Post by ZF on Aug 17, 2016 1:48:08 GMT -5
Start off with ubuntu 14.04.4 installed with bootstrap remnux and sift workstation
Setup cuckoo as per previous instructions
========================================
git clone git://github.com/cuckoosandbox/cuckoo.git
git clone github.com/idanr1986/cuckoo-droid.git
Setup ubuntu 14.04 virtual machine.
===================================
#sudo apt-get install openjdk-7-jre libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386
sudo apt-get install libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386
Install java and javac that is 1.8 and above
Download java tarball from www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
sudo tar -xvzf jdk-8u102-linux-x64.tar.gz -C /opt/jdk/
cd /opt/jdk/
sudo update-alternatives --install /usr/bin/java java /opt/jdk/jdk1.8.0_102/bin/java 100
sudo update-alternatives --install /usr/bin/javac javac /opt/jdk/jdk1.8.0_102/bin/javac 100
sudo update-alternatives --config java
sudo update-alternatives --config javac
Download latest Android sdk from developer.android.com/studio/index.html
unzip android-studio-ide-143.2915827-linux.zip
sudo mv android-studio /usr/local/
cd /usr/local/android-studio/bin/
./studio.sh
Install multiple android platform up to 4.1.2. Click show package details and include the embedded device images. e.g ARM EABI v7a System Image
Without this, you will encounter the error avd error "No CPU/ABI system image available for this target"
Create new AVD with the following settings:
AVD Name: aosx
Device: Nexus One
Target: Android 4.1.2
CPU/ABI: ARM (armeabi-v7a)
Check Hardware keyboard present
Skin: No Skin
Front Camera: None
Back Camera: None
RAM: 512
VM Heap: 32
Internal Storage: 512 MiB
UNCHECK Use Host GPU
Click OK
Copy /opt/cuckoo-droid/utils/android_emulator_creator /home/<user>/android_emulator_creator_path
cd /home/<user>/android_emulator_creator_path
run emulator with the following command. This will start up the android qemu vm (inside your ubuntu vm)
emulator -avd aosx -qemu -nand -system,size=0x1f400000,file=/home/<user>/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img&
Run the script in utils/android_emulator_creator/create_guest_android_on_linux.sh
This will copy superuser and xposed framework into aosx
Press settings->security->screenlock->none
Press settings->Display->sleep->30 minutes
Start Generate contacts app
Start Supersuser app
Start xposedinstaller app
In Modules, check both packages Droidmon , Android Blue Pill
export PATH="/usr/local/android-studio/bin:/home/z/Android/Sdk/tools:/home/z/Android/Sdk/platform-tools:$PATH"
Edit network connection on ubuntu with the following setting. This setting should be the same as cuckoo.conf.
Host IP address: 192.168.81.101
netmask: 255.255.255.0
gateway: 192.168.81.1
DNS: 8.8.8.8
Copy agent.py and run it
Take a snapshot and save it as "Snapshot1". This should be the same as vmware.conf.
Setup HOST cuckoo configuration
===============================
Edit cuckoo.conf
machinery = vmware
[resultserver]
ip = 192.168.81.1
edit vmware.conf
[cuckoo1]
# Specify the path to vmx file of this virtual machine.
vmx_path = androidvm/ubuntu-14.04.4-desktop-amd64.vmx
# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = linux
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.81.101
edit processing.conf
[apkinfo]
enabled = yes
# Decompiling dex files with androguard in a heavy operation. For large dex
# files it can really take quite a while - it is recommended to limit to a
# certain filesize.
# decompilation_threshold=5000000
[droidmon]
enabled = yes
[googleplay]
enabled = yes
android_id = <add android_id>
google_login = <add google_login>
google_password = <add google_password>
Setup cuckoo as per previous instructions
========================================
git clone git://github.com/cuckoosandbox/cuckoo.git
git clone github.com/idanr1986/cuckoo-droid.git
Setup ubuntu 14.04 virtual machine.
===================================
#sudo apt-get install openjdk-7-jre libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386
sudo apt-get install libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386
Install java and javac that is 1.8 and above
Download java tarball from www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
sudo tar -xvzf jdk-8u102-linux-x64.tar.gz -C /opt/jdk/
cd /opt/jdk/
sudo update-alternatives --install /usr/bin/java java /opt/jdk/jdk1.8.0_102/bin/java 100
sudo update-alternatives --install /usr/bin/javac javac /opt/jdk/jdk1.8.0_102/bin/javac 100
sudo update-alternatives --config java
sudo update-alternatives --config javac
Download latest Android sdk from developer.android.com/studio/index.html
unzip android-studio-ide-143.2915827-linux.zip
sudo mv android-studio /usr/local/
cd /usr/local/android-studio/bin/
./studio.sh
Install multiple android platform up to 4.1.2. Click show package details and include the embedded device images. e.g ARM EABI v7a System Image
Without this, you will encounter the error avd error "No CPU/ABI system image available for this target"
Create new AVD with the following settings:
AVD Name: aosx
Device: Nexus One
Target: Android 4.1.2
CPU/ABI: ARM (armeabi-v7a)
Check Hardware keyboard present
Skin: No Skin
Front Camera: None
Back Camera: None
RAM: 512
VM Heap: 32
Internal Storage: 512 MiB
UNCHECK Use Host GPU
Click OK
Copy /opt/cuckoo-droid/utils/android_emulator_creator /home/<user>/android_emulator_creator_path
cd /home/<user>/android_emulator_creator_path
run emulator with the following command. This will start up the android qemu vm (inside your ubuntu vm)
emulator -avd aosx -qemu -nand -system,size=0x1f400000,file=/home/<user>/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img&
Run the script in utils/android_emulator_creator/create_guest_android_on_linux.sh
This will copy superuser and xposed framework into aosx
Press settings->security->screenlock->none
Press settings->Display->sleep->30 minutes
Start Generate contacts app
Start Supersuser app
Start xposedinstaller app
In Modules, check both packages Droidmon , Android Blue Pill
export PATH="/usr/local/android-studio/bin:/home/z/Android/Sdk/tools:/home/z/Android/Sdk/platform-tools:$PATH"
Edit network connection on ubuntu with the following setting. This setting should be the same as cuckoo.conf.
Host IP address: 192.168.81.101
netmask: 255.255.255.0
gateway: 192.168.81.1
DNS: 8.8.8.8
Copy agent.py and run it
Take a snapshot and save it as "Snapshot1". This should be the same as vmware.conf.
Setup HOST cuckoo configuration
===============================
Edit cuckoo.conf
machinery = vmware
[resultserver]
ip = 192.168.81.1
edit vmware.conf
[cuckoo1]
# Specify the path to vmx file of this virtual machine.
vmx_path = androidvm/ubuntu-14.04.4-desktop-amd64.vmx
# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = linux
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.81.101
edit processing.conf
[apkinfo]
enabled = yes
# Decompiling dex files with androguard in a heavy operation. For large dex
# files it can really take quite a while - it is recommended to limit to a
# certain filesize.
# decompilation_threshold=5000000
[droidmon]
enabled = yes
[googleplay]
enabled = yes
android_id = <add android_id>
google_login = <add google_login>
google_password = <add google_password>