Git Product home page Git Product logo

droidmon's Introduction

Droidmon - Dalvik Monitoring Framework for CuckooDroid

Contributed By Check Point Software Technologies LTD.

Background

Droidmon, a key piece in CuckooDroid, monitors applications inside a virtual (guest) machine and provides insight into an application’s behavior. Droidmon is an open source Dalvik Monitoring framework based on Xposed Framework.

Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs. This means that modules can work in different versions and even ROMs without any additional changes (as long as the original code did not undergo too much modification). It's also easy to reverse. As all changes are done in the memory, you can restore your original system by deactivating the module and rebooting. Another advantage is that multiple modules can make changes to the same part of the system or app. With modified APKs, you must choose one. There is no way to combine them, unless the author builds multiple APKs with different combinations.

Droidmon allows you to select which functions you want to monitor and does all the monitoring for you. It works by hooking the zygote every time a package has been loaded. Droidmon opens the configuration file (location: /data/local/temp/hooks.conf), reads the list of API methods to monitor, hooks them dynamically every time a new application is opened, and reports all the monitoring information to logcat. Features

  • Dynamic hooking of Dalvik methods - APIs/app specific
  • Autogenerated json logs from hooked methods - when you enter the name of the app, it is automatically parsed and presented in the log

Prerequisites

Usage

  1. Install Droidmon.apk and enable this module in XposedInstaller.
  2. Push the configuration file hooks.json to /data/local/tmp/ with the required hooks.
  3. Reboot the Android device.
  4. Verify that Droidmon module is enabled.
  5. Droidmon Monitoring is ready. Open a new app. The logs will be shown in logcat.

Configure File Format

The hooks.json is the configuration file written in json format. It contains a list of all the information needed to hook the required methods. Each element in the list is a dictionary which contains four key-value pairs describing the monitored method.

The first key-value pair contains the name of the class we want to call. The second pair is the name of the method we want to monitor. The third pair is a boolean indicating whether or not to log the information about the object which invokes the method. Finally, the fourth pair is the type of API method such as networking, sms, fingerprint, etc.

An example is shown below:

{
    "hookConfigs": [
        {
            "class_name": "libcore.io.IoBridge", 
            "method": "open", 
            "thisObject": false, 
            "type": "file"
        },
        {
            "class_name": "libcore.io.IoBridge",
            "method": "close",
            "thisObject": true,
            "type": "file"
        },
        {
            "class_name": "android.app.ActivityManager",
            "method": "getRunningTasks",
            "thisObject": false,
            "type": "binder"
        }
    ], 
    "trace": false
}

Log Format

Each method found in the configuration file and later invoked produces a log in the format seen below. All of the information in the configuration file appears in the log file. In addition, the log file records the timestamp when the invocation occurred, the arguments passed to the function, and the return value. If we enabled the thisObject Boolean, it records the information of the invoking object. Most importantly, the log also includes a tag for application filtering. Example: Droidmon-apimonitor-<Package Name>

To filter the tag, use this command: adb logcat -d | grep Droidmon-apimonitor-com.cuckoo.test

I/Xposed  ( 1649): 
Droidmon-apimonitor-com.cuckoo.test:
{
    "timestamp":1436953465511,
    "class":"android.telephony.SmsManager",
    "method":"sendTextMessage",
    "type":"sms",
    "args":["0735445281","000000000000000"]
}

droidmon's People

Contributors

idanr1986 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

thinhnd8752 slumdunking jbremer mystery86hh a18499 453483289 curehsu cottontail gaurav9991 3asm cpluse csky6688 shugaoye thor509 honeynet securitywarrior wangshu88 sbtotib vaginessa 1683942030 shundewang seclab-int-dev-group z-u-k davidblus primmus wengoooooooo itmayi noyahuni kanghj colordancer fthung m4rm0k akasaa101 sanjingshou11 yunshouhu lovesuae freemanzyq cymgen30 5l1v3r1 threathive shibis17 whsz6 lotka-github websecresearch

droidmon's Issues

How does the Class MethodApiType be used?

After reading the source code, I cannot find a example for assigning the value of "type" in the hook file "hooks.jason". Either can I find how the "type" value be used in the source code.
All I can find is it used as a formal parameter in Logger class.

So What purpose does the Class MethodApiType designed to achieve?

Question about isFirstApplication

Hi @idanr1986,

I have question about isFirstApplication. I can see you code that you have isFirstApplication checked to hook only the first apk. So, what if an apk install a new apk and show a different packagename. So you don't care about them? Let me know. Thanks.

Delete hook for java.lang.reflection.Method->invoke

Hello.
I've found some not good behaviour when hook java.lang.reflection.Method->invoke is activated.
So I think better to see my conversation with author of Xposed Framework here rovo89/XposedBridge#106 . So, I don't think is hook is really needed, case what we are looking for with Droidmon is calls of Andorid API and there is no difference for us was call from Java reflection API or not. We just can don't care. Because setting that hook will be really problematic for Xposed Framework and I think it is better to delete that hook from hooks.json file and write some comment for it, in case somebody set it.

Compiling fails in Android-Studio 3.0.1

Running into an issue while compiling in Android Studio 3.0.1 which seems to be an issue other people have faced when migrating from 2.x without making the project a gradle project, haven't been able to figure a solution out myself yet.

Error:Android Source Generator: Error: Can't find bundle for base name messages.AndroidJpsBundle, locale en_US
java.util.MissingResourceException: Can't find bundle for base name messages.AndroidJpsBundle, locale en_US
	at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1564)
	at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1387)
	at java.util.ResourceBundle.getBundle(ResourceBundle.java:773)
	at org.jetbrains.jps.android.AndroidJpsBundle.getBundle(AndroidJpsBundle.java:22)
	at org.jetbrains.jps.android.AndroidJpsBundle.message(AndroidJpsBundle.java:32)
	at org.jetbrains.jps.android.AndroidSourceGeneratingBuilder.runAaptCompiler(AndroidSourceGeneratingBuilder.java:971)
	at org.jetbrains.jps.android.AndroidSourceGeneratingBuilder.doBuild(AndroidSourceGeneratingBuilder.java:210)
	at org.jetbrains.jps.android.AndroidSourceGeneratingBuilder.build(AndroidSourceGeneratingBuilder.java:114)
	at org.jetbrains.jps.incremental.IncProjectBuilder.runModuleLevelBuilders(IncProjectBuilder.java:1263)
	at org.jetbrains.jps.incremental.IncProjectBuilder.runBuildersForChunk(IncProjectBuilder.java:940)
	at org.jetbrains.jps.incremental.IncProjectBuilder.buildTargetsChunk(IncProjectBuilder.java:1012)
	at org.jetbrains.jps.incremental.IncProjectBuilder.buildChunkIfAffected(IncProjectBuilder.java:903)
	at org.jetbrains.jps.incremental.IncProjectBuilder.buildChunks(IncProjectBuilder.java:736)
	at org.jetbrains.jps.incremental.IncProjectBuilder.runBuild(IncProjectBuilder.java:384)
	at org.jetbrains.jps.incremental.IncProjectBuilder.build(IncProjectBuilder.java:192)
	at org.jetbrains.jps.cmdline.BuildRunner.runBuild(BuildRunner.java:138)
	at org.jetbrains.jps.cmdline.BuildSession.runBuild(BuildSession.java:295)
	at org.jetbrains.jps.cmdline.BuildSession.run(BuildSession.java:125)
	at org.jetbrains.jps.cmdline.BuildMain$MyMessageHandler.lambda$channelRead0$0(BuildMain.java:236)
	at org.jetbrains.jps.service.impl.SharedThreadPoolImpl.lambda$executeOnPooledThread$0(SharedThreadPoolImpl.java:42)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Hook the constructor.

Hello. Can i hook the constructor of object with your hooks.json file ? What is API for that ?

compatibility problems with Genymotion VM Android 7.0 & 8.0

Hi,
I tested Droidmon v2.0 on Genymotion VM. It works with Android 5.1 & 6.0. From Android 7.0 ongoing Droidmon v2.0 doesn't work.

Description: Installation process of Xposed and Droidmon works. Hooks.json file is at /data/local/tmp/. When installing new apps an error message appears that the new installed app " has stopped.". Installation was properly done, but launching the app let the error message pop up. When I disable Droidmon in Xposed the installed app can be launched without problems.

Xposed log tab entries after installation of the app DIVA:
05-02 08:55:53.255 I/Xposed ( 307): -----------------
05-02 08:55:53.255 I/Xposed ( 307): Starting Xposed version 90-beta3, compiled for SDK 26
05-02 08:55:53.255 I/Xposed ( 307): Device: S8 (Genymotion), Android version 8.0.0 (SDK 26)
05-02 08:55:53.255 I/Xposed ( 307): ROM: vbox86p-userdebug
05-02 08:55:53.255 I/Xposed ( 307): Build fingerprint: Android/vbox86p/vbox86p:8.0.0/OPR6.170623.017/233:userdebug/test-keys
05-02 08:55:53.255 I/Xposed ( 307): Platform: x86, 32-bit binary, system server: yes
05-02 08:55:53.255 I/Xposed ( 307): SELinux enabled: yes, enforcing: no
05-02 08:55:55.402 I/Xposed ( 307): -----------------
05-02 08:55:55.403 I/Xposed ( 307): Added Xposed (/system/framework/XposedBridge.jar) to CLASSPATH
05-02 08:56:02.691 I/Xposed ( 307): Detected ART runtime
05-02 08:56:02.702 I/Xposed ( 307): Found Xposed class 'de/robv/android/xposed/XposedBridge', now initializing
05-02 08:56:03.221 I/Xposed ( 307): Loading modules from /data/app/com.cuckoodroid.droidmon-5pG6jXUUbaSgxWWPC89nXA==/base.apk
05-02 08:56:03.237 I/Xposed ( 307): Loading class com.cuckoodroid.droidmon.InstrumentationManager

logcat install diva with enabled droidmon.txt

Can you help me? Thanks in advance

Regards, Martin

NullPointerException in MethodHookImpl.java

Hello!
https://github.com/idanr1986/droidmon/blob/master/src/com/cuckoodroid/droidmon/MethodHookImpl.java this file in line 43 always throws NullPointerException and Hooks doesn't work. So i have patched you application using apktool(i'm new in Android and i have problems to make you application build in IDEA Studio) and i have deleted that if and it works great! So please fix the problem, cause CuckooDroid framework doesn't work without this app. cause most interesting part of CuckooDroid it is API Calls for me.

droidmon not working

1.where is hooks.json
2.how to push it
3.this is my error log of xposed installer after full installation of droidmon and xposed
error
4.there is no log of droimon in adb

Hooking a android.webkit.WebSettings method does not work...

Not sure what's going wrong here, I've added the following to hooks.json:

    {
        "class_name": "android.webkit.WebSettings",
        "method": "setJavaScriptEnabled",
        "thisObject": false,
        "type": "content"
    },

And have an apk with the following code:
setContentView(R.layout.activity_main);

    WebView m =  findViewById(R.id.webview1);

    WebSettings n = m.getSettings();
    n.setJavaScriptEnabled(true);
    m.setWebContentsDebuggingEnabled(true);

I never see the setJavaScriptEnabled show up in droidMon as being hooked and I also never get an error produced.

String logVerbose = "JavaScriptDebugging: " + n.getJavaScriptEnabled();
Log.v( "Security App Test",logVerbose);

Doing the following I can see that javascript has in-deed been enabled though.

Wondering if you can help correct this.

do droidmon has the limitation of monitor api size?

I create a hooks.json with 700+ apis, but error occurs:
java.lang.StackOverflowError
at java.nio.Buffer.position(Buffer.java:351)
at java.nio.charset.CharsetEncoderICU.setPosition(CharsetEncoderICU.java:243)
at java.nio.charset.CharsetEncoderICU.encodeLoop(CharsetEncoderICU.java:182)
at java.nio.charset.CharsetEncoder.encode(CharsetEncoder.java:368)
at java.io.OutputStreamWriter.convert(OutputStreamWriter.java:178)
at java.io.OutputStreamWriter.write(OutputStreamWriter.java:266)
at java.io.PrintWriter.doWrite(PrintWriter.java:623)
at java.io.PrintWriter.write(PrintWriter.java:601)
at java.io.PrintWriter.write(PrintWriter.java:579)
at java.io.PrintWriter.write(PrintWriter.java:660)
at java.io.PrintWriter.append(PrintWriter.java:722)
at java.io.PrintWriter.append(PrintWriter.java:691)
at java.io.PrintWriter.append(PrintWriter.java:31)
at java.lang.Throwable.printStackTrace(Throwable.java:315)
at java.lang.Throwable.printStackTrace(Throwable.java:300)
at de.robv.android.xposed.XposedBridge.log(XposedBridge.java:493)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:647)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)
at com.cuckoodroid.droidmon.utils.ParseGenerator.generateHookDataJson(ParseGenerator.java:170)
at com.cuckoodroid.droidmon.utils.Logger.logGenericMethod(Logger.java:88)
at com.cuckoodroid.droidmon.MethodHookImpl.monitorMethod(MethodHookImpl.java:63)
at com.cuckoodroid.droidmon.MethodHookImpl.afterHookedMethod(MethodHookImpl.java:46)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:645)
at java.util.HashMap.put(Native Method)
at org.json.JSONObject.put(JSONObject.java:263)
at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:631)
at org.json.JSONObject.put(Native Method)

logcat filtering returns empty result

I am using LG Nexus 5X, rooted the phone, installed Xposed and Droidmon module. Pushed the hooks.json included in the repo. However, if I use logcat to filter logs, empty string was returned, i.e., I do not get anything logged. Could you help on this?

System Permission not granted

After setting up Droidmon on Android 4.4 When I reboot I get this message in my logcat

W/PackageManager( 1656): Not granting permission android.permission.MOUNT_UNMOUNT_FILESYSTEMS to package com.cuckoodroid.droidmon (protectionLevel=18 flags=0x8be46)

Wrong implementation for Http(s)URLConnection parser.

So, lines 154 and 155 of ParseGenerator.java code calls methods getResponse() and getResponseMessage()
https://github.com/idanr1986/droidmon/blob/master/src/com/cuckoodroid/droidmon/utils/ParseGenerator.java#L154
https://github.com/idanr1986/droidmon/blob/master/src/com/cuckoodroid/droidmon/utils/ParseGenerator.java#L155
After calling that methods this class object establishes a network connection to the given in constructor url and receives data from it. But this is wrong behavior for logging functionality, because if we will go to the Android Developer's site we will see typical usage of it this class( http://developer.android.com/intl/ru/reference/java/net/HttpURLConnection.html ):

HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
   try {
     urlConnection.setDoOutput(true);
     urlConnection.setChunkedStreamingMode(0);

     OutputStream out = new BufferedOutputStream(urlConnection.getOutputStream());
     writeStream(out);

     InputStream in = new BufferedInputStream(urlConnection.getInputStream());
     readStream(in);
    finally {
     urlConnection.disconnect();
   }
 }

So on the same page of documentation you can see that methods setDoOutput() and setChunkedStreamingMode() can cause IllegalAccessError and IllegalStateException respectively, when connection is already established and its called. Also you can check working of such trace functionality with apps using Android Volley library which are used in most of apps right now. And you will see that apps don't received any data from servers with such wrong logging implementation. They just cause IllegalStateException, nothing more. Also I think that API monitor that change program behavior and state of program objects is not good as well. So please delete this lines and if you want to log this methods and think better add special hooks in hooks.json file.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.