Lobotomy是一款运行在Python环境下的安卓系统评估工具包,它可以帮助安全研究人员评估不同Android逆向工程任务。Lobotomy的目标是打算给安全研究人员提供一个完善的审计平台,允许其在不退出该平台环境下,利用所需要的工具加载目标程序。
Lobotomy主要包含工具:
Androguard(开源静态分析工具)
apktool(反编译工具,已验证Java版本1.7、1.8)
Dex2Jar(反编译工具)
Frida(跨平台注入工具)
已测试的Python版本:
2.7.9
2.7.10
2.7.11参数列表
(lobotomy) help
Documented commands (type help ):
----------------------------------------
_load components edit li pause run show
_relative_load d2j frida list permissions save
attacksurface debuggable hi load profiler set
bowser decompile history loader py shell
cmdenvironment ed l logcat r shortcuts
Undocumented commands:
----------------------
EOF eof exit help q quit连接WEB服务器
[~/Tools/mobile/android/lobotomy]> python web/run.py runserver -h 0.0.0.0用户端信息位于:/ui/home
加载一个Android安装包
[~/Tools/mobile/android/lobotomy]> python lobotomy.py
: : :
t#, t#, t#,
i ;##W. . ;##W. ;##W.
LE :#L:WE Ef. :#L:WE GEEEEEEEL :#L:WE .. : f. ;WE.
L#E .KG ,#D E#Wi .KG ,#D ,;;L#K;;. .KG ,#D ,W, .Et E#, i#G
G#W. EE ;#f E#K#D: EE ;#f t#E EE ;#f t##, ,W#t E#t f#f
D#K. f#. t#iE#t,E#f. f#. t#i t#E f#. t#i L###, j###t E#t G#i
E#K. :#G GK E#WEE##Wt:#G GK t#E :#G GK .E#j##, G#fE#t E#jEW,
.E#E. ;#L LW. E##Ei;;;;.;#L LW. t#E ;#L LW. ;WW; ##,:K#i E#t E##E.
.K#E t#f f#: E#DWWt t#f f#: t#E t#f f#: j#E. ##f#W, E#t E#G
.K#D f#D#; E#t f#K; f#D#; t#E f#D#; .D#L ###K: E#t E#t
.W#G G#t E#Dfff##E, G#t t#E G#t :K#t ##D. E#t E#t
:W##########Wt t jLLLLLLLLL; t fE t ... #G .. EE.
:,,,,,,,,,,,,,. : j t
(lobotomy) loader /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk
[2015-08-03 19:16:44.866870] Loading : /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk
(lobotomy)权限列表
(lobotomy) permissions list
[2015-08-03 19:27:31.175369] Permission: android.permission.ACCESS_FINE_LOCATION
[2015-08-03 19:27:31.175409] Permission: android.permission.ACCESS_NETWORK_STATE
[2015-08-03 19:27:31.175421] Permission: android.permission.INTERNET
[2015-08-03 19:27:31.175430] Permission: android.permission.NFC
[2015-08-03 19:27:31.175438] Permission: android.permission.WRITE_EXTERNAL_STORAGE
[2015-08-03 19:27:31.175446] Permission: com.android.launcher.permission.INSTALL_SHORTCUT
[2015-08-03 19:27:31.175454] Permission: com.opera.GET_BRANDING
[2015-08-03 19:27:31.175461] Permission: com.opera.mini.native.permission.CRASHHANDLER
[2015-08-03 19:27:31.175469] Permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
[2015-08-03 19:27:31.175477] Permission: android.permission.SYSTEM_ALERT_WINDOW
[2015-08-03 19:27:31.175484] Permission: android.permission.WAKE_LOCK
[2015-08-03 19:27:31.175491] Permission: com.google.android.c2dm.permission.RECEIVE
[2015-08-03 19:27:31.175498] Permission: com.opera.mini.native.permission.C2D_MESSAGE
[2015-08-03 19:27:31.175505] Permission: android.permission.READ_CONTACTS
[2015-08-03 19:27:31.175571] Permission: android.permission.VIBRATE权限映射
(lobotomy) permissions map
[2015-08-03 19:28:07.078496] Found permission mapping : android.permission.ACCESS_FINE_LOCATION
[2015-08-03 19:28:07.078543] Searching for : android.telephony.TelephonyManager
[2015-08-03 19:28:12.686411] Searching for : android.location.LocationManager
1 Lbo/app/bs;->(Landroid/content/Context; Landroid/location/LocationManager; Lbo/app/bb; Lcom/appboy/configuration/XmlAppConfigurationProvider;)V (0x120) ---> Landroid/location/LocationManager;->requestLocationUpdates(Ljava/lang/String; J F Landroid/app/PendingIntent;)V
1 Lpz;->a()V (0x20) ---> Landroid/location/LocationManager;->requestLocationUpdates(Ljava/lang/String; J F Landroid/location/LocationListener;)V
1 Lbo/app/bs;->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lpy;->a(Llb;)Landroid/location/Location; (0x50) ---> Landroid/location/LocationManager;->getProviders(Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lkf;->detectlocation(Ljava/lang/String;)V (0x9e) --->攻击界面
(lobotomy) attacksurface
[2015-08-03 19:29:02.272276] ---------
[2015-08-03 19:29:02.272317] Activites
[2015-08-03 19:29:02.272327] ---------
[2015-08-03 19:29:02.272472] com.opera.android.MiniActivity : Found Activity with launchMode!
[2015-08-03 19:29:02.272507] com.opera.android.MiniActivity : launchMode : singleTask
[2015-08-03 19:29:02.272778] com.opera.mini.android.Browser : Found Activity with launchMode!
[2015-08-03 19:29:02.272793] com.opera.mini.android.Browser : launchMode : singleTask
[2015-08-03 19:29:02.272900] com.opera.mini.android.Browser : Found Activity with schemes!
[2015-08-03 19:29:02.272912] com.opera.mini.android.Browser : scheme : ftp
[2015-08-03 19:29:02.272932] com.opera.mini.android.Browser : scheme : about
[2015-08-03 19:29:02.272943] com.opera.mini.android.Browser : scheme : http
[2015-08-03 19:29:02.272952] com.opera.mini.android.Browser : scheme : opera
[2015-08-03 19:29:02.272961] com.opera.mini.android.Browser : scheme : adx
[2015-08-03 19:29:02.272970] com.opera.mini.android.Browser : scheme : https
[2015-08-03 19:29:02.273250] com.opera.mini.android.Browser : action : android.intent.action.MAIN
[2015-08-03 19:29:02.273263] com.opera.mini.android.Browser : action : android.intent.action.VIEW
[2015-08-03 19:29:02.273272] com.opera.mini.android.Browser : action : android.nfc.action.NDEF_DISCOVERED
[2015-08-03 19:29:02.273280] com.opera.mini.android.Browser : action : android.speech.action.VOICE_SEARCH_RESULTS
[2015-08-03 19:29:02.273289] com.opera.mini.android.Browser : action : android.intent.action.WEB_SEARCH
[2015-08-03 19:29:02.273297] com.opera.mini.android.Browser : category : android.intent.category.LAUNCHER
[2015-08-03 19:29:02.273305] com.opera.mini.android.Browser : category : android.intent.category.DEFAULT
[2015-08-03 19:29:02.273313] com.opera.mini.android.Browser : category : android.intent.category.BROWSABLE
[2015-08-03 19:29:02.273321] ---------
[2015-08-03 19:29:02.273328] Receivers
[2015-08-03 19:29:02.273335] ---------
[2015-08-03 19:29:02.273712] com.AdX.tag.AdXAppTracker : Found exported receiver!
[2015-08-03 19:29:02.273724] com.AdX.tag.AdXAppTracker : exported : true
[2015-08-03 19:29:02.273880] com.AdX.tag.AdXAppTracker : action : com.android.vending.INSTALL_REFERRER
[2015-08-03 19:29:02.274348] com.opera.android.gcm.GcmBroadcastReceiver : action : com.google.android.c2dm.intent.RECEIVE
[2015-08-03 19:29:02.274361] com.opera.android.gcm.GcmBroadcastReceiver : category : com.opera.mini.native
[2015-08-03 19:29:02.274821] com.opera.android.appboy.AppboyBroadcastReceiver : action : com.opera.mini.native.intent.APPBOY_PUSH_RECEIVED
[2015-08-03 19:29:02.274833] com.opera.android.appboy.AppboyBroadcastReceiver : action : com.opera.mini.native.intent.APPBOY_NOTIFICATION_OPENED
[2015-08-03 19:29:02.274842] ---------
[2015-08-03 19:29:02.274848] Providers
[2015-08-03 19:29:02.274855] ---------
[2015-08-03 19:29:02.275486] ---------
[2015-08-03 19:29:02.275494] Services
[2015-08-03 19:29:02.275511] ---------下载地址:点击我
*参考来源:github,FB小编亲爱的兔子编译,转载请注明来自FreeBuf黑客与极客(FreeBuf.COM)
- 上一篇:商业级别Fortify白盒神器介绍与使用分析
- 下一篇:Empire模拟案例的学习
关注我们 分享每日精选文章
不容错过
- 端午“擒马”记:黑产是如何强刷用户银行卡8.1万元的?豆芽菜2016-06-13
- 【FB TV】一周「BUF大事件」(20160806-201608012)supercoco2016-08-13
- “聚力赋能”的全面扩张:2016阿里安全峰会首日深度解析欧阳洋葱2016-07-13
- 事件跟踪:有内鬼?黑客极有可能物理接触了索尼的网络嘎巴嘎巴2014-11-27
Copyright © 2013 WWW.FREEBUF.COM All Rights Reserved 沪ICP备13033796号
0day
已有 3 条评论
收了
投稿的人真的有装起来去跑一个试试么?我同步的最新代码,里面有很多代码不全,根本不能用!
我觉得小兔子肯定没有亲测~~~不过倒是翻译小能手,对了,本人认识各种语言的同学,例如小语种等等,需要吗