https://github.com/ZSShen/ProbeDroid

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.
https://github.com/ZSShen/ProbeDroid

android binary-instrument malware-analysis malware-research reverse-engineering

Last synced: about 2 months ago
JSON representation

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.

• Host: GitHub
• URL: https://github.com/ZSShen/ProbeDroid
• Owner: ZSShen
• License: mit
• Created: 2015-11-04T17:06:09.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2018-12-16T03:55:48.000Z (over 6 years ago)
• Last Synced: 2024-10-27T23:24:47.722Z (6 months ago)
• Topics: android, binary-instrument, malware-analysis, malware-research, reverse-engineering
• Language: C++
• Homepage:
• Size: 2.78 MB
• Stars: 197
• Watchers: 25
• Forks: 37
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: COPYING

Awesome Lists containing this project

• awesome-hacking-tools - ProbeDroid - Dynamic Java code instrumentation (Android Security / Dynamic Analysis Tools)
• android-security-awesome - ProbeDroid - Dynamic Java code instrumentation (Tools / Dynamic Analysis Tools)

README

        
# **ProbeDroid**  

ProbeDroid is a ***dynamic Java code instrumentation kit for Android application***, which provides APIs for users to craft their own instrumentation tools. As a result, users can trace, profile, or change the runtime behavior of an interested application. Essentially, ***Java method*** is the ***basic instrumentation unit***. To manipulate the interested methods, users should override the template instrumentation gadgets and register them to hook the interested methods. When the hooked methods are invoked during the runtime, the control flow is diverted to the gadgets. At that moment, users can manipulate the boxed method input arguments and the return value. In the current stage, ProbeDroid targets on Android 5.0 and above. To build ProbeDroid kit, users just pull the package from GitHub and follow the build commands. Android source tree is not required.  

## **Feature**  

+  Programmable instrumentation

   +  Code your own instrument tools with ***Java practice***

   +  Flexible APIs for you to

      +  Hook interested library or app defined methods

      +  Customize instrument gadgets for different analysis purposes

      +  Modify method in/output to hack app during the runtime

+  Succinct deployment

   +  Only ProbeDroid engine and instrument tools are required

   +  No need to customize Android framework

## **[Design Memo]**

## **Limitation**  

+  Cannot instrument ***native*** methods now (under development)  

+  Currently only supporting ***Android 5.0*** and the devices based on ***Intel x86*** and ***ARM eabi v7a*** 

#### ProbeDroid is still under construction. More features will be presented in the near feature. 



## **Installation**

Please refer to [Source Building Wiki]

## **Usage**

Please refer to [Play and Hack Wiki]

## **Demo**

#### **Instrument GoogleMaps**

**Click the picture to view the demo vedio**  

| [![GoogleMaps](http://img.youtube.com/vi/6_kg-229yz4/hqdefault.jpg)](https://www.youtube.com/watch?v=6_kg-229yz4&nohtml5=False) |

|---|

| A simple instrumentation tool which ***tracks the strings converted from StringBuilder and StringBuffer object***. By taking some forensics towards the converted strings, we can notice that GoogleMaps applies Java reflection for some network authentication. Also, It will dynamically generate some C/C++ code and compile it for map rendering. |

#### **Instrument KKTix**

**Click the picture to view the demo vedio**  

| [![KKTix](http://img.youtube.com/vi/KV8gRs0xWQ8/hqdefault.jpg)](https://www.youtube.com/watch?v=KV8gRs0xWQ8) |

|---|

| A simple instrumentation tool which ***tracks the started Activities and Services***. By taking some forensics towards the tracked components, we can notice that KKTix applies several kinds of Activies to render the ticket booking pages. Also, it starts a Service for background computation. |

## **License**

Except for the following source code:  

+ `android/art/runtime/`, `common/log.*`, `common/stringprintf.*`, `common/utf.*`, and `common/macros.h` subtrees belong to [AOSP], which are licensed under ***Apache v2.0***.  

+ `common/libffi/` subtree belongs to [libffi], which is licensed under ***MIT***.   

All the source code are licensed under ***MIT***. See ***COPYING*** for details.  

## **Contact**

Please contact me via the mail ***[email protected]***.  

Note that the kit is still under construction.  Contribution and bug report is desired.  

[Design Memo]:http://www.slideshare.net/ZongShenShen/probedroid-crafting-your-own-dynamic-instrument-tool-on-android-for-app-behavior-exploration

[Source Building Wiki]:https://github.com/ZSShen/ProbeDroid/wiki/Road-Map

[Play and Hack Wiki]:https://github.com/ZSShen/ProbeDroid/wiki/Road-Map