7、动态分析执行
引导页面在历史静态扫描记录上点击【Start Dynamic Analysis】 按钮进入动态分析界面,运行成功之后可以进入动态分析页面如下图所示:
观察 run 运行命令界面可以看到日志信息
[INFO] 22/Sep/2020 10:43:17 - Creating Dynamic Analysis Environment [INFO] 22/Sep/2020 10:43:20 - ADB Restarted [INFO] 22/Sep/2020 10:43:20 - Waiting for 2 seconds... [INFO] 22/Sep/2020 10:43:22 - Connecting to Android 192.168.46.101:5555 [INFO] 22/Sep/2020 10:43:22 - Waiting for 2 seconds... [INFO] 22/Sep/2020 10:43:24 - Restarting ADB Daemon as root [INFO] 22/Sep/2020 10:43:24 - Waiting for 2 seconds... [INFO] 22/Sep/2020 10:43:26 - Reconnecting to Android Device [INFO] 22/Sep/2020 10:43:27 - Waiting for 2 seconds... [INFO] 22/Sep/2020 10:43:30 - Found Genymotion x86 Android VM [INFO] 22/Sep/2020 10:43:30 - Remounting [INFO] 22/Sep/2020 10:43:30 - Performing System check [INFO] 22/Sep/2020 10:43:30 - Android API Level identified as 24 [INFO] 22/Sep/2020 10:43:30 - Android Version identified as 7.0 [INFO] 22/Sep/2020 10:43:30 - Environment MobSFyed Check [INFO] 22/Sep/2020 10:43:30 - Installing MobSF RootCA [INFO] 22/Sep/2020 10:43:31 - Starting HTTPs Proxy on 1337 [INFO] 22/Sep/2020 10:43:31 - Killing httptools UI [INFO] 22/Sep/2020 10:43:31 - Enabling ADB Reverse TCP on 1337 [INFO] 22/Sep/2020 10:43:31 - Setting Global Proxy for Android VM [INFO] 22/Sep/2020 10:43:32 - Starting Clipboard Monitor [INFO] 22/Sep/2020 10:43:33 - Getting screen resolution [INFO] 22/Sep/2020 10:43:33 - Removing existing installation [INFO] 22/Sep/2020 10:43:34 - Installing APK [INFO] 22/Sep/2020 10:43:35 - Testing Environment is Ready!
动态分析功能主要如下:
8、Show/Stop Screen
1)点击 Show Screen 可以实时同步设备屏幕,方便测试执行查看。在 Dynamic Analyzer 菜单可以查看实时动态分析日志,Errors 菜单可以查看错误日志。
2)Frida Scripts 栏设置是设置Frida相关选项,Frida是个轻量级别的hook框架,核心是用C编写的,并将Google的V8引擎注入到目标进程中,在这些进程中,JS可以完全访问内存,Hook函数甚至调用进程内的本机函数来执行。
一般使用默认的配置选项即可,如果想进阶测试,可以勾选Auxiliary中的选项,甚至右侧Frida Code Editor编辑窗口,可以直接编写脚本进行调试。Fira使用教程请参考官方文档:https://frida.re/docs/home/
9、Install/Remove MobSF RootCA
Install/Remove MobSF RootCA 用来安装卸载MobSF CA证书,方便对样本中HTTPS流量进行截获。
10、Start Exported Activity Tester
遍历获取 AndroidManifest.xml 文件中的所有 Exported Activity 测试流程如下:
1)依次启动activity,adb -s IP:PORT shell am start -n PACKAGE/ACTIVITY
2)获取当前activity运行时的屏幕截图,并保存截屏
3)强制关闭应用:adb -s IP:PORT shell am force-stop PACKAGE
11、Start Activity Tester
- 遍历AndroidManifest.xml文件中的所有Activity,而不单单是Exported。
- 处理流程与Exported Activity一致。
12、Take a Screenshot
截屏并保存到本地。
13、Logcat Stream
输出logcat日志信息,如下所示:
09-21 22:15:31.252 573 573 D ConditionProviders.SCP: onReceive android.intent.action.TIME_SET 09-21 22:15:31.252 573 573 D ConditionProviders.SCP: notifyCondition condition://android/schedule?days=6.7&start=23.30&end=10.0&exitAtAlarm=false STATE_FALSE reason=!meetsSchedule 09-21 22:15:31.252 573 573 D ConditionProviders.SCP: notifyCondition condition://android/schedule?days=1.2.3.4.5&start=22.0&end=7.0&exitAtAlarm=false STATE_TRUE reason=meetsSchedule 09-21 22:15:31.252 573 573 D ConditionProviders.SCP: Scheduling evaluate for Mon Sep 21 23:30:00 EDT 2020 (1600745400000), in +1h14m28s748ms, now=Mon Sep 21 22:15:31 EDT 2020 (1600740931252)
14、Generate Report
生成动态分析报告,如下图所示:
