission.POST_NOTIFICATIONS
    install permissions:
      android.permission.RECEIVE_BOOT_COMPLETED: granted=true
      android.permission.INTERNET: granted=true
      android.permission.USE_FINGERPRINT: granted=true
      android.permission.USE_BIOMETRIC: granted=true
    User 0: ceDataInode=36084 installed=true hidden=false suspended=false distractionFlags=0 stopped=true notLaunched=false enabled=0 instant=false virtual=false
      installReason=4
      firstInstallTime=2023-03-07 14:52:50
      uninstallReason=0
      overlay paths:
        /system/product/overlay/NavigationBarMode3Button/NavigationBarMode3ButtonOverlay.apk
        /data/resource-cache/com.android.systemui-neutral-Pc1Z.frro
        /data/resource-cache/com.android.systemui-accent-F1vs.frro
      legacy overlay paths:
        /system/product/overlay/NavigationBarMode3Button/NavigationBarMode3ButtonOverlay.apk
      gids=[3003]
      runtime permissions:
        android.permission.POST_NOTIFICATIONS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED]
        android.permission.CAMERA: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|USER_SENSITIVE_WHEN_DENIED|ONE_TIME]

Queries:
  system apps queryable: false
  queries via forceQueryable:
  queries via package name:
  queries via component:
    com.android.settings.intelligence:
      com.wireguard.android
    com.wireguard.android:
      com.google.android.projection.gearhead
      com.android.dialer
      org.lineageos.eleven
      com.android.contacts
      com.google.android.googlequicksearchbox
      org.lineageos.jelly
      org.lineageos.etar
      com.android.calculator2
      com.android.messaging
      com.android.gallery3d
      com.android.deskclock
      org.lineageos.recorder
      com.android.inputmethod.latin
      com.android.cellbroadcastreceiver.module
      com.topjohnwu.magisk
      com.termux
      me.zhanghai.android.files
      org.fdroid.fdroid
      com.aurora.store
      com.appsflyer.android.deviceid
      org.proxydroid
      com.kinandcarta.create.proxytoggle
      com.airbnb.android
      de.check24.check24
      com.duolingo
      com.fingersoft.hcr2
      com.alibaba.aliexpresshd
      info.dvkr.screenstream
      de.erichambuch.ticketreader
      app.eticket.pro
      org.mozilla.fennec_fdroid
      de.ivu.eticketinfo
  queryable via interaction:
    User 0:
      [com.android.providers.settings,com.android.location.fused,org.lineageos.settings.device,org.lineageos.lineagesettings,com.android.dynsystem,android,com.android.keychain,org.lineageos.lineageparts,com.android.wallpaperbackup,com.android.settings,lineageos.platform,org.lineageos.setupwizard,com.android.localtransport,com.android.server.telecom,com.android.inputdevices]:
        com.wireguard.android
      com.android.inputmethod.latin:
        com.wireguard.android
      com.android.permissioncontroller:
        com.wireguard.android
      com.wireguard.android:
        [com.android.providers.settings,com.android.location.fused,org.lineageos.settings.device,org.lineageos.lineagesettings,com.android.dynsystem,android,com.android.keychain,org.lineageos.lineageparts,com.android.wallpaperbackup,com.android.settings,lineageos.platform,org.lineageos.setupwizard,com.android.localtransport,com.android.server.telecom,com.android.inputdevices]
  queryable via uses-library:

Dexopt state:
  [com.wireguard.android]
    path: /data/app/~~BYK4Gn_P3yKo7TdKHLI7Yw==/com.wireguard.android--Nguu-Um-JH_-bNqYCXZLQ==/base.apk
      arm64: [status=speed-profile] [reason=bg-dexopt]
  BgDexopt state:
    enabled:true
    mDexOptThread:null
    mDexOptCancellingThread:null
    mFinishedPostBootUpdate:true
    mLastExecutionStatus:0
    mLastExecutionStartTimeMs:6054458376
    mLastExecutionDurationIncludingSleepMs:60828
    mLastExecutionStartUptimeMs:377876204
    mLastExecutionDurationMs:60828
    now:6557377412
    mLastCancelledPackages:
    mFailedPackageNamesPrimary:
    mFailedPackageNamesSecondary:

Compiler stats:
  [com.wireguard.android]
     base.apk - 1455
baltpeter commented 1 year ago

Meanwhile, on iOS, this is a lot easier. pymobiledevice3 apps list --user gives me all the metadata about the apps that I could want.

baltpeter commented 1 year ago

I'm almost convinced that installing aapt on the device is the way to go. Izzy conveniently provides a precompiled arm binary.

But there is an added complication: Files in /sdcard can't have an execute permission and without root, we may not be able to write to /data/local/tmp.

baltpeter commented 1 year ago

Also:

If this one doesn't work on your device (error: only position independent executables (PIE) are supported), use one from here.

And the PIE binaries don't exist in the linked repo anymore.

baltpeter commented 1 year ago

I'm giving up for now. We can revisit this with #25. App ID only for now.