So here it goes.
Steps (I can forget something here, so please use the comments if you miss something)
* A rooted Android phone (check for example http://www.androidcentral.com/root -- use a slightly older model to be certain).
* Once rooted, install SSH server on it (I used https://play.google.com/store/apps/details?id=com.icecoldapps.sshserver&hl=en). Inside this app, create an SSH server with an as long as possible timeout value.
* Log into your SSH server (normal log information is root/admin), and go to /data/app, and copy your apk file to /mnt/sdcard. [ you probably need to do "su -" to fully gain root ]
* Download it on your Windows PC. (I use WinSCP)
* Next thing you need is apktool (https://ibotpeaches.github.io/Apktool/)
apktool -d
* re-package with debugging enabled:
apktool -b -d
* sign the apk (I don't know if this step is necessary, but I did it, and the final result worked, so :)). [https://github.com/appium/sign - I found a download at: http://www.learn2crack.com/2014/02/sign-android-apk-zip.html]
java -jar signapk.jar testkey.x509.pem testkey.pk8
* install Android SDK (you will only need the SDK tools: http://developer.android.com/sdk/index.html#Other)
* See that adb.exe can be found in your PATH environment variable!
* adb devices -l
* adb install
* enable USB debugging (https://www.kingoapp.com/root-tutorials/how-to-enable-usb-debugging-mode-on-android.htm)
--> I also set to keep awake while charging
--> + set the debug application to the one you just installed (your own debuggable version)
* Copy/Start android server into the Android device (for me it was in C:\Program Files (x86)\IDA 6.9\dbgsrv\android_server).
[ from: https://www.trustwave.com/Resources/SpiderLabs-Blog/Debugging-Android-Libraries-using-IDA/]
adb remount
adb push android_server /system/
adb shell
su (probably not needed for the emulator but is necessary if doing this on a rooted device)
cd /system
chmod 755 android_server
./android_server
now fire up 2 IDA's
IDA 1: load the signed APK file & point to the classes.dex
- Debugger > Debugger Options > Set Specific Options:
* emulator (got that from adb devices)
* click "fill" button
* adb.exe should be auto-found.
- put your breakpoints
- change the default port in “Debugger/Process options” to any other value.
- start the Dalvik debugger and wait until breakpoint is hit.
IDA 2: load the signed APK file & point to the JNI file (generally under /lib/armeabi*/*.so
- put your breakpoints
- select "remote arm linux/android debugger"
* Debugger > Process Options: set everything OK here (no need to concern with the paths, just ip & port). I left the local file in there, and it asked me if this was the same (it was). So all ok there.
- debugger > attach to process (select the process)
- it will break on entry. So just say "run (F9)".
IDA 1: F8 to call the native function
IDA 2: here your breakpoint should have triggered.
That's all :-).
Other sources:
https://www.trustwave.com/Resources/SpiderLabs-Blog/Debugging-Android-Libraries-using-IDA/
http://www.hexblog.com/?p=809
http://bbs.pediy.com/showthread.php?t=138472
http://www.asciitable.com/
I did this step and stuck here:
ReplyDeletehttps://i.imgur.com/XeY1bCA.jpg
you see and find solution for me?
I would say that this is because you don't have proper access to your phone? Check if it is rooted correctly and/or you have proper access to it.
ReplyDelete