Friday 11 April 2014

Let's make something big (using Cydia)

Modification to the Android operating system’s resource control

Android, an operating system based on the Linux kernel, has millions of users around the world. Its security scheme to protect a user from abusive applications is all or nothing. When a user wants to install an application, she must accept every permission it’s requiring as a whole, without the chance to change them once they were granted.

For lack of a better implementation, we developed an application that allows a more granular access control to the resources we consider of main importance from the user’s privacy and security point of view.

When an application asks to access a resource, our approach allows the user not just to retrieve false or anonymous information, but to select a subset of the real data, so she can keep on using the applications in a controlled manner. This way, a user can defend herself from a possible abuse of trust that some applications may attempt. The Android security architecture doesn’t address this kind of trust problems. In other related works where the user can only retrieve fake data, access control affects the usability when controlling a key resource for the application. For example, the user clearly did not intend using WhatsApp with an empty contacts list.

In this project, we've accomplished control access to contacts, data that allows a device and its owner to be unambiguously identified such as its id, subscriber id, sim card and phone number, device’s network information such as its IP, MAC, the SSID and BSSID of the access point it is connected to, the configured and scanned networks and, finally, we control every way an application can know the device’s location, not only using the gps but also the cell towers and configured wireless networks.

Feel free to use, share and learn from it's source code. We call it ASA (Android Security Agency).

GitHub link: https://github.com/c0d1ngb4d/ASA



Friday 25 October 2013

How to get a context from everywhere

As an Android developer and also a Cydia user you may have noticed you ALWAYS need a context. That is a complication in Android design (I may say, a poor software design but I'm not here to argue about it) that makes us pass the context from everywhere to everywhere else to make things work as expected.
For example, if you need to use a database, you will need a context to instantiate a helper to manage its creation and version management. But what if you need to query your own data base but you are in the middle of your hooked method? You may have realised you're actually running in the hooked process environment, so you cannot assume you have a view or an activity or that extra permission you need. You don't even have access to some files you had in your own application's environment. You are on your own in someone else's zone.

That's why we struggled to figure out how to get a context from nowhere with no assumptions using some of the feature Saurik gave us, but what our java reflexion old friend gave us, too.

Our first method uses java reflexion and the knowledge that we can get a context for almost* everywhere calling ActivityThread.currentActivityThread().getSystemContext();

In order to do that, just add this code to yours: code.
* with "almost" I mean you won't have an activity thread when your device starts up and that's a pity because most of us want the hook to work all the time, even when there's no activity displaying.

Our second method hooks some context method we are pretty sure will be called by the hooked application so we save the context and return the call's expected result. Fill free to change the method used in our example to your taste.
To make this second approach work, we are based in the fact that every application has it's own copy of the libraries it uses in runtime. That let us guarantee the context is a valid one for the application we are willing to hook :)
In our example, we used the method Context>>getSystemService(String) which we are sure will be use to get one of the several services you can access making this call, such as bluetooth, telephony, location, wifi, among others.
To make it clearer, you can, for example, get the current WifiManager as follows:
WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);

In order to do that, add this hook to your main hook: code.

And that's basically it! Just try these twe example and let us know if you have any trouble making them work.
I'm batdroid


Saturday 22 June 2013

Debugging Android code


While trying to get some feedback in our attempt to use Cydia and actually see it working, our first approach was to print stuff.
If you are new using Android and also Cydia, you will soon found out is not that easy to print what's going on whenever your hooked classes or methods do something. That's because you don't actually want to debug your application but the system. Yes, you read it right. For most of us who are used to develop some code from time to time, you should be familiar with printing text in a console as a way to easily debug your code (to get some feedback from your application whenever it's running). But with Cydia hooks, its quite different, just because you want to print some text when the class or method you hooked is running, is it right?

our first decision was to print text in the Eclipse IDE console but, as I've already told you, this was worthless. 
If you use java code and place it inside your hooked method code, let's say... something like this: 

System.out.println("some words I would like to see as feedback");

You won't see it! Because this method will be called most of the time when your application is already closed (don't forget you have to restart your system from Cydia Substrate to see your changes applied).

Once you get it, let's talk about LogCat.
The first step is to notice there is another console called LogCat among your Eclipse's windows; if you don't see it, go to: 
Window -> Show View -> Other... -> Android -> LogCat. This little boy (or girl) prints lots of stuff but will also help you debugging. 

To use it just put, wherever you want to print something: 

Log.i("TAG", "text you want to print")

The TAG here is pretty important to filter the infinite lines of text LogCat prints later.
The i stands for information. You have various options to log errors, warnings, etc, but it's enough with the i. I may say my favorite it wtf, because I like its expressiveness. 

Then open a cmd and type:

> adb shell
> logcat

And you'll see lots of text printing everywhere.

To filter all this information use:

> logcat -s "TAG" 

And you'll see only the logs that have the tag TAG. 

No, enjoy debugging!






Thursday 20 June 2013

Consolidate Code

If you are working with Eclipse IDE, you'll find some problems to make the last step of the cydia substrate Violet Example work. Specially if you don't upgrade Cydia API to its second version(published last week). 

In order to do that, from Eclipse menu go to: Window -> Android SDK Manager -> Extras, and check Cydia Substrate API. Then, click 'Install Packages' and that's it.
Don't forget to copy the jar file named substrate-api in you project libs folder to use this last version of the API, instead of the other version you were using.

After that, using Java generics and MS.MethodAlteration, you can make your code simpler (or at least the part where you hook the getColor method).
If you're not sure how to replace your existing code, checkout the one I've already changed here.

Don't forget to check our previous post: Violet Example for Android using Cydia to have a more detailed introduction to Cydia for Android.


Cheers!


Mac users: come to the Android side, we have cookies




Thursday 13 June 2013

Violet Example for Android using Cydia

Cydia Substrate has just arrived on Android! 
I'm assuming you all folks know what I'm talking about, (that's the reason why you're reading this post, right?) so I'm not making much of an introduction here. 

Let's talk about the example you can find in here.

We found some things this tutorial doesn't say. That's why we tried to do ours as detailed as possible, highlighting the problems we encountered while trying to make it work on our own.

1. Before starting: you have to install Cydia Substrate in your device. 
If you get a segmentation fault error during installation you may have an old or maybe buggy version of the .apk (android application package). To assure you have the right one, enter this chat and ask for a one that works. 
About that chat: it was really helpful for us because people there answered ever time we had an issue (they take their time, but if they can help, they do).

2. Make sure you can install the violetexample.apk and that it works (you will have enough time to make it for your own, but you have to be sure Substrate is working properly in your device). We used the last one saurik put in his web, so if the one I linked is not working, go again to the chat and download it from there.

Notice that once you install violetexample.apk, you have to open Substrate application and click 'Restart System (Soft)' option, so you can see the changes applied. 
We found out how to rollback the changes we've made by hooking the getColor method: just uninstall your application! Easy peasy!

3. If everything works as expected, you're ready to open Eclipse IDE (or your favorite java IDE) and start your own violetexample android application.

In order to do so, I'm using Eclipse IDE, android SDK and ADT plugin. Please, make sure you have those three working together or follow this nice tutorial.

First of all, you need to install Cydia Substrate API in your computer. This step was quit easy following this other tutorial

You will find a new folder inside you're ADT folder named 'saurikit'. You have to copy the jar file saurikit/cydia_substrate/substrate-api.jar into your project's libs folder.

4. As we expected to have some feedback whenever our application stars running or not, we create a new Android Application Project with the default main activity created by Eclipse: 

  1. File->New->Android Application Project.
  2. Name it and next, next, next, next, finish.
     Note that a new activity named NewActivity will be created.

5. Modify 'AndroidManifest.xml' and add the following lines:

  1. <uses-permission android:name="cydia.permission.SUBSTRATE"/>
     Make sure you add it between <manifest> tags right before
  the <application> tag.
  2. <meta-date android:name="com.saurik.substrate.main"
                android:value=".Main"/>
Make sure you add it between <application> tags right after you close the application opening tag and not inside it.

Notice that with meta-data you're defining the entry point for Substrate, in this case it will be a Main class.

6. Create a Main class: 
1. File->New->Class
2. Finish
3. Copy and paste this code.

7. Run As -> Android Application
  1. Make sure you have a 'Success!' message in the Android Console after the 'installing ... .apk' one.
2. Open Substrate application and click 'Restart System (Soft).
3. Then waaaaaaaaaait for it, waaait for it... voilĂ ! There you have it!




You can also change the line where you return color and change it to get any color you want!

Here you have a more manly calculator:




And a red one:




And you can show it to your friends, to your family and... all right, enough! I think you got it :)

I hope this tutorial was helpful, and feel free to ask if you have any doubt.