-
Notifications
You must be signed in to change notification settings - Fork 1
/
package_dumper.py
171 lines (141 loc) · 6.79 KB
/
package_dumper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# check device arch
# install tcpdump depending on arch from https://github.com/extremecoders-re/tcpdump-android-builds/releases/latest
# getprop ro.product.cpu.abi x86, armeabi-v7a, armeabi
# adb shell su -c 'command'
# curl -sL https://github.com/extremecoders-re/tcpdump-android-builds/releases/latest | grep -E 'tcpdump-x86.zip' | grep -Eo 'https://[^\"]*' | xargs wget
import queue
import subprocess
import sys,os
from psutil import Popen
import requests, re
import zipfile
from threading import Thread
import queue
interface = 'wlan0'
root = True
tcpdump_source = 'https://github.com/extremecoders-re/tcpdump-android-builds/releases/latest'
tcpdump_port = 11111
def startTcpDump(cmd):
out = subprocess.Popen(['adb', 'shell'], stdin=subprocess.PIPE, stdout= subprocess.DEVNULL, stderr=subprocess.DEVNULL)
out.communicate(cmd.encode())
if out.returncode:
print('[!] Error cant start tcpdump on interface={}, port={}, args{}.'.format(interface ,tcpdump_port, out.stdout))
sys.exit(1)
q.put(out)
def startWireshark():
out = subprocess.Popen(['nc localhost ' + str(tcpdump_port) + ' | wireshark -k -S -i -'], shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
if out.returncode:
print('[!] Cant run wireshark and listen to tcpdump locally. Stdout: {}, Stderr: {}'.format(out.stdout,out.stderr))
sys.exit(1)
q.put(out)
print('[*] Checking Environment',end='\r')
q = queue.Queue(2)
out = subprocess.run(['command','-v','adb'], shell=True)
if out.returncode:
print('[!] adb not installed. Run \'apt install adb first\'.')
sys.exit(1)
out = subprocess.run(['command','-v','wireshark'], shell=True)
if out.returncode:
print('[!] wireshark not installed. Run \'apt install wireshark first\'.')
sys.exit(1)
print('[+] Environment looks fine. All needed tools are installed.')
is_tcpdump_installed = True
try:
out = subprocess.run(['adb shell command -v tcpdump'], shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
if out.returncode:
is_tcpdump_installed = False
except subprocess.TimeoutExpired:
print('[!] Error cant connect to adb device. Run adb connect <host>[:<port>] first.')
sys.exit(1)
if not is_tcpdump_installed:
try:
ret = subprocess.check_output(['adb','shell', 'getprop ro.product.cpu.abi']).decode('utf-8').rstrip()
arch = 'UNKNOWN'
if ret == 'x86':
arch = 'x86'
elif ret == 'armeabi-v7a':
arch = 'arm'
elif arch == 'arm64-v8a':
arch = 'arm64'
else:
print('[!] Unknown processor architecture. No android tcpdump binary for this arch {}.'.format(ret))
sys.exit(1)
except subprocess.CalledProcessError as err:
print('[!] Error determing system arch. ERR: {}. Maby device offline? Check \'adb devices -l\''.format(err.output))
sys.exit(1)
#Download tcpdump for android
resp = requests.get('https://github.com/extremecoders-re/tcpdump-android-builds/releases/latest', allow_redirects=True)
if (resp.status_code != 200):
print('[!] Cant reach source of tcpdump for android. (Does https://github.com/extremecoders-re/tcpdump-android-builds/releases/latest exists?)')
sys.exit(1)
tcpdump_zip = 'tcpdump-' + arch + '.zip'
r = re.search('https://[^\"]*' + tcpdump_zip, resp.text)
tcpdump_download = resp.text[r.start():r.end()]
resp = requests.get(tcpdump_download, allow_redirects=True)
if (resp.status_code != 200):
print('[!] Cant download tcpdump. Err {}'.format(resp.text))
sys.exit(1)
with open(tcpdump_zip, 'wb') as f:
f.write(resp.content)
tcpdump_exec = 'tcpdump-' + arch
with zipfile.ZipFile(tcpdump_zip,'r') as zip:
zip.extract(tcpdump_exec)
print('[*] Installing tcpdump on device',end='\r')
t = None
try:
out = subprocess.run(['adb','root'],timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
if out.returncode:
print('[!] Cant mount adb device as root. Trying non root...')
root = False
if root:
out = subprocess.run(['adb','remount'], timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
if out.returncode:
print('[!] Error cant remount adb device.')
sys.exit(1)
out = subprocess.run(['adb','push',tcpdump_exec,'/system/bin/tcpdump'], timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
if out.returncode:
print('[!] Error cant push tcpdump to /system/bin/tcpdump.')
sys.exit(1)
else:
out = subprocess.run(['adb','push',tcpdump_exec,'/data/local/tmp/tcpdump'], timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
if out.returncode:
print('[!] Error cant push tcpdump to /system/bin/tcpdump.')
sys.exit(1)
if out.returncode:
print('[!] Error cant remount /system.')
sys.exit(1)
out = subprocess.Popen(['adb', 'shell'], stdin=subprocess.PIPE ,stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
out.communicate('su -c \'cp /data/local/tmp/tcpdump /system/bin\''.encode(),timeout=5)
if out.returncode:
print('[!] Error cant copy tcpdump to /system/bin.')
sys.exit(1)
out = subprocess.run(['adb shell \"su -c \'chmod 755 /system/bin/tcpdump\'\"'], timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT, shell=True)
if out.returncode:
print('[!] Error cant change permission of /system/bin/tcpdump.')
sys.exit(1)
print('[+] Successfully installed tcpdump on adb device.')
except subprocess.TimeoutExpired:
print('[!] Error cant connect to adb device. Run adb connect <host>[:<port>] first.')
sys.exit(1)
# TODO: if wlan0 not existing prombt for one of adb shell ifconfig | cut -d' ' -f1 | awk /./
print('[*] Invoking tcpdump on adb device', end='\r')
cmd = 'su -c \'tcpdump -i ' + interface + ' -s0 -w - | nc -l -p ' + str(tcpdump_port) + ' \''
t = Thread(target=startTcpDump, args=(cmd,))
t.daemon = True
t.start()
out = subprocess.run(['adb','forward','tcp:'+ str(tcpdump_port), 'tcp:' + str(tcpdump_port)], timeout=5, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT,)
if out.returncode:
print('[!] Error cant forward port {}'.format(tcpdump_port))
sys.exit(1)
print('[+] tcpdump running on adb device.')
print('[*] Connecting tcpdump to local wireshark', end='\r')
tw = Thread(target=startWireshark)
tw.daemon = True
tw.start()
print('[+] Conntected tcpdump to local wireshark')
input('[*] Press any Button to end dumping...')
t = q.qsize()
while q.qsize() > 0:
p = q.get()
p.terminate()
print('[+] Done')