Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.
License: GNU General Public License v3.0
if no reporters are avaialable, intercepted events are never deleted which can lead to an OutOfMemoryExceptions.
This must be fixed.
I am getting the following error when i run cd tools/emulatorCreator && python HookerInstaller.py -s SDK_PATH -a Hooker_test -t ANDROID_TARGET -d AVD_DIRECTORY command
my command is :
python HookerInstaller.py -s /home/sharp/Android/Sdk -a Hooker4.2 -t 2 -d /home/sharp/.android/avd
[MainProcess/HookerInstaller.py:289/ERROR] 495: Device Hooker4.2 not found.
Please help
I want to make dynamic analysis to detect malware android applications so I want a report from dynamic analysis . Is hooker give me this report for every apk file? if yes , plz send me sample from result report
Hello,
I'm getting package-name, method-name, and class-name in events.logs file.
But I'm not getting apk-name in it.
Can somebody help me?
You then need to install application APK-instrumenter on your reference AVD:
Launch your new AVD with: Save to snapshot option checked,
Install the application using adb $ $ANDROID_HOME/platform-tools/adb install APK-instrumenter/bin/ApkInstrumenterActivity-debug.apk
When i click on substrate app the following error appears:
java.io.IOException: write failed: EPIPE (Broken pipe)
Can you plz help me out to avoid this error?
The similar error comes when i trying to run the hooker.
[PoolWorker-3/MainThread/ERROR] 9689369: Cannot stop the AVD.
[PoolWorker-2/MainThread/ERROR] 9689369: Traceback (most recent call last):
File "/home/ahmad/hooker-master/hooker-master/hooker_xp/hooker_xp/AutomaticAnalysis.py", line 74, in executeExperiment
apkToAnalyze = listOfAPKs.get() # 0xFFFF
File "", line 2, in get
File "/home/ahmad/anaconda/lib/python2.7/multiprocessing/managers.py", line 758, in _callmethod
conn.send((self._id, methodname, args, kwds))
IOError: [Errno 32] Broken pipe
[PoolWorker-3/MainThread/ERROR] 9689369: Exception while executing an experiment : [Errno 32] Broken pipe
Using Android Hooker, Is it possible to get requested permissions list in one file?
@Tibap
I would like to know from which file you get all data into Elasticsearch head and Kibana.
I searched but get binary files.
In SharedPreferencesHooker.java, it was ussless to hook android.content.SharedPreferences.Editor. Because Editor is interface, which can not be hooked.
So we shoud hook it's implementation, which is android.app.SharedPreferencesImpl$EditorImpl, and it works!
I have followd the step given in readme,
I am getting this error.
My machine is Ubutnu 64bit.
I am using latest hooker version.
Error : -------------------------------------------------------------------------------------------------
[MainProcess/MainThread/DEBUG] 239: Traceback (most recent call last):
File "hooker_xp.py", line 70, in
main()
File "hooker_xp.py", line 53, in main
analysis = ManualAnalysis(commandLineParser)
File "/home/mobisec/Downloads/hooker-master/hooker_xp/hooker_xp/ManualAnalysis.py", line 51, in init
super(ManualAnalysis, self).init(MainConfiguration.build(commandLineParser), ReportingConfiguration.build(commandLineParser), )
File "/home/mobisec/Downloads/hooker-master/hooker_xp/hooker_xp/analysis/Analysis.py", line 53, in init
self.reporter = Reporter(self.reportingConfiguration)
File "/home/mobisec/Downloads/hooker-master/hooker_xp/hooker_xp/report/Reporter.py", line 51, in init
self.initializeReporters()
File "/home/mobisec/Downloads/hooker-master/hooker_xp/hooker_xp/report/Reporter.py", line 110, in __initializeReporters
self.es = Es([{"host":self.reportingConfiguration.elasticsearchIp, 'port':self.reportingConfiguration.elasticsearchPort}])
File "build/bdist.linux-x86_64/egg/hooker_common/elasticsearch/Es.py", line 57, in __init
self.__initializeConnection()
File "build/bdist.linux-x86_64/egg/hooker_common/elasticsearch/Es.py", line 369, in __initializeConnection
self.__createHookerIndex()
File "build/bdist.linux-x86_64/egg/hooker_common/elasticsearch/Es.py", line 389, in __createHookerIndex
self.esInstance.indices.create(index=Es.ES_INDEX_NAME_HOOKER, body=Es.__getBodyIndex())
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
return func(_args, params=params, *_kwargs)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 102, in create
params=params, body=body)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 307, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 89, in perform_request
self._raise_error(response.status, raw_data)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 105, in _raise_error
raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
RequestError: TransportError(400, u'mapper_parsing_exception')
androidTemporaryPath=/tmp/android/
androguardPath=/opt/mobisec/Android/androguard
device=emulated
[analysis]
type=automatic
name=Sample Automatic Analysis
apks=../tools/sampleApps/
maxNumberOfEmulators=2
prepareApks=../tools/APK-contactGenerator/com.amossys.hooker.generatecontacts.ImportContacts.apk
scenario=execute,stimulate,reboot,execute,stimulate,externalStimulation
outputdirectory=/tmp/outdir/
[reporting]
elasticsearch_mode=true
elasticsearch_ip=127.0.0.1
elasticsearch_port=9200
elasticsearch_index=hooker_test
elasticsearch_doctype=event
I would like to know where events.logs file is stored.
Hi,
First, thank you for developing this promising tool and I have been following it for a while, and it is wonderful to see you guys are supporting real device now!
However, I ran into a problem while trying to run it. It first says I don't have APK instrumenter installed, but I do (see last phone screenshot). Then it kept going even after that error, until it stuck in the loop in the end (see Terminal screenshot). I can provide more information as needed, and thank you in advance for any help!
Reported by @Ratibhan
cd hooker_xp && python hooker_xp.py -c /home/ratibhan/hooker-master/hooker_xp/sampleAutomaticAnalysis.conf
I have completed all steps, but during execution last command given in README.MD, i got following error, Please tell me the way to resolve it?
ERRROR: No module named colorama
everytime Iam trying to "Link Substrate Files" in the substrate app Iam getting these error message:
"Shell Status 1: java.lang.SecurityException: Permission Denial: broadcast asks to run as user -1 but is calling from user 0; this requires Android.permission.INTERACT_ACROSS_USERS_FULL or Android.permission.INTERACT_ACROSS_USERS"
any idea how to fix it?
For some reasons actual data is not getting stored in my database,only their datatype are getting stored up on the elastic search database,even though the dynamic analysis ran successfully.
(Also what's up with the events.logs file ,where is it stored ? )
Can I somehow get the result of the analysis in a .txt file or is there some other way to extract the information out of the dynamic analysis done by the tool ?
Thanks in Advance :)
In "Hooker.java, getStringRepresentationOfAttribute(Object arg)" . If the parameter type of arg is "[B", the length arg array may too big ,which may cause out of memory. When I print the logcat, the element of "[B" is not printed completed, so I think it is out of memory. I think we should check the type of arg when it is "[B" type, which may contains too many elements.
Hello:
when I run python hooker_xp.py -c myAnalysis.conf, the Error happened as follow :
[MainProcess/Reporter.py:69/INFO] 101: No APK found associated with IDXP 4ca6b8a3e75b46c7b3acb747756a5792
[MainProcess/Es.py:359/DEBUG] 111: The APK '/home/ximi/DroidBox_4.1.1/MaliciousTest_For4.0.apk' has successfuly been inserted into ES cluster.
[MainProcess/Reporter.py:74/INFO] 112: APK /home/ximi/DroidBox_4.1.1/MaliciousTest_For4.0.apk with ID e5777ad1-f8d3-44d9-a3ef-2294c5a5e409 has been assiocated to IDXP in ES cluster
[MainProcess/Es.py:113/DEBUG] 122: The experiment '4ca6b8a3e75b46c7b3acb747756a5792' has successfuly been inserted into ES cluster.
[MainProcess/hooker_xp.py:70/ERROR] 124: Traceback (most recent call last):
File "hooker_xp.py", line 67, in
main()
File "hooker_xp.py", line 61, in main
analysis.start()
File "/home/ximi/Dynamic_Analysis_of_APP/hooker-master/hooker_xp/hooker_xp/ManualAnalysis.py", line 83, in start
Analysis.reportEvent(self.reporter, idXp, "Analysis", "Executing static analysis on {0}".format(analyzedAPKFile))
File "/home/ximi/Dynamic_Analysis_of_APP/hooker-master/hooker_xp/hooker_xp/analysis/Analysis.py", line 85, in reportEvent
reporter.reportEvent(idXp, sourceEvent, actionEvent, paramsEvent)
File "/home/ximi/Dynamic_Analysis_of_APP/hooker-master/hooker_xp/hooker_xp/report/Reporter.py", line 92, in reportEvent
self.es.insertExperimentSteps(idXp, relTime, emulator=sourceEvent, description=actionEvent)
File "build/bdist.linux-x86_64/egg/hooker_common/elasticsearch/Es.py", line 131, in insertExperimentSteps
raise Exception("Experiment with ID '{0}' doesn't exists, create it before inserting a static event.".format(idXp))
Exception: Experiment with ID '4ca6b8a3e75b46c7b3acb747756a5792' doesn't exists, create it before inserting a static event.
As I saw the "Es.py" script, It seems that it can't find the Experiment in the second time.
I wonder if you can help me
Thanks in advance
After creating and prepping the Android AVD, attempting to launch the AVD from the saved snapshot results in a frozen AVD. The home screen loads fine, but the device is seen as ofline and I'm unable to interact with the screen within the AVD.
I've scoured forums and Google for potential solutions, but have found none.
Hello,
The data collected into ES, for some reason is not loaded into Kibana.
Importing the dashboard (tools/kibana-dashboard/kibana-export.json) as described in the section "Start ElasticSearch and Kibana" always show the message
"Saved Objects: Could not locate that index-pattern (id: hooker_test)"
In the top of Kibana Settings page
May this warning be the problem?
This is just a piece of data seen under ES (http://localhost:9200/_plugin/head/):
{
"_index": "hooker_test",
"_type": "static",
"_id": "AVPIqrs0HrDCae4vI9ZR",
"_score": 1,
"_source": {
"Android Version Code": "57",
"PackageName": "com.code.spirity",
"Main Activity": "com.code.spirity.ui.tour.SplashActivity",
"Libraries": [ ],
"Filename": "/home/wagner/droid/analysis/new/base.apk",
"Activities": [
{
"Activity": "com.code.spirity.ui.tour.SplashActivity"
}
,
{
"Activity": "com.code.spirity.ui.tour.TourActivity"
}
,
...
I mean, it seems that everything is ok with Hooker execution and data collection, the problem is apparently with Kibana's Dashboard.
Do you have a clue on how to solve that?
Thanks in advance.
After running install.sh which internally calls "ant debug" which generates "ImportContacts-debug.apk"
inside bin folder of "APK-contactGenerator" dir. And sampleAutomaticAnalysis.conf file has "prepareApks=../tools/APK-contactGenerator/com.amossys.hooker.generatecontacts.ImportContacts.apk" variable defined.
#1 : where can i find "com.amossys.hooker.generatecontacts.ImportContacts.apk"?
#2: if user has to define that variable , what should i define? I tried defining " ImportContacts-debug.apk" as "prepareApks" variable but code crashes. Can you please help? Error for #2
Starting: Intent { cmp=/.ImportContacts-debug }
[MainProcess/MainThread/INFO] 88772: Analyzing directory: ../tools/sampleApps/
[MainProcess/MainThread/DEBUG] 88772: All APKs have been pushed to the analyzing queue, sleeping 5 secs...
Error type 3
Error: Activity class {/.ImportContacts-debug} does not exist.
[MainProcess/MainThread/INFO] 93776: Analyzing directory: ../tools/sampleApps/
After successfully run hooker_xp.py, I got "The event information of experiment '99ab8cf3c7e126b7600931860dfe16f9' has successfuly been inserted into ES cluster." message.
Now, how can I see these cluster? Does t creates any log file?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.