From 3a6e46db509b2e6e75d60969ca5ae9965ec94c11 Mon Sep 17 00:00:00 2001 From: h20190011 Date: Tue, 3 Nov 2020 14:14:56 +0530 Subject: [PATCH 1/4] process.popen() shell parameter fixed --- analyzer/android/lib/api/adb.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/analyzer/android/lib/api/adb.py b/analyzer/android/lib/api/adb.py index b5e99ba..cbf766c 100644 --- a/analyzer/android/lib/api/adb.py +++ b/analyzer/android/lib/api/adb.py @@ -108,8 +108,9 @@ def execute_sample(package,activity): """Execute the sample on the emulator via adb""" log.info("executing sample on emulator:adb shell am start -n " +package+"/"+activity) str="" - #proc = subprocess.Popen(["/system/bin/am","start","-n", package+"/"+activity], stdout=subprocess.PIPE, stderr=subprocess.PIPE)#adb shell am start -n $pkg/$act - str = os.popen("/system/bin/am start -n "+package+"/"+activity).read() + proc = subprocess.Popen("/system/bin/am start -n" + package+"/"+activity, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, executable='/system/bin/sh')#adb shell am start -n $pkg/$act + #str = os.popen("/system/bin/am start -n "+package+"/"+activity).read() + #this os.open() is no more supported(depricated) on python latest version. Instaed use subprocess.Popen() function. lines = str.split("\n") for line in lines: if("Error" in line): From ff890a703a40f2965855803bd17d52047d6a853b Mon Sep 17 00:00:00 2001 From: h20190011 Date: Tue, 3 Nov 2020 15:53:25 +0530 Subject: [PATCH 2/4] cuckoo.py python file is running without any error; *.conf file fixed --- conf/avd.conf | 8 +-- conf/cuckoo.conf | 121 +++++++++++++++++++++++++++++++++++++++++++ conf/processing.conf | 58 +++++++++++++++++++++ 3 files changed, 183 insertions(+), 4 deletions(-) mode change 100644 => 100755 conf/avd.conf create mode 100755 conf/cuckoo.conf create mode 100755 conf/processing.conf diff --git a/conf/avd.conf b/conf/avd.conf old mode 100644 new mode 100755 index 1966ce9..3a75ea0 --- a/conf/avd.conf +++ b/conf/avd.conf @@ -1,12 +1,12 @@ [avd] #Path to the local installation of the android emulator -emulator_path = /Applications/adt-bundle/sdk/tools/emulator +emulator_path = /home/test/Android/Sdk/emulator/emulator #Path to the local installation of the adb - android debug bridge utility. -adb_path = /Applications/adt-bundle/sdk/platform-tools/adb +adb_path = /home/test/Android/Sdk/platform-tools/adb #Path to the emulator machine files is located -avd_path = /Users/guardianangel/.android/avd +avd_path = /home/test/.android/avd #name of the reference machine that is used to duplicate reference_machine = aosx @@ -49,4 +49,4 @@ resultserver_ip = 10.0.2.2 # the port for the Result Server as your machine sees it. If you don't specify a port # here, the machine will use the default value from cuckoo.conf. # Example: -resultserver_port = 2042 \ No newline at end of file +resultserver_port = 2042 diff --git a/conf/cuckoo.conf b/conf/cuckoo.conf new file mode 100755 index 0000000..da244d9 --- /dev/null +++ b/conf/cuckoo.conf @@ -0,0 +1,121 @@ +[cuckoo] +# Enable or disable startup version check. When enabled, Cuckoo will connect +# to a remote location to verify whether the running version is the latest +# one available. +version_check = on + +# If turned on, Cuckoo will delete the original file after its analysis +# has been completed. +delete_original = off + +# If turned on, Cuckoo will delete the copy of the original file in the +# local binaries repository after the analysis has finished. (On *nix this +# will also invalidate the file called "binary" in each analysis directory, +# as this is a symlink.) +delete_bin_copy = off + +# Specify the name of the machinery module to use, this module will +# define the interaction between Cuckoo and your virtualization software +# of choice. +machinery = avd + +# Enable creation of memory dump of the analysis machine before shutting +# down. Even if turned off, this functionality can also be enabled at +# submission. Currently available for: VirtualBox and libvirt modules (KVM). +memory_dump = off + +# When the timeout of an analysis is hit, the VM is just killed by default. +# For some long-running setups it might be interesting to terminate the +# moinitored processes before killing the VM so that connections are closed. +terminate_processes = off + +# Enable automatically re-schedule of "broken" tasks each startup. +# Each task found in status "processing" is re-queued for analysis. +reschedule = off + +# Enable processing of results within the main cuckoo process. +# This is the default behavior but can be switched off for setups that +# require high stability and process the results in a separate task. +process_results = on + +# Limit the amount of analysis jobs a Cuckoo process goes through. +# This can be used together with a watchdog to mitigate risk of memory leaks. +max_analysis_count = 0 + +# Limit the number of concurrently executing analysis machines. +# This may be useful on systems with limited resources. +# Set to 0 to disable any limits. +max_machines_count = 0 + +# Minimum amount of free space (in MB) available before starting a new task. +# This tries to avoid failing an analysis because the reports can't be written +# due out-of-diskspace errors. Setting this value to 0 disables the check. +# (Note: this feature is currently not supported under Windows.) +freespace = 64 + +# Temporary directory containing the files uploaded through Cuckoo interfaces +# (web.py, api.py, Django web interface). +tmppath = /tmp + +[resultserver] +# The Result Server is used to receive in real time the behavioral logs +# produced by the analyzer. +# Specify the IP address of the host. The analysis machines should be able +# to contact the host through such address, so make sure it's valid. +# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option +# `resultserver_ip` for all your virtual machines in machinery configuration. +#ip = 192.168.56.1 +ip = 0.0.0.0 + +# Specify a port number to bind the result server on. +port = 2042 + +# Should the server write the legacy CSV format? +# (if you have any custom processing on those, switch this on) +store_csvs = off + +# Maximum size of uploaded files from VM (screenshots, dropped files, log) +# The value is expressed in bytes, by default 10Mb. +upload_max_size = 10485760 + +[processing] +# Set the maximum size of analyses generated files to process. This is used +# to avoid the processing of big files which may take a lot of processing +# time. The value is expressed in bytes, by default 100Mb. +analysis_size_limit = 104857600 + +# Enable or disable DNS lookups. +resolve_dns = on + +# Enable PCAP sorting, needed for the connection content view in the web interface. +sort_pcap = on + +[database] +# Specify the database connection string. +# Examples, see documentation for more: +# sqlite:///foo.db +# postgresql://foo:bar@localhost:5432/mydatabase +# mysql://foo:bar@localhost/mydatabase +# If empty, default is a SQLite in db/cuckoo.db. +connection = sqlite:///foo.db + +# Database connection timeout in seconds. +# If empty, default is set to 60 seconds. +timeout = + +[timeouts] +# Set the default analysis timeout expressed in seconds. This value will be +# used to define after how many seconds the analysis will terminate unless +# otherwise specified at submission. +default = 240 + +# Set the critical timeout expressed in seconds. After this timeout is hit +# Cuckoo will consider the analysis failed and it will shutdown the machine +# no matter what. When this happens the analysis results will most likely +# be lost. Make sure to have a critical timeout greater than the +# default timeout. +critical = 250 + +# Maximum time to wait for virtual machine status change. For example when +# shutting down a vm. Default is 300 seconds. +vm_state = 300 diff --git a/conf/processing.conf b/conf/processing.conf new file mode 100755 index 0000000..18d703b --- /dev/null +++ b/conf/processing.conf @@ -0,0 +1,58 @@ +# Enable or disable the available processing modules [on/off]. +# If you add a custom processing module to your Cuckoo setup, you have to add +# a dedicated entry in this file, or it won't be executed. +# You can also add additional options under the section of your module and +# they will be available in your Python class. + +[analysisinfo] +enabled = yes + +[behavior] +enabled = yes + +[debug] +enabled = yes + +[dropped] +enabled = yes + +[memory] +enabled = no + +[network] +enabled = yes + +[procmemory] +enabled = yes + +[static] +enabled = yes + +[strings] +enabled = yes + +[targetinfo] +enabled = yes + +[virustotal] +enabled = yes +timeout = 60 +# Add your VirusTotal API key here. The default API key, kindly provided +# by the VirusTotal team, should enable you with a sufficient throughput +# and while being shared with all our users, it shouldn't affect your use. +key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088 + +[apkinfo] +enabled = yes +#Decompiling dex with androguard in a heavy operation and for a big dex's +#he can really consume performance from the cuckoo host ,so it's recommended to limit the size of dex that you will decompile +#decompilation_threshold=2000000 + +[droidmon] +enabled = yes + +[googleplay] +enabled = no +android_id = +google_login = +google_password = From 15370cdf9de4a9bbee6b5a3c8e6f3e9b766c90e5 Mon Sep 17 00:00:00 2001 From: Ajay Kharat <73453739+h20190011@users.noreply.github.com> Date: Tue, 3 Nov 2020 16:40:38 +0530 Subject: [PATCH 3/4] Update adb.py --- analyzer/android/lib/api/adb.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/analyzer/android/lib/api/adb.py b/analyzer/android/lib/api/adb.py index cbf766c..73978c0 100644 --- a/analyzer/android/lib/api/adb.py +++ b/analyzer/android/lib/api/adb.py @@ -108,9 +108,8 @@ def execute_sample(package,activity): """Execute the sample on the emulator via adb""" log.info("executing sample on emulator:adb shell am start -n " +package+"/"+activity) str="" - proc = subprocess.Popen("/system/bin/am start -n" + package+"/"+activity, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, executable='/system/bin/sh')#adb shell am start -n $pkg/$act - #str = os.popen("/system/bin/am start -n "+package+"/"+activity).read() - #this os.open() is no more supported(depricated) on python latest version. Instaed use subprocess.Popen() function. + #proc = subprocess.Popen("/system/bin/am start -n" + package+"/"+activity, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, executable='/system/bin/sh')#adb shell am start -n $pkg/$act + str = os.popen("/system/bin/am start -n "+package+"/"+activity).read() lines = str.split("\n") for line in lines: if("Error" in line): From d4a99d63fef10ec94896bd95f2215dd8061d8ea8 Mon Sep 17 00:00:00 2001 From: Ajay Kharat <73453739+h20190011@users.noreply.github.com> Date: Tue, 3 Nov 2020 16:46:35 +0530 Subject: [PATCH 4/4] Update adb.py --- analyzer/android/lib/api/adb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analyzer/android/lib/api/adb.py b/analyzer/android/lib/api/adb.py index 73978c0..b5e99ba 100644 --- a/analyzer/android/lib/api/adb.py +++ b/analyzer/android/lib/api/adb.py @@ -108,7 +108,7 @@ def execute_sample(package,activity): """Execute the sample on the emulator via adb""" log.info("executing sample on emulator:adb shell am start -n " +package+"/"+activity) str="" - #proc = subprocess.Popen("/system/bin/am start -n" + package+"/"+activity, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, executable='/system/bin/sh')#adb shell am start -n $pkg/$act + #proc = subprocess.Popen(["/system/bin/am","start","-n", package+"/"+activity], stdout=subprocess.PIPE, stderr=subprocess.PIPE)#adb shell am start -n $pkg/$act str = os.popen("/system/bin/am start -n "+package+"/"+activity).read() lines = str.split("\n") for line in lines: