Start Instrument

Silence SEAndroid

Modern Android enforces SEAndroid mandatory access control. To let the target app load and execute our instrumentation gadgets, we must turn off that access control after the experiment device is boot up.

$ su 0 setenforce 0

After that, we can freely hack the interested app.

Launch ProbeDroid

Run the ProbeDroid launcher deployed under PATH_IN_DEVICE working directory.

$ ./launcher --app APP_NAME  --lib PATH_LIB  --module PATH_MODULE  --class CLASS_NAME 

--app    [-a] APP_NAME    (The package name (or keyword) of the target app)
--lib    [-l] PATH_LIB    (The *absolute path name* of libProbeDroid.so)
--module [-m] PATH_MODULE (The *absolute path name* of your instrumentation apk)
--class  [-c] CLASS_NAME  (The *fully qualified main class name* of your instrumentation apk)

$ ./launcher --app com.google.android.apps.maps --lib /data/local/tmp/libProbeDroid.so --module /data/local/tmp/StringInspector.apk --class org.zsshen.stringinspector.StringInspector
$ ./launcher -a maps -l /data/local/tmp/libProbeDroid.so -m /data/local/tmp/StringInspector.apk -c org.zsshen.stringinspector.StringInspector

Monitor the message spewed by logcat daemon.
Terminate the instrumentation process by kill the PID of target app.

kill -SIGTERM PID

How to Use

Road Map
Prerequisite
Source Building
- Compile Engine
- Make Your Tool
Play and Hack

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Start Instrument

Silence SEAndroid

Launch ProbeDroid

How to Use

How to Contribute

Clone this wiki locally