frenchyeti / dexcalibur Goto Github PK

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

License: Apache License 2.0

Smali 0.32% JavaScript 95.64% HTML 4.02% Dockerfile 0.01% Shell 0.01%

frida hooking security-tools mobile-security android-security apk smali gui android analysis

dexcalibur's Introduction

Dexcalibur

Dexcalibur is an Android reverse engineering platform focus on instrumentation automation. Its particularity is to use dynamic analysis to improve static analysis heuristics. It aims automate boring tasks related to dynamic instrumentation, such as :

Decompile/disass intercepted bytecode at runtime
Write hook code and Manage lot of hook message
Search interesting pattern / things to hook
Process data gathered by hook (dex file, invoked method, class loader, ...)
and so ... But not only that, because Dexcalibur has own static analysis engine and it is able to execute partial piece of smali.

Do you want share something or do you need some help ? Join our official chats :

Telegram - the quickiest way to give a response

Official documentation is available here (website - work in progress).

See the latest news here : http://docs.dexcalibur.org/News.html

Show Dexcalibur demo videos : Demo: Less than 1 minute to hook 61 methods ? Not a problem. (youtube)

How to support Dexcalibur ?

Contribute !

Don't hesitate ! There are several ways to contribute :

Make a pull request related to a fix or a new feature
Create an issue to help me to patch/involves tools
Help me to develop UI
Send me a mail with your feedback
etc ...

A. Installation

A.1 New install

Go to Install doc

Alternative: use Docker

on your host, install adb (and an Android emulator if appropriate)
docker-compose build android-dexcalibur
docker run --rm -it --net=host -v /tmp/dexcalibur:/shared -p 8000:8000 dexcalibur:2023.01 /bin/bash

A.2 Launch dexcalibur

For Linux and MacOS

NPM Install : If Dexcalibur has been installed globaly using NPM (-g option), then Dexcalibur can be launch from terminal by doing $ dexcalibur, else the location it can be launch by $ node $(node root -g dexcalibur)/dexcalibur/dexcalibur.js.

Install from source : from dexcalibur folder, run $ dexcalibur or $ node dexcalibur.js.

For Windows

NPM Install : Event if Dexcalibur is installed globaly using NPM (-g option), Dexcalibur must be launched from terminal by running the following command from a terminal node <NPM_ROOT>/dexcalibur/dexcalibur.js.

Install from source : from dexcalibur folder, into the terminal, run the command node dexcalibur.js.

A.3 Update

From version <= 0.6.x

You are using a previous version of Dexcalibur ?

Follow same steps than a new install, and when you should enter workspace path, enter your current workspace location.

From version >= 0.7

Just by doing:

$  npm install -g dexcalibur

Existing configuration and workspace will be detected automatically.

C. Screenshots

Following screenshots illustrate the automatic update of xrefs at runtime.

D. Features and limitations

Actually, the biggest limitation is Dexcalibur is not able to generate source code of hook targeting native function (into JNI library). However, you can declare manually a Frida's Interceptor by editing a hook.

Assuming Dexcalibur does not provide (for the moment) features to analyse native part such as JNI library or JNA, only features and limitations related to Java part have been detailled.

Analysis accuracy depends of the completeness of the Android API image used during early steps of the analysis. That means, if you use a DEX file generated from the Android.jar file from Android SDK, some references to internal methods, fields, or classes from Android java API could be missing. Better results are obtained when the analysis start from a "boot.oat" file extracted directly from a real device running the expected Android version.

D.1 Features

D.1.A Static analyzer

TODO : write text

D.1.B Hook manager

TODO : write text

D.1.C Dexcalibur's smali VM

Tracked behaviors

Static analyzer involved into "Run smali (VM)" action is able to discover and accept but track following behaviors :

Out-of-bound destination register (register out of v0 - v255)
Out-of-bound source register (register out of v0 - v65535)
Detect invalid instruction throwing implicitely an internal exception
Detect some piece of valid bytecode non-compliant with Android specification
Compute length of undefined array
Fill undefined array
and more ...

Actually, handlers/listeners for such invalid instruction are not supported but events are tracked and rendered.

Dexcalibur IR

The VM produces a custom and simplified Intermediate Representation (IR) which is displayed only to help analyst to perform its analysis.

Depending of the value of the callstack depth and configuration, IR can include or not instruction executed into called function. If the execution enters into a try block and continues to return, but never excute catch, then the catch block will not be rendered. In fact the purpose of Dexcalibur IR is to render only "what is executed" or "what could be executed depending of some symbol's value" into VM context.

Dexcalibur IR helps to read a cleaned version of bytcode by removing useless goto and opaque predicate. Dexcalibur IR can be generated by the VM with 2 simplifying levels :

1st level IR, could be used if you don't trust 2th level IR :

no CFG simplifying : conditions and incondtionnal jumps are rendered.
every move into a register are rendered

2th level :

Hide assign if the register is not modified with an unknown value before its use.
Always TRUE/FALSE predicate are removed
Inconditional jump such goto are removed under certain conditions : single predecessor of targeted basic block, etc ...
Resolve & replace Method.inoke() call by called method if possible.
Instructions into a Try block are not rendered if an exception is thrown before
...

Android API mock

TODO

Details

Smali VM follows steps :

Init VM : stack memory, heap, classloaders, method area, ...
The VM load class declaring the method.
(Optionnal) If the class has static blocks, clinit() is executed. It helps to solve concrete value stored into static properties
Load method metadata
Execute method's instructions, if PseudoCodeMaker is enable, Dexcalibur IR is generated.

How VM handles invoke-* instruction ?

When an invoke-* happens, the local symbol table is saved, and the invoked method is loaded.
If the class declaring the invoked method has never been loaded, the class is loaded
If the method has never been loaded, the method is loaded (by MethodArea) and its local symbol table initialized by importing symbols of arguments from caller's symbol table.
Invoked method is push into callstack (StackMemory).
Method instruction are executed.
Return is push into stack memory
Caller give flow control

D.1.D Application Topology analyzers

Manifest analysis (LIMITED)

Before the first run, the Android manifest of the application is parsed. Actually, anomalies into the manifest such insecure configuration are really detected at this level.

The only purpose of Android manifest parsing is to populate other kind of analyzers.

Permission analysis

Every permissions extracted from the Manifest are listed and identified and compared to Android specification of the target Android API version.

Dexcalibur provides - only in some case - a description of the permission purpose, the minimal Android API version, ...

Activities analysis

Providers analysis

Services analysis

Receivers analysis

D.1.E Runtime monitoring (not implemented)

Network monitoring

Intent monitoring

File access monitoring

D.1.F Collaborating features

You cannot find multi-user menu ? Not a probleme, there is not a menu but minimalistic collaborative work can be achieve.

Dexcalibur runs a web server. So, if several people are on the same network of this web server and if host firewall is well configured, you can be several to work on the same Dexcalibur instance.

Actual limitations are :

No authentication : everybody into the network can send request to Dexcalibur instance and doing RCE the host through search engine.
No identifying : modifying are not tracked, so, if someone rename a symbol, you could not know who renamed it. Similar case : you are not able to know who created a specific hook.
Single device instrumentation : if several devices are connected to Dexcalibur's host, and even if you can choose the device to instrument, instrumentation and hook messages are linked to the last device selected. So, you cannot generate instrumention for several devices simultaneously.

E. Github Contributors

A special thanks to contributors :

F. Troubleshoots

F.1 Dexcalibur continues to start into "install mode"

Before to go deeper :

Ensure you are connected to Internet : Apktool and target platform are downloaded during install
Did you have tried to reinstall it by doing dexcalibur --reinstall command ? If no, try it.

First, check if global settings have been saved into <user_directory>/.dexcalibur/

$ ls -la ~/.dexcalibur      

total 8
drwxr-xr-x   3 test_user  staff    96 29 avr 11:41 .
drwxr-xr-x+ 87 test_user  staff  2784 29 avr 11:47 ..
-rw-r--r--   1 test_user  staff   204 29 avr 11:41 config.json


$ cat ~/.dexcalibur/config.json 

{
    "workspace":"/Users/test_user/dexcaliburWS3",
    "registry":"https://github.com/FrenchYeti/dexcalibur-registry/raw/master/",
    "registryAPI":"https://api.github.com/repos/FrenchYeti/dexcalibur-registry/contents/"
}

Next, check if structure of Dexcalibur workspace is as following (content of /api folder may differs).

$ ls -la ~/dexcaliburWS/.dxc/*
/Users/test_user/dexcaliburWS/.dxc/api:
total 0
drwxr-xr-x  3 test_user  staff   96 29 avr 11:41 .
drwxr-xr-x  7 test_user  staff  224 29 avr 11:41 ..
drwxr-xr-x  8 test_user  staff  256 29 avr 11:41 sdk_androidapi_29_google

/Users/test_user/dexcaliburWS/.dxc/bin:
total 34824
drwxr-xr-x   4 test_user  staff       128 29 avr 11:41 .
drwxr-xr-x   7 test_user  staff       224 29 avr 11:41 ..
-rwxr-xr-x   1 test_user  staff  17661172 29 avr 11:41 apktool.jar
drwxr-xr-x  18 test_user  staff       576 29 avr 11:41 platform-tools

/Users/test_user/dexcaliburWS/.dxc/cfg:
total 8
drwxr-xr-x  3 test_user  staff   96 29 avr 11:41 .
drwxr-xr-x  7 test_user  staff  224 29 avr 11:41 ..
-rw-r--r--  1 test_user  staff  314 29 avr 11:41 config.json

/Users/test_user/dexcaliburWS/.dxc/dev:
total 0
drwxr-xr-x  2 test_user  staff   64 29 avr 11:41 .
drwxr-xr-x  7 test_user  staff  224 29 avr 11:41 ..

/Users/test_user/dexcaliburWS/.dxc/tmp:
total 0
drwxr-xr-x  2 test_user  staff   64 29 avr 11:41 .
drwxr-xr-x  7 test_user  staff  224 29 avr 11:41 ..

G. FAQ

My device not appears when into device list

If you use a physical device connected over USB, ensure developper mode and USB debugging are enabled.

If you use a virtual device, go to /splash.html, select Device Manager, click Connect over TCP ... and follow instructions. If you don't know IP address of your device, let Dexcalibur detect it by checking box automatic configuration.

USB debugging is enabled, but my device not appears when into device list

Connect/disconnect USB and ensure your computer is allowed.
Select file transfert

Why enroll a new device ?

You need to enroll the target device before to be able to use it. During enrollment Dexcalibur gather device metadata and push a compatible version of Frida server.

Such metadata are used to select right frida-server and frida-gadget targets.

My device is listed into Device Manager, but it cannot be enrolled

If a red exclamation mark ! appears on a line into device list, then your desktop is not allowed by device. You probably need to confirm

If your device is listed into DeviceManager and the column online is checked, then click enroll

G.1 My device is listed into Device Manager

If your device is listed into DeviceManager and the column online is checked, then click enroll

How to use an emulator instead of a physical device ?

Dexcalibur version < v0.7 was not able to detect automatically emulated device and use it due to an incomplete ADB output parsing.

Since version >= v0.7, once your virtual device is running, go to /splash.html or click on DEXCALIBUR into navigation bar. Click on Device Manager button into left menu, and click the Refresh button at top of array.

You should have a row starting by the ADB ID of your virtual device.

How to use a device over TCP ?

First, as any target device, you should enroll it.

Click Connect over TCP ... to add a new device over TCP or to connect an enrolled device over TCP.

If the device has never been enrolled, so enrollment will be perform through TCP. In some case, connection over TCP is slower than over USB. So enrollement can take additional time.

If the device has been enrolled over USB, so the new prefered transport type for this device becomes TCP.

How to contribute to the dexcalibur ?

Create a pull request on this repository or create an issue.

How to contribute to the documentation?

Create a pull request on dexcalibur-doc repository.

Documentation is available at here (doc website) and here (wiki)

H. Sponsors


They offered a license for All Products <3

I. Resources

There is actually few documentation and training resources about Dexcalibur. If you successfully used Dexcalibur to win CTF challenge or to find vulnerability, i highly encourage you to share your experience.

J. They wrote something about Dexcalibur

dexcalibur's People

Contributors

Stargazers

Watchers

Forkers

braincoke crackercat mayl8822 simhigo sasqwatch enovella binaryflesh pharazone freemanzyq edwardbetts idkwim raimundojimenez marciopocebon bbhunter heruix masbog thor509 superf0sh ubamrein aplus123 gavz mmiszczyk killvxk xixixi0hehehe bamqj nilin2008 wyu0hop adrivillab abdilahrf jhscheer eybisi frank13810055034 xinzeyang monperrus jarlob ch4rli3kop supperspiderman coperius appcoreopc cyberrift polling-repo-continua 5l1v3r1 rajivraj hackinfinity themaks xtiankisutsa h1d3r pu55yf3r m2sup3rn0va chanpu9 kreasialamteknologi munna-mh ktm2590 nithingowda more2chi virendersran01 saikrishnadm killerwhiles karandpr y0d4a mafia721 actorexpose sathishshan aloksaurabh dougpldevops nsteenv kingking888 android-toolkits fl0-o sycomix mranhell mark-logs-code-hub winsonrich cronos996 mgp25 nobox910 hacker-steroids datougui2020 nipunanirmal kenuosec sashka3076 anonsharzzk parkjunmin sharteeya vkushal28 dxcyber409 phantomlonely korallin crewcutbro ckandroidproject yougoglencoco ianwoneill familyye ninovalboskoni chaoscalm shuixi2013 leinnards vancealot bcpx shuvamoy

dexcalibur's Issues

Decomplied Error

Hi,I encountered an error when performing decompilation

[INFO] [APK HELPER] APK extracted into : /Users/xxx/dexcaliburWS/Wing0/apk
TypeError: Cannot read property 'getUID' of null

httpserver broken or other problem ?

use docker

Server started on : 8000
/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:46
                intentFilter.actions.push(new AndroidCmp.IntentCriteria(e));
                                          ^

TypeError: AndroidCmp.IntentCriteria is not a constructor
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:46:43
    at Array.forEach (<anonymous>)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:42:30
    at Array.forEach (<anonymous>)
    at AndroidManifestParser.parseIntents (/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:32:31)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:83:16
    at Array.forEach (<anonymous>)
    at AndroidManifestParser.parseApplication (/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:79:24)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:225:39
    at Array.forEach (<anonymous>)

npm install failing at frida install

Describe the bug
Failing at the frida install stage

To reproduce / to understand
After pre-req of Java and nodejs are installed, npm install -g dexcalibur

Expected behavior
It should work

Log

5374 silly install [email protected]
5375 info lifecycle [email protected]~install: [email protected]
5376 verbose lifecycle [email protected]~install: unsafe-perm in lifecycle true
5377 verbose lifecycle [email protected]~install: PATH: /usr/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin:/usr/lib/node_modules/dexcalibur/node_modules/frida/node_modules/.bin:/usr/lib/node_modules/dexcalibur/node_modules/.bin:/usr/lib/node_modules/.bin:/home/user/Desktop/platform-tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
5378 verbose lifecycle [email protected]~install: CWD: /usr/lib/node_modules/dexcalibur/node_modules/frida
5379 silly lifecycle [email protected]~install: Args: [ '-c', 'prebuild-install || node-gyp rebuild' ]
5380 silly lifecycle [email protected]~install: Returned: code: 1  signal: null
5381 info lifecycle [email protected]~install: Failed to exec install script
5382 timing action:install Completed in 1710ms
5383 verbose unlock done using /home/user/.npm/_locks/staging-a072192f34a17023.lock for /usr/lib/node_modules/.staging
5384 timing stage:rollbackFailedOptional Completed in 686ms
5385 timing stage:runTopLevelLifecycles Completed in 18774ms
5386 verbose stack Error: [email protected] install: `prebuild-install || node-gyp rebuild`
5386 verbose stack Exit status 1
5386 verbose stack     at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:332:16)
5386 verbose stack     at EventEmitter.emit (events.js:315:20)
5386 verbose stack     at ChildProcess.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14)
5386 verbose stack     at ChildProcess.emit (events.js:315:20)
5386 verbose stack     at maybeClose (internal/child_process.js:1051:16)
5386 verbose stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
5387 verbose pkgid [email protected]
5388 verbose cwd /home/user/Desktop
5389 verbose Linux 5.4.0-29-generic
5390 verbose argv "/usr/bin/node" "/usr/bin/npm" "install" "-g" "dexcalibur"
5391 verbose node v14.2.0
5392 verbose npm  v6.14.4
5393 error code ELIFECYCLE
5394 error errno 1
5395 error [email protected] install: `prebuild-install || node-gyp rebuild`
5395 error Exit status 1
5396 error Failed at the [email protected] install script.
5396 error This is probably not a problem with npm. There is likely additional logging output above.
5397 verbose exit [ 1, true ]

Desktop (please complete the following information):

OS: Ubuntu 20.04
Node JS version: 14.2.0
Dexcalibur version (see 'package.json' or output) : 0.7

Hooks on methods within dynamically loaded DEX do not work

The APK loads dynamically (using DexClassLoader) another DEX file. I want to hook a method inside that second dex.

With Dexcalibur, I am able to search for that method, and create a custom hook ("probe on") for it. For example, in the image below I probe a method a() which is contained within a dynamically loaded dex.

The custom hook appears ok in Dexcalibur. See the custom hook at the bottom.

Unfortunately, it does not work! When I spawn Dexcalibur, the hook never gets called : no logs appear for it (for other hooks, logs appear fine).

I am 100% certain though the hooked method is called. I tried with Frida, and hooked that function, and I get in the hook fine.
I tried to hook another method from that dynamically loaded dex: onCreate() from a class which is actually the main of the loaded dex. Same, no logs appear for onCreate with Dexcalibur.

Conclusion: I think something is broken with the implementation of those dyn hooks.

NB. I do not recall the Dexcalibur console showing anything abnormal.

Desktop (please complete the following information):

OS: Linux Mint
Node JS version: 12.20
Dexcalibur version (see 'package.json' or output) : 0.7.3
Sample I tried it with: Android/Alien malware dc215663af92d41f40f36088ec1b850b81092ea94a4a061a9ce88178daee965a. You can get it from github (September 2020). Beware: it is malicious!

Project UID should not have spaces

If you put unescaped spaces in Dexcalibur's project UID, it fails then to load your APK (Linux path issue IMHO):

For example :

cmd: 'java -jar /home/axelle/dexcaliburWS/.dxc/bin/apktool.jar decode -f -m /home/axelle/dexcaliburWS/Tous Anti Covid_0/app.apk -o /home/axelle/dexcaliburWS/Tous Anti Covid_0/apk',
  stdout: '',
  stderr: 'Input file (Covid_0/apk) was not found or was not readable.\n'

To reproduce

Dexcalibur
Create a new project
In project UUID, set a name with spaces.

Expected behavior
I think it would be valid to say UUID can't have spaces or any silly characters ;-)

Desktop (please complete the following information):

OS: Linux Mint 20
Node JS version: 12.20.0
Dexcalibur version (see 'package.json' or output) : 0.7.3

static T_ERROR = 1; error

Hi when I run dexcalibur the it gives error

./dexcalibur --app=com.app.test --port=8000 --pull
/dexcalibur-master/src/Logger.js:38

static T_ERROR = 1;
^

SyntaxError: Unexpected token = at new Script (vm.js:80:7) at createScript (vm.js:274:10) at Object.runInThisContext (vm.js:326:10) at Module._compile (internal/modules/cjs/loader.js:664:28) at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10) at Module.load (internal/modules/cjs/loader.js:600:32) at tryModuleLoad (internal/modules/cjs/loader.js:539:12) at Function.Module._load (internal/modules/cjs/loader.js:531:3) at Module.require (internal/modules/cjs/loader.js:637:17) at require (internal/modules/cjs/helpers.js:22:18)

My os : MacOs

ENOENT lstat on workspace

[*] 2713 field calls mapped
[INFO] Scanning default path : /home/lamba/workspace/org.telegram.messenger/dex
internal/fs/utils.js:220
    throw err;
    ^

Error: ENOENT: no such file or directory, lstat '/home/lamba/workspace/org.telegram.messenger/dex'
    at Object.lstatSync (fs.js:906:3)
    at Object.forEachFileOf (/home/lamba/dexcalibur/src/Utils.js:86:66)
    at Analyzer.path (/home/lamba/dexcalibur/src/Analyzer.js:892:12)
    at Project.fullscan (/home/lamba/dexcalibur/src/Project.js:381:22)
    at Object.<anonymous> (/home/lamba/dexcalibur/dexcalibur:169:37)
    at Module._compile (internal/modules/cjs/loader.js:955:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:991:10)
    at Module.load (internal/modules/cjs/loader.js:811:32)
    at Function.Module._load (internal/modules/cjs/loader.js:723:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1043:10) {
  errno: -2,
  syscall: 'lstat',
  code: 'ENOENT',
  path: '/home/lamba/workspace/org.telegram.messenger/dex'
}

Dexcalibur 0.7.5 install does not complete, no sdk_androidapi_29_google.dex

Currently installing 0.7.5. It asked for my workspace etc. And now blocked on this:

I can't go any further than that.
The console shows this line:

And indeed, the issue is that I have no sdk_androidapi_29_google.dex. So disassembling it fails.

Host: Linux Mint 20.1
NodeJS: 12.20.1
Dexcalibur: 0.7.5
Frida: 14.2.10

Post Install Setup Error "ENOENT: no such file or directory, open '/home/user/.dexcalibur/config.json'"

Describe the bug
Dexcalibr crashes trying to download the adb/apktool and create the config file.

To reproduce / to understand
On Kali:

sudo apt install nodejs npm python3-pip
sudo pip3 install frida-tools
sudo npm install -g dexcalibur
dexcalibur
Open Firefox http://127.0.0.1:9000
Click Next
Web application does not proceed, terminal output shows error below.

Screenshots
Dexcalibur in the browser

Dexcalibur in the terminal:

# once I press next after defining the file encoding, workspace path, default port and auto install.
[...]
[Object: null prototype] { _t: '1614172420620' }
internal/fs/utils.js:269
    throw err;
    ^

Error: ENOENT: no such file or directory, open '/home/kali/.dexcalibur/config.json'
    at Object.openSync (fs.js:462:3)
    at Object.writeFileSync (fs.js:1384:35)
    at DexcaliburEngine.postInstall (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburEngine.js:573:14)
    at Object.onSuccess (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburEngine.js:519:26)
    at Installer.runTask (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:150:28)
    at Installer.nextTask (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:162:22)
    at Object.onSuccess (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:139:26)
    at /usr/local/lib/node_modules/dexcalibur/src/Installer.js:77:36
    at internal/streams/pipeline.js:90:7
    at internal/util.js:392:14 {
  errno: -2,
  syscall: 'open',
  code: 'ENOENT',
  path: '/home/kali/.dexcalibur/config.json'
}

Desktop (please complete the following information):

OS: Kali GNU/Linux Rolling
Node JS version: v12.20.1
Dexcalibur version (see 'package.json' or output) : 0.7.8

Please add windows OS support

Dexcalibur not supporting windows, so please consider this request.
Because more of users are friendly with windows :)

How to use dexcalibur with Mac OS host using docker?

I assume that the steps are the same as when using a Linux host: https://github.com/FrenchYeti/dexcalibur/wiki/Use-the-Docker-image

Except I can't seem to replicate the "Find the device ID and path" step on Mac OSx.

Any tips? I've tried different modes MTP/PTP on Android. It seems that we need to find a way to mount the Android disk on Mac OSX first or use a custom Virtual Box VM (running Linux) to run docker, which seems quite convoluted... https://devops.stackexchange.com/a/5836

Does anyone have a much simple and straightforward way to do this?

Hook manager attach to app complains Cannot read property 'getDefaultBridge'

In Dexcalibur hook manager panel, I click on attach to app.

Note that frida_server is running despite what the GUI says (see Issue: #32).

generic_x86_64:/ $ ps -u root | grep frida
root         16627 16617   79892  61196 poll_schedule_timeout 0 S frida_server
root         16648     1   14308   4552 poll_schedule_timeout 0 S frida-helper-32

Dexcalibur console says:

[INFO] [WEBSERVER] Start hooking [app=undefined, type=attach-app-self]
TypeError: Cannot read property 'getDefaultBridge' of undefined
    at Function.getDevice (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/FridaHelper.js:235:40)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/HookManager.js:1488:40
    at Generator.next (<anonymous>)
    at onFulfilled (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/co/index.js:65:19)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/co/index.js:54:5
    at new Promise (<anonymous>)
    at co (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/co/index.js:50:10)
    at createPromise (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/co/index.js:30:15)
    at HookManager.start (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/HookManager.js:1574:9)
    at HookManager.startByAttachToApp (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/HookManager.js:1439:14)
error: Cannot read property 'getDefaultBridge' of undefined

The GUI does not say anything special:

The app is running too:

generic_x86_64:/ $ ps -A | grep tuna                                                                                                             
u0_a201      17257  1483 1457216  94888 ep_poll             0 S tuna.obvious.trust

OS: Linux Mint 20
Node JS version: 12.20.0
Dexcalibur version (see 'package.json' or output) : 0.7.3
Android version: 8.0 x86 emulator
Rooted

Device parsing bug in AdbWrapper

[*] Working directory : E:\Dexcalibur\workspace\com.dontworry.aboutit
[INFO] Unrecognized key (single token) : devices
[INFO] Unrecognized key (single token) : devices
[INFO] Unrecognized key (single token) : devices
[INFO] Unrecognized key (single token) : product:bullhead

Here is the result of device list;

E:\Dexcalibur>adb devices -l
List of devices attached
0a1b2c3d4e5f6e7d device product:bullhead model:Nexus_5X device:bullhead transport_id:22

Bytecode cleaner : doubleStatic heuristic is broken

doubleStatic heuristic throws exception on "args[0].forEach". It blocks auto-save of aliases generated by this bytecode cleaner feature.

JavaScript heap out of memory

While scanning the apk, I am getting this error.
Due to security issues, I can't share the complete stack trace but some of the error snippets are

[INFO] [INSPECTOR MANAGER] Project[**APK_NAME**], Step[POST_PLATFORM_SCAN] deploying inspectors : <none>
[INFO] Scanning default path : /root/dexcaliburWS/**APK**/apk

<--- Last few GCs --->

[398:0x4758e90]    82147 ms: Mark-sweep 2040.1 (2057.5) -> 2038.1 (2058.0) MB, 2531.6 / 0.0 ms  (average mu = 0.137, current mu = 0.066) allocation failure scavenge might not succeed
[398:0x4758e90]    84066 ms: Mark-sweep 2040.9 (2058.2) -> 2039.3 (2059.5) MB, 1736.4 / 0.0 ms  (average mu = 0.117, current mu = 0.095) allocation failure scavenge might not succeed


<--- JS stacktrace --->

==== JS stack trace =========================================

0: ExitFrame [pc: 0x140dcd9]
Security context: 0x1989a9dc08d1 <JSObject>
1: method [0x3817beb8ca81] [/usr/lib/node_modules/dexcalibur/src/SmaliParser.js:~373] [pc=0xcc232e1c3c2](this=0x2fa551ac5a49 <SmaliParser map = 0xc6671e13c19>,0x3ba9381d2311 <JSArray[2]>,0x3ba9381c9ec9 <String[11]: .end method>,67)
2: parse [0x3817beb8caf1] [/usr/lib/node_modules/dexcalibur/src/SmaliParser.js:~703] [pc=0xcc232d8351e](this=0x2fa551ac5a49 <...

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory

After this, I even tried node /usr/lib/node_modules/dexcalibur/dexcalibur.js --max-old-space-size=8192, but still no luck.

Please do let me know if I am doing anything wrong.

Also, this is running inside docker but I am getting similar error if I install dexcalibur in VM as well.

question: how to log the execution of a method in the console?

Thanks to #22 (comment), I can now create a hook for a method:

> var  meth = Project.find.method("enclosingClass.name:TelephonyManager").get(7)
> var  hook = Project.hook.probe(meth);

However, when I run the application, I don't see anything in the log regarding the execution of this method.

how to log the execution of a method in the console?

Thanks!

dexcalibur crash after [INFO] Scanning default path

Hello !

First , thanks you for your work :)

I just give a try to dexcalibur but i have this error if i use the docker version or with the manual installation.

I don't know if i have miss something or if it's because i use an emulator.

[*] Device selected : emulator-5554
[*] Package found
[*] Package downloaded to /home/example/example.apk
S: WARNING: Could not write to (/home/example/apktool/framework), using /tmp instead...
S: Please be aware this is a volatile directory and frameworks could go missing, please utilize --frame-path if the default storage directory is unavailable
[*] APK decompiled in /home/example/dex
[INFO] Scanning platform android:7.0.0
[*] Smali analyzing done.
---------------------------------------
[*] 3683 classes analyzed. 

[*] Start object mapping ...
------------------------------------------
DB size : 3683
200/3683 Classes mapped (android.app.usage.UsageStatsManager)
400/3683 Classes mapped (android.database.sqlite.SQLiteDatabaseCorruptException)
600/3683 Classes mapped (android.hardware.camera2.CameraCaptureSession)
800/3683 Classes mapped (android.media.browse.MediaBrowser$SubscriptionCallback)
1000/3683 Classes mapped (android.opengl.GLSurfaceView$Renderer)
1200/3683 Classes mapped (android.provider.ContactsContract$CommonDataKinds$Photo)
1400/3683 Classes mapped (android.renderscript.Type)
1600/3683 Classes mapped (android.text.method.CharacterPickerDialog)
1800/3683 Classes mapped (android.view.LayoutInflater$Factory)
2000/3683 Classes mapped (android.webkit.WebView)
2200/3683 Classes mapped (java.io.ByteArrayOutputStream)
2400/3683 Classes mapped (java.lang.reflect.Member)
2600/3683 Classes mapped (java.security.PolicySpi)
2800/3683 Classes mapped (java.util.AbstractQueue)
3000/3683 Classes mapped (java.util.logging.LoggingPermission)
3200/3683 Classes mapped (javax.xml.transform.sax.SAXSource)
3400/3683 Classes mapped (org.apache.http.entity.ContentProducer)
3600/3683 Classes mapped (org.apache.http.util.ExceptionUtils)
3683/3683 Classes mapped (org.xmlpull.v1.sax2.Driver)
[*] 35556 methods indexed
[*] 16380 fields indexed
[*] 130193 instructions indexed
[*] 33921 method calls mapped
[*] 2713 field calls mapped
[INFO] Scanning default path : /home/example/example/dex
[*] Smali analyzing done.
---------------------------------------
[*] 15580 classes analyzed. 

[*] Start object mapping ...
------------------------------------------
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.commons.logging.Log
Override methods of  org.apache.commons.logging.Log
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.ConnectionClosedException
Override methods of  org.apache.http.ConnectionClosedException
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.ConnectionReuseStrategy
Override methods of  org.apache.http.ConnectionReuseStrategy
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.FormattedHeader
Override methods of  org.apache.http.FormattedHeader
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.Header
Override methods of  org.apache.http.Header
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HeaderElement
Override methods of  org.apache.http.HeaderElement
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HeaderElementIterator
Override methods of  org.apache.http.HeaderElementIterator
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HeaderIterator
Override methods of  org.apache.http.HeaderIterator
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpClientConnection
Override methods of  org.apache.http.HttpClientConnection
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpConnection
Override methods of  org.apache.http.HttpConnection
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpConnectionMetrics
Override methods of  org.apache.http.HttpConnectionMetrics
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpEntity
Override methods of  org.apache.http.HttpEntity
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpEntityEnclosingRequest
Override methods of  org.apache.http.HttpEntityEnclosingRequest
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
Override fields of  org.apache.http.HttpException
Override methods of  org.apache.http.HttpException
[ERROR] TypeError: cls.getSuperClass(...).getName is not a function
/home/example/dexcalibur/src/Analyzer.js:522
                    cls.addInterfaces(Resolver.type(absoluteDB, ext[i]));
                        ^

TypeError: cls.addInterfaces is not a function
    at /home/example/dexcalibur/src/Analyzer.js:522:25
    at Collection.map (/home/example/dexcalibur/src/InMemoryDb.js:158:13)
    at MakeMap (/home/example/dexcalibur/src/Analyzer.js:471:18)
    at Analyzer.path (/home/example/dexcalibur/src/Analyzer.js:885:9)
    at Project.fullscan (/home/example/dexcalibur/src/Project.js:373:22)
    at Object.<anonymous> (/home/example/dexcalibur/dexcalibur:164:37)
    at Module._compile (internal/modules/cjs/loader.js:945:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:962:10)
    at Module.load (internal/modules/cjs/loader.js:798:32)
    at Function.Module._load (internal/modules/cjs/loader.js:711:12)

Dexcalibur panel Hanged

Describe the bug
I installed the dexcalibur and ran, Connected to the emulator and emulator is shown online Still The progress bar is not moving and gets hanged at particular poosition everytime.

I desperately want to use it. What Have I miss ?

Devices listing bug

Hello,
sometimes Dexcalibur shows Devices ID with a simple "*".

This means that it doesn't correct recognized the device, simply because it launched the adb devices listing command, that returned a string like "* daemon started successfully *" and it get the first character as a correct Device ID.

To let it works with a workaround, I modified that piece of code to call device listing two times, in this way:

Hope it helps other guys and developers

Does not work. Error.

Hello, tell me if it will work for Windows?

After the command npm install -g dexcalibur

I get this error

npm WARN deprecated [email protected]: This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.

npm ERR! code EEXIST
npm ERR! path C:\Users\User\AppData\Roaming\npm\node_modules\dexcalibur\dexcalibur
npm ERR! dest C:\Users\User\AppData\Roaming\npm\dexcalibur
npm ERR! EEXIST: file already exists, cmd shim 'C:\Users\User\AppData\Roaming\npm\node_modules\dexcalibur\dexcalibur' -> 'C:\Users\User\AppData\Roaming\npm\dexcalibur'
npm ERR! File exists: C:\Users\User\AppData\Roaming\npm\dexcalibur
npm ERR! Remove the existing file and try again, or run npm
npm ERR! with --force to overwrite files recklessly.

npm ERR! A complete log of this run can be found in:

Unable to communicate with remote frida-server

Hi, I got an error as shown below when I clicked the "Replay hook" button.

usb device: Device { id: '84B7N15A10012327', name: 'Huawei Nexus 6P', icon: Icon { width: 16, height: 16, rowstride: 64, pixels: <Buffer 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 40 d2 e2 9c ff ff ff ff 30 ff ff ff 40 ff ff ff 40 ff ff ff 30 d7 e5 a8 ff ff ff ff 40 00 00 ... > }, type: 'usb' } error: Unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use

My Frida version is 11.0.3, and so is the frida-server. It works well when I run the command frida-ps -U in the terminal. And I modified the "fridaDevPath" in config.js to "/data/local/tmp/frida-server-11.0.3" which is my frida-server location. So I don't know why this mistake happened.

Bug in parsing of SMALI with unexpected label in array definition

Describe the bug
I have a malware sample (acb38742fddfc3dcb511e5b0b2b2a2e4cef3d67cc6188b29aeb4475a717f5f95) that contains the following code:

   :sswitch_4
    goto/16 :goto_19

    nop

    :array_0
    :goto_12
    .array-data 1
        0x27t
        0x7t
        0x8t
        0x73t
        0x26t
        0x1t
        0x20t
        0x0t
        0x7ct
        0x0t

There is a label statement between the array name and the array initialization. This causes Dexcalibur to fail since it thinks it's in a new BasicBlock while it should be in a DataBlock. The actual error I'm getting is:

TypeError: this.__tmp_block.setDataWidth is not a function
    at SmaliParser.method (/usr/local/lib/node_modules/dexcalibur/src/SmaliParser.js:437:34)
    at SmaliParser.parse (/usr/local/lib/node_modules/dexcalibur/src/SmaliParser.js:736:34)
    at Analyzer.file (/usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:800:30)
    at /usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:839:18
    at Object.forEachFileOf (/usr/local/lib/node_modules/dexcalibur/src/Utils.js:108:21)
    at Object.forEachFileOf (/usr/local/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Object.forEachFileOf (/usr/local/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Analyzer.path (/usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:838:12)
    at DexcaliburProject.fullscan (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburProject.js:737:26)
    at DexcaliburProject.open (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburProject.js:468:21)

this.__tmp_block is of type BasicBlock and not of type DataBlock.

Expected behavior
Ignore the invalid smali and fix it.

Suggested Fix
This might be difficult to solve correctly without regression bugs... You could check for this specific situation when encountering a goto label, or maybe you can 'look to previous lines' when you encounter an .array-data without a label and add the label manually? Or maybe a preprocessing step that searches for this specific situation and flips the two lines? I don't know if you currently have those...

If you don't want me to open bugs for these edge cases let me know, but malware seems like a very good use case for Dexcalibur so correctly dealing with 'weird smali' would make sense.

Bug in SMALI parsing with extra whitespace

Describe the bug
I have a malware sample that contains the following SMALI line:

const-string v1 "Auto"\r

Dexcalibur gives an error while analyzing.

To reproduce / to understand
Ran excalibur with debug to get the following error:

TypeError: Cannot read property '1' of null
    at Object.setstring [as parse] (/usr/local/lib/node_modules/dexcalibur/src/Opcode.js:329:20)
    at Object.parse (/usr/local/lib/node_modules/dexcalibur/src/Opcode.js:1043:15)
    at SmaliParser.instr (/usr/local/lib/node_modules/dexcalibur/src/SmaliParser.js:324:23)
    at SmaliParser.method (/usr/local/lib/node_modules/dexcalibur/src/SmaliParser.js:611:32)
    at SmaliParser.parse (/usr/local/lib/node_modules/dexcalibur/src/SmaliParser.js:733:34)
    at Analyzer.file (/usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:800:30)
    at /usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:839:18
    at Object.forEachFileOf (/usr/local/lib/node_modules/dexcalibur/src/Utils.js:108:21)
    at Object.forEachFileOf (/usr/local/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Analyzer.path (/usr/local/lib/node_modules/dexcalibur/src/Analyzer.js:838:12)

I added a few debug lines as wel at line 324:

console.log(src);
console.log("---");
console.log(raw_src);

[ 'const-string', 'v1,', '"Auto"\r' ]
---
 v1, "Auto"

Expected behavior
Not crash

Desktop (please complete the following information):

OS: Kali
Node JS version: v12.21.0
Dexcalibur version (see 'package.json' or output) : 0.7.8

I'm not sure if it's valid SMALI code, but the sample appears to execute correctly.

Fix

I added raw_src = raw_src.trim(); to Opcode.js:1040 but there may be a better place to put that.

question: how to map probe events to inspectors

Hi;

Looking at a probe event from http://localhost:8000/api/probe/msg, I would like to know the inspector that generated it. However, this information is not obvious in the JSON (below). The hook id may be correct (here Zjg3YmRjOTA3ZTVjNzdhNDIxNGM2Yzg5YTM5OGQ4N2Y=), but how to map back a hook id to a hook in inspectors/?

Thanks!

         {
            "action" : "Update",
            "after" : false,
            "before" : true,
            "data" : {
               "name" : "android.app.servertransaction.StopActivityItem"
            },
            "hook" : "Zjg3YmRjOTA3ZTVjNzdhNDIxNGM2Yzg5YTM5OGQ4N2Y=",
            "isIntercept" : false,
            "match" : true,
            "msg" : "Class.forName()",
            "tags" : [
               {
                  "style" : "purple",
                  "text" : "dynamic"
               }
            ]
         }

I got an error while installing on Mac OS

Hi,

npm install -g dexcalibur --force

I got the following error while installing on mac:

npm WARN using --force Recommended protections disabled.
npm WARN deprecated [email protected]: This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.
npm ERR! code 1
npm ERR! path /usr/local/lib/node_modules/dexcalibur/node_modules/frida
npm ERR! command failed
npm ERR! command sh -c prebuild-install || node-gyp rebuild
npm ERR! prebuild-install WARN install No prebuilt binaries found (target=16.0.0 runtime=node arch=x64 libc= platform=darwin)
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | darwin | x64
npm ERR! gyp info find Python using Python version 3.7.10 found at "/usr/local/opt/[email protected]/bin/python3.7"
npm ERR! (node:1674) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
npm ERR! (Use node --trace-deprecation ... to show where the warning was created)
npm ERR! gyp info spawn /usr/local/opt/[email protected]/bin/python3.7
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args 'binding.gyp',
npm ERR! gyp info spawn args '-f',
npm ERR! gyp info spawn args 'make',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/dexcalibur/node_modules/frida/build/config.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/Users/Library/Caches/node-gyp/16.0.0/include/node/common.gypi',
npm ERR! gyp info spawn args '-Dlibrary=shared_library',
npm ERR! gyp info spawn args '-Dvisibility=default',
npm ERR! gyp info spawn args '-Dnode_root_dir=/Users//Library/Caches/node-gyp/16.0.0',
npm ERR! gyp info spawn args '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args '-Dnode_lib_file=/Users//Library/Caches/node-gyp/16.0.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args '-Dmodule_root_dir=/usr/local/lib/node_modules/dexcalibur/node_modules/frida',
npm ERR! gyp info spawn args '-Dnode_engine=v8',
npm ERR! gyp info spawn args '--depth=.',
npm ERR! gyp info spawn args '--no-parallel',
npm ERR! gyp info spawn args '--generator-output',
npm ERR! gyp info spawn args 'build',
npm ERR! gyp info spawn args '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp: binding.gyp not found (cwd: /usr/local/lib/node_modules/dexcalibur/node_modules/frida) while trying to load binding.gyp
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: gyp failed with exit code: 1
npm ERR! gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:365:28)
npm ERR! gyp ERR! stack at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
npm ERR! gyp ERR! System Darwin 16.7.0
npm ERR! gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /usr/local/lib/node_modules/dexcalibur/node_modules/frida
npm ERR! gyp ERR! node -v v16.0.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok

Thanks a lot

dexcalibur "not found" bug in Docker container

Currently, with the Docker container I get this error:

# ./dexcalibur --app=com.freestylelibre.app.fr --port=8000 --pull
/bin/sh: 23: ./dexcalibur: not found

Investigating a little, we see this is caused by the fact the script uses /usr/local/bin/node which does not exist in the container, but /usr/bin/node.

# ls -al dexcalibur
-rwxr-xr-x 1 root root 5599 Jan 22 12:42 dexcalibur
# ls /usr/local/bin/node
ls: cannot access '/usr/local/bin/node': No such file or directory
# ls /usr/bin/node
/usr/bin/node

The solution is to replace the first line of dexcalibur with the reference to /usr/bin/node (or install node in /usr/local/bin). And then, it works :)

Add/enroll target device over TCP

Add a switch between USB/TCP in order to use ADB over TCP instead of USB.
Add enrollment over TCP.

APIs directory and dexcaliburPath

Is something is off with looking for the APIs path at launch? The APIs directory exists in the repo, but is referenced outside of dexcaliburPath.

Runtime error from launching dexcalibur:

Scanning platform android:7.0.0
fs.js:120
    throw err;
    ^

Error: ENOENT: no such file or directory, lstat '/Users/coreygarst/code/dexcalibur/../APIs//android_24/'
    at Object.lstatSync (fs.js:862:3)
    at Object.forEachFileOf (/Users/coreygarst/code/dexcalibur/src/Utils.js:44:53)
    at Analyzer.path (/Users/coreygarst/code/dexcalibur/src/Analyzer.js:790:12)
    at Project.fullscan (/Users/coreygarst/code/dexcalibur/src/Project.js:263:18)
    at Object.<anonymous> (/Users/coreygarst/code/dexcalibur/dexcalibur:131:37)
    at Module._compile (internal/modules/cjs/loader.js:734:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:745:10)
    at Module.load (internal/modules/cjs/loader.js:626:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:566:12)
    at Function.Module._load (internal/modules/cjs/loader.js:558:3)

dexcaliburPath in my config.js:

    // Dexcalibur src location
    dexcaliburPath: "/Users/coreygarst/code/dexcalibur",

This exists at line 113 of Configuration.js:

this.platform_available[i] = new Platform(this.platform_available[i],this.dexcaliburPath+"/../APIs/");

Did I miss something in setting up the config? Should the path in Configuration.js actually be this.dexcaliburPath+"/APIs/"?

JavaScript heap out of memory

Hello,
Even if I try to use the command: node /usr/lib/node_modules/dexcalibur/dexcalibur.js --max-old-space-size=16384 I still get the crash with error JavaScript heap out of memory:

[*] 44453 methods indexed
[*] 21470 fields indexed
[*] 167627 instructions indexed
[*] 43020 method calls mapped
[*] 4691 field calls mapped
[INFO] [INSPECTOR MANAGER] Project[wikiii], Step[POST_PLATFORM_SCAN] deploying inspectors : <none>
[INFO] Scanning default path :
<--- Last few GCs --->

[1151262:0x555e074894b0]   112232 ms: Mark-sweep 2038.7 (2085.5) -> 2037.3 (2090.5) MB, 1948.6 / 0.0 ms  (average mu = 0.249, current mu = 0.013) allocation failure scavenge might not succeed
[1151262:0x555e074894b0]   114190 ms: Mark-sweep 2041.8 (2090.7) -> 2039.3 (2092.5) MB, 1945.6 / 0.0 ms  (average mu = 0.140, current mu = 0.006) allocation failure scavenge might not succeed


<--- JS stacktrace --->

FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
 1: 0x555e058d2971 node::Abort() [node]
 2: 0x555e057d9c63 node::FatalError(char const*, char const*) [node]
 3: 0x555e05aaaaf2 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node]
 4: 0x555e05aaad58 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node]
 5: 0x555e05c687a6  [node]
 6: 0x555e05c79770 v8::internal::Heap::CollectAllGarbage(int, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [node]
 7: 0x555e05c7b74d v8::internal::Heap::AllocateRawWithLightRetrySlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [node]
 8: 0x555e05c7b7b5 v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [node]
 9: 0x555e05c41248 v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationType, v8::internal::AllocationOrigin) [node]
10: 0x555e05f7d51b v8::internal::Runtime_AllocateInYoungGeneration(int, unsigned long*, v8::internal::Isolate*) [node]
11: 0x555e06305339  [node]
fish: Job 1, 'node /usr/lib/node_modules/dexc…' terminated by signal SIGABRT (Abort)

Error after uploading APK

I'm getting the following error after uploading an apk to analyze. I'm afraid I'm not so knowledgeable on this I'm trying to follow a blog on reversing a malware sample https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/

I'm using the same sample as in the blog, though he mentions a couple of bugs, I see they have been patched now. I also get the same error with a more recent sample from today.

Any help here would be greatly appreciated

[INFO] [INSPECTOR MANAGER] Project[test], Step[POST_PLATFORM_SCAN] deploying inspectors : <none>
[INFO] Scanning default path : /home/user/dexcaliburWS/test/apk
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in [Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Vknow type : 
)(in Vknow type : 
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
 v0, Lcom/RNFetchBlob/RNFetchBlobReq$e;
TypeError: Cannot read property '1' of null
    at Object.setclass [as parse] (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:356:20)
    at Object.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:1041:15)
    at SmaliParser.instr (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:324:23)
    at SmaliParser.method (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:629:32)
    at SmaliParser.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:751:34)
    at Analyzer.file (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:800:30)
    at /home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:839:18
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:108:21)
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Analyzer.path (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:838:12)
[ERROR] ENGINE openProject() failed

best regards

question: how to use dexcalibur as library?

Right now, I'm using Dexcalibur with a single command + browser.

To get access to more features, I need to use it as a library.

What's the equivalent of ./dexcalibur --app=com.myapp --pull in a library setting?

(I volunteer to port the answer in dexcalibu-doc afterwards)

Needed libyara-dev dependency not documented

On Ubuntu 18.04 the installation instructions are incomplete. The libyara-dev package is required to build, otherwise the build fails with this message:

~/dexcalibur$ npm install

> [email protected] install /home/bmosher/dexcalibur/node_modules/yara
> node-gyp rebuild

make: Entering directory '/home/bmosher/dexcalibur/node_modules/yara/build'
  CXX(target) Release/obj.target/yara/src/yara.o
In file included from ../src/yara.cc:13:0:
../src/yara.h:8:10: fatal error: yara.h: No such file or directory
 #include <yara.h>
          ^~~~~~~~
compilation terminated.
yara.target.mk:105: recipe for target 'Release/obj.target/yara/src/yara.o' failed
make: *** [Release/obj.target/yara/src/yara.o] Error 1
make: Leaving directory '/home/bmosher/dexcalibur/node_modules/yara/build'
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/home/bmosher/.nvm/versions/node/v13.1.0/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack     at ChildProcess.emit (events.js:210:5)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Linux 4.4.0-18362-Microsoft
gyp ERR! command "/home/bmosher/.nvm/versions/node/v13.1.0/bin/node" "/home/bmosher/.nvm/versions/node/v13.1.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /home/bmosher/dexcalibur/node_modules/yara
gyp ERR! node -v v13.1.0
gyp ERR! node-gyp -v v5.0.5
gyp ERR! not ok
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/bmosher/.npm/_logs/2019-11-20T04_18_33_659Z-debug.log

Fixing this requires you install the missing package:

sudo apt-get install libyara-dev

Add Cipher.doFinal hook by default (Feature request)

This is a feature request, not a bug. Fortunately, probably easy to add :)

I recommend you add by default hooks for Cipher.doFinal, and that in the hook, you show the input byte array argument and in the output, the returned byte array.

This is very helpful to view encrypted/decrypted data :)

TypeError: this.__tmp_block.setDataWidth is not a function

Describe the bug
A clear and concise description of what the bug is.

When I trying to analyze the application in the device using dexcalibur, an error occurs while parsing the smali code.

To reproduce / to understand
Please provide the command used to launch Dexcalibur and steps (if applicable).

Execute following command: node --max-old-space-size=16384 ./dexcalibur.js
Select an application -> Press scan -> The error occurs

Expected behavior
A clear and concise description of what you expected to happen.

The application is processed and normal dexcalibur UI screen appears.

Screenshots
If applicable, add screenshots or copy Dexcalibur output.

Desktop (please complete the following information):

OS: [Windows 10]
Node JS version: [12.22.1]
Dexcalibur version (see 'package.json' or output) : [0.7.9]

Error when run dexcalibur

Given this command:

node --max-old-space-size=8192 ./dexcalibur

I get the following error:

\AppData\Roaming\npm\node_modules\dexcalibur\dexcalibur:5
if [ $# = 2 ] && [ $1 = "--max-heap" ] && [ $2 -ge 1024 ]
^

SyntaxError: Unexpected token '['
�[90m at wrapSafe (internal/modules/cjs/loader.js:979:16)�[39m
�[90m at Module._compile (internal/modules/cjs/loader.js:1027:27)�[39m
�[90m at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)�[39m
�[90m at Module.load (internal/modules/cjs/loader.js:928:32)�[39m
�[90m at Function.Module._load (internal/modules/cjs/loader.js:769:14)�[39m
�[90m at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)�[39m
�[90m at internal/main/run_main_module.js:17:47�[39m

Feature: save hook logs

This is not a bug, but a feature request.
When you launch Hook > Run (e.g spawn), you get a list of logs of functions that got hooked.
Unfortunately, if you navigate to another tab (e.g Runtime analysis), you lose that list of logs.
It would be nice either to keep them, or to have a feature to save that in a file, so that we can freely navigate through tabs without losing results.

[Dexcalibur 0.7.8]

I got an error while installing on Mac OS

Hi,

npm install -g dexcalibur --force

I got the following error while installing on mac:

Thanks a lot

Save button into edit hook panel is not working

The buttons "save" and "save & reload" not work since the new UI has been released.

Use dexcalibur docker with an emulator

Hi,
Is it possible to use dexcalibur docker image with an Android emulator and not a real device?
I fail to understand what to provide in --device=... argument.

For example, if you have an emulator running, it seems the name emulator-5554 cannot be used, and is waiting for a path.

$ adb devices
List of devices attached
emulator-5554

Example:
docker run -it -v $PWD:/home/dexcalibur/workspace -p 9999:8080 --device=.... frenchyeti/dexcalibur

When killing an app, I get an error that is not catched

Using the kill app button in the UI:

[INFO] spawned:24357
script loaded Script {}
[INFO] [REST] /api/hook/frida/kill POST
Execute command request : /home/user/dexcaliburWS/.dxc/bin/platform-tools/adb -s 2531c536 shell su -c "kill 24357"
/system/bin/sh: kill: 24357: No such process
node:child_process:826
    err = new Error(msg);
          ^

Error: Command failed: /home/user/dexcaliburWS/.dxc/bin/platform-tools/adb -s 2531c536 shell su -c "kill 24357"
/system/bin/sh: kill: 24357: No such process

    at checkExecSyncError (node:child_process:826:11)
    at Object.execSync (node:child_process:900:15)
    at Object.execSync (/usr/lib/node_modules/dexcalibur/src/Utils.js:204:27)
    at AdbWrapper.privilegedShell (/usr/lib/node_modules/dexcalibur/src/AdbWrapper.js:775:23)
    at Device.privilegedExecSync (/usr/lib/node_modules/dexcalibur/src/Device.js:459:38)
    at /usr/lib/node_modules/dexcalibur/src/WebServer.js:1206:57
    at Layer.handle [as handle_request] (/usr/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5)
    at next (/usr/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/usr/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/usr/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5) {

Probe on/off button should not exist for class static constructors

The image above shows a class init function (<clinit>) and on its left the Probe ON/OFF button. Clicking on this button does not work (nothing happens).

I don't think it is really possible to probe a static constructor (or is it?) so the button should probably be removed.

OS: Linux
Node JS version: 12.20
Dexcalibur version (see 'package.json' or output) : 0.7.5

Device enrollment stuck

I am trying to enroll an emulator. It starts and then gets stuck and does not complete.

The terminal shows an error complaining it can't find frida_tools. Was I meant to install Frida? I think not... (I do have Frida but in a separate virtual environment).

Reproduce:

Fresh install
Load dexcalibur
Launch an emulator
Go to Device Manager on Dexcalibur, try to enroll

Screenshots

The terminal shows this error:

[INFO] [ADB] /home/axelle/dexcaliburWS/.dxc/bin/platform-tools/adb -s emulator-5554 shell getprop
Traceback (most recent call last):
  File "/home/axelle/.local/bin/frida", line 7, in <module>
    from frida_tools.repl import main
ModuleNotFoundError: No module named 'frida_tools'
Error: Command failed: frida --version
Traceback (most recent call last):
  File "/home/axelle/.local/bin/frida", line 7, in <module>
    from frida_tools.repl import main
ModuleNotFoundError: No module named 'frida_tools'

    at checkExecSyncError (child_process.js:635:11)
    at Object.execSync (child_process.js:671:15)
    at Function.getLocalFridaVersion (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/FridaHelper.js:144:22)
    at Function.installServer (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/FridaHelper.js:299:27)
    at DeviceManager.enroll (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/DeviceManager.js:570:37)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/WebServer.js:622:38 {
  status: 1,
  signal: null,
  output: [
    null,
    <Buffer >,
    <Buffer 54 72 61 63 65 62 61 63 6b 20 28 6d 6f 73 74 20 72 65 63 65 6e 74 20 63 61 6c 6c 20 6c 61 73 74 29 3a 0a 20 20 46 69 6c 65 20 22 2f 68 6f 6d 65 2f 61 ... 134 more bytes>
  ],
  pid: 326915,
  stdout: <Buffer >,
  stderr: <Buffer 54 72 61 63 65 62 61 63 6b 20 28 6d 6f 73 74 20 72 65 63 65 6e 74 20 63 61 6c 6c 20 6c 61 73 74 29 3a 0a 20 20 46 69 6c 65 20 22 2f 68 6f 6d 65 2f 61 ... 134 more bytes>
}

Desktop:

OS: Linux Mint 20
Node JS version: 12.20.0
Dexcalibur version (see 'package.json' or output) : 0.7.3

Device information:

Device: Emulator
Android version: Android 8.0 x86
Not rooted

Crash on AndroidManifestParser

Hello,

I'm getting a crash on both docker and non-docker versions. I tried two different applications and the same behavior repeats on both of them.

The trace is always the same (docker and non-docker):

/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:46
                intentFilter.actions.push(new AndroidCmp.IntentCriteria(e));
                                          ^

TypeError: AndroidCmp.IntentCriteria is not a constructor
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:46:43
    at Array.forEach (<anonymous>)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:42:30
    at Array.forEach (<anonymous>)
    at AndroidManifestParser.parseIntents (/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:32:31)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:104:16
    at Array.forEach (<anonymous>)
    at AndroidManifestParser.parseApplication (/home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:79:24)
    at /home/dexcalibur/dexcalibur/src/AndroidManifestParser.js:225:39
    at Array.forEach (<anonymous>)

Cannot open project UnhandledPromiseRejectionWarning

I am trying to open a project, it fails and shows errors in console.

[INFO] [APK HELPER] APK extracted into : /root/dexcaliburWS/alien_0/apk
TypeError: Cannot read property 'getUID' of undefined
    at DexcaliburProject.fullscan (/usr/lib/node_modules/dexcalibur/src/DexcaliburProject.js:712:56)
    at /usr/lib/node_modules/dexcalibur/src/WebServer.js:438:49
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:695) UnhandledPromiseRejectionWarning: Error: [PROJECT] synchronizePlatform : unkow platform. Aborted
    at DexcaliburProject.synchronizePlatform (/usr/lib/node_modules/dexcalibur/src/DexcaliburProject.js:429:19)
    at /usr/lib/node_modules/dexcalibur/src/WebServer.js:434:43
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:695) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 4)
[INFO] [ADB] Enumerating connected devices ...
Execute command request : /root/dexcaliburWS/.dxc/bin/platform-tools/adb devices -l

This is running inside a Docker container which contains Android SDK + Android Emulators + NodeJS + Frida + Dexcalibur, (why? because I am trying to build such a container for people with Windows, for which Dexcalibur doesn't seem to install ok).

Docker container
Ubuntu 20.04.1 LTS
Dexcalibur 0.7.5
Frida 14.2.13
NodeJS 12.20.2
Android emulator 11 x86_64 with google apis

question: how to contribute to the documentation?

dexcalibur is really impressive!

I'd like to contribute to the documentation but the wiki has no edit button.

how to contribute to the documentation?

Cannot kill task

The terminal shows this log when I try to kill the app from the "Hooks" panel:

Execute command request : /home/axelle/dexcaliburWS/.dxc/bin/platform-tools/adb -s emulator-5554 shell su -c "kill 21264"
su: invalid uid/gid '-c'

Indeed -c does not exist in my emulator's shell.

Desktop (please complete the following information):

OS: Linux
Node JS version: 12.20
Dexcalibur version (see 'package.json' or output) : 0.7.3

This is not a showstopper, only a minor bug.

[ParrotOS] After installing via npm the program says there is no config file.

I installed dexcalibur on ParrotOS via npm command.
After the installation I tried to execute the program with dexcalibur command and program threws errors.
Error message:

internal/fs/utils.js:269
    throw err;
    ^

Error: ENOENT: no such file or directory, open '/home/user/.dexcalibur/config.json'
    at Object.openSync (fs.js:462:3)
    at Object.writeFileSync (fs.js:1384:35)
    at DexcaliburEngine.postInstall (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburEngine.js:573:14)
    at Object.onSuccess (/usr/local/lib/node_modules/dexcalibur/src/DexcaliburEngine.js:519:26)
    at Installer.runTask (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:150:28)
    at Installer.nextTask (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:162:22)
    at Object.onSuccess (/usr/local/lib/node_modules/dexcalibur/src/Installer.js:139:26)
    at /usr/local/lib/node_modules/dexcalibur/src/Installer.js:77:36
    at internal/streams/pipeline.js:90:7
    at internal/util.js:392:14 {
  errno: -2,
  syscall: 'open',
  code: 'ENOENT',
  path: '/home/user/.dexcalibur/config.json'
}

How can I fix this error?

When clicking on Run, a log is created, when clicking back on hook -> dashboard, then Hook -> logs the log is deleted

Hi,

Is it the normal behavior ? Do I stop to click anywhere else when the log is created ?
If yes, then I don't see the use of the "clear" button

Installation behind a proxy

**I have already install with npm,but on the page "http://127.0.0.1:8000/",I cant download apktool\adb,I think it nodejs is not use proxy. How cat I use the proxy? The console return** (node:15575) UnhandledPromiseRejectionWarning: GotError: connect ECONNREFUSED 0.0.0.0:443 at onError (/home/tom/node-v12.20.1-linux-x64/lib/node_modules/dexcalibur/node_modules/got/dist/source/request-as-event-emitter.js:140:29) at handleRequest (/home/tom/node-v12.20.1-linux-x64/lib/node_modules/dexcalibur/node_modules/got/dist/source/request-as-event-emitter.js:173:17) at processTicksAndRejections (internal/process/task_queues.js:97:5) at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) (node:15575) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:15575) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Cannot start frida server: Unknown device though it is enrolled

On Dexcalibur, in the hook panel, I see that my Frida server is stopped and that I should click to start it. However, when I click, it fails to stop it and produces a log error "Unknow device. Device not connected not enrolled ?".
Of course, the device is enrolled :)

Frida server is indeed not started on the emulator (can't find it with ps).
The device is enrolled : Dexcalibur even uploaded frida_server in /data/local/tmp.

This is the error I get:

Error: [FRIDA HELPER] Unknow device. Device not connected not enrolled ?
    at Function.startServer (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/FridaHelper.js:199:19)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/WebServer.js:918:52
    at Layer.handle [as handle_request] (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:335:12)
    at next (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:275:10)
    at jsonParser (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/body-parser/lib/types/json.js:101:7)

This is the Frida server I have on the emulator. I have the same version on my host.

1|generic_x86_64:/data/local/tmp $ ./frida_server --version                                                                                      
14.1.3

Interesting: If I launch frida_server manually, dexcalibur's web interface still claims it has not started.

generic_x86_64:/data/local/tmp # ./frida_server

There is only one emulator:

$ adb devices
List of devices attached
emulator-5554	device

Desktop (please complete the following information):

OS: Linux Mint 20
Node JS version: 12.20.0
Dexcalibur version (see 'package.json' or output) : 0.7.3

** If you think this issue is related to your device, please fill following information:**

Android version: 8.0 x86 emulator
Rooted

frenchyeti / dexcalibur Goto Github PK

dexcalibur's Introduction

Dexcalibur

How to support Dexcalibur ?

A. Installation

A.1 New install

A.2 Launch dexcalibur

A.3 Update

From version <= 0.6.x

From version >= 0.7

C. Screenshots

D. Features and limitations

D.1 Features

D.1.A Static analyzer

D.1.B Hook manager

D.1.C Dexcalibur's smali VM

D.1.D Application Topology analyzers

D.1.E Runtime monitoring (not implemented)

D.1.F Collaborating features

E. Github Contributors

F. Troubleshoots

F.1 Dexcalibur continues to start into "install mode"

G. FAQ

My device not appears when into device list

USB debugging is enabled, but my device not appears when into device list

Why enroll a new device ?

My device is listed into Device Manager, but it cannot be enrolled

G.1 My device is listed into Device Manager

How to use an emulator instead of a physical device ?

How to use a device over TCP ?

How to contribute to the dexcalibur ?

How to contribute to the documentation?

H. Sponsors

I. Resources

J. They wrote something about Dexcalibur

dexcalibur's People

Contributors

Stargazers

Watchers

Forkers

dexcalibur's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs