|
1 | | -adbi |
2 | | -==== |
| 1 | +adbi - The Android Dynamic Binary Instrumentation Toolkit |
| 2 | +========================================================= |
| 3 | + |
| 4 | +Simple binary instrumentation toolkit for Android ARM + Thumb. |
| 5 | + |
| 6 | +Instrumentation is based on library injection and hooking function entry |
| 7 | +points (in-line hooking). |
| 8 | + |
| 9 | +The toolkit consists of two main components the hijack tool and the base |
| 10 | +library. |
| 11 | + |
| 12 | +hijack: |
| 13 | + The hijack tool provides the injection functionality. It supports a number of |
| 14 | + modes for supporting older and newer Android devices. hijack provides help on |
| 15 | + the command line. |
| 16 | + |
| 17 | +libbase: |
| 18 | + The base library provides the hooking and unhooking functionality. The base |
| 19 | + library is compiled as a static library so it can be directly included in the |
| 20 | + actual instrumentation library. This is done so we can keep everything in |
| 21 | + /data/local/tmp. |
| 22 | + |
| 23 | +Below we provide and easy to follow step-by-step instructions for howto build |
| 24 | +and use adbi. The example instrument hijacks epoll_wait() and logs every call |
| 25 | +to a file. |
| 26 | + |
| 27 | +=== External Resources === |
| 28 | + |
| 29 | +more information at: |
| 30 | + http://www.mulliner.org/android/ |
| 31 | + |
| 32 | +slide deck about this toolkit: |
| 33 | + http://www.mulliner.org/android/feed/binaryinstrumentationandroid_mulliner_summercon12.pdf |
| 34 | + |
| 35 | +old code (with more examples): |
| 36 | + http://www.mulliner.org/android/feed/collin_android_dbi_v02.zip |
| 37 | + |
| 38 | +=== Prerequisites === |
| 39 | + |
| 40 | +Android SDK |
| 41 | +Android NDK |
| 42 | + |
| 43 | +=== How to Build === |
| 44 | + |
| 45 | += build the hijack tool = |
| 46 | + |
| 47 | +cd hijack |
| 48 | +cd jni |
| 49 | +ndk-build |
| 50 | +cd .. |
| 51 | +adb push libs/armeabi/hijack |
| 52 | +cd .. |
| 53 | + |
| 54 | += build the instrumentation base code = |
| 55 | + |
| 56 | +cd instruments |
| 57 | +cd base |
| 58 | +cd jni |
| 59 | +ndk-build |
| 60 | +cd .. |
| 61 | +cd .. |
| 62 | + |
| 63 | += build instrumentation example = |
| 64 | + |
| 65 | +cd example |
| 66 | +cd jni |
| 67 | +ndk-build |
| 68 | +cd .. |
| 69 | +adb push libs/armeabi/libexample.so /data/local/tmp/ |
| 70 | + |
| 71 | + |
| 72 | +=== How to Run === |
| 73 | + |
| 74 | +adb shell |
| 75 | +su |
| 76 | +cd /data/local/tmp |
| 77 | +# GET PID from com.android.phone |
| 78 | +./hijack -d -p PID -l /data/local/tmp/libexample.so |
| 79 | +cat adbi_example.log |
| 80 | + |
| 81 | +# output should look similar to: |
| 82 | +# |
| 83 | +# started |
| 84 | +# hooking: epoll_wait = 0x4004c378 ARM using 0x4a84a588 |
| 85 | +# epoll_wait() called |
| 86 | +# epoll_wait() called |
| 87 | +# epoll_wait() called |
| 88 | +# removing hook for epoll_wait() |
3 | 89 |
|
4 | | -Android Dynamic Binary Instrumentation Toolkit |
|
0 commit comments