ProbeDroid is a dynamic Java code instrumentation kit for Android application. It provides APIs for users to craft their own instrumentation tools. Thus they can trace, profile, or change the runtime behavior of an interested application. Essentially, Java method is the basic instrumentation unit. To manipulate the interested methods, users should override the template instrumentation gadgets and register them to hook the interested methods. During runtime, when those methods are invoked, the control flow is diverted to the gadgets. And it is the timing to manipulate the boxed method input arguments and return value. In the current stage, ProbeDroid targets on Android 5.0 and above. To build ProbeDroid kit, users just pull the package from GitHub and follow the build commands. Android source tree is not required.

• Dynamic Java method instrumentation kit for Android app
  • Java library as integration interface for users
  • Customizable instrumentation gadgets to fit different analysis purposes
  • Modifiable method input and output to change app behavior
• Direct build process without Android source dependency
  • Pulling the GitHub source and following the document
• Succinct deployment without customized ROM or system apps
  • Only ProbeDroid engine and users' instrumentation tools are required

• Cannot instrument native methods now (under development)
• Currently only supporting Android 5.0 and the devices based on Intel x86 and ARM eabi v7a

<img src="https://github.com/ZSShen/ProbeDroid/blob/master/res/ProbeDroidOverview.png"/width="750px">

Please refer to Source Building Wiki

Please refer to Play and Hack Wiki

Click the picture to view the demo vedio

A simple instrumentation tool which tracks the strings converted from StringBuilder and StringBuffer object. By taking some forensics towards the converted strings, you would notice that GoogleMaps applies Java reflection for some network authentication. Also, It will dynamically generate some C/C++ code and compile it for map rendering.

Click the picture to view the demo vedio

A simple instrumentation tool which tracks the started Activities and Services. By taking some forensics towards the tracked components, you would notice that KKTix applies several kinds of Activies to render the ticket booking pages. Also, it starts a Service for background computation.

Except for the following source code:

• android/art/runtime/, common/log.*, common/stringprintf.*, common/utf.*, and common/macros.h subtrees belong to [AOSP], which are licensed under Apache v2.0.
• common/libffi/ subtree belongs to [libffi], which is licensed under MIT.

All the source code are licensed under MIT. See COPYING for details.

Please contact me via the mail [email protected].
Note that the kit is still under construction. Contribution and bug report is desired.