Skip to content

Latest commit

 

History

History
123 lines (97 loc) · 4.28 KB

README.md

File metadata and controls

123 lines (97 loc) · 4.28 KB

Logo

Python Version License

PAPIMonitor (Python API Monitor for Android apps) is a python tool based on Frida for monitoring user-select APIs during the app execution. The app should be installed within an emulator already connected through ADB to the pc host. The user can choose to monitor a predefined list of APIs divided into several categories (e.g., Device Data, Device Info, SMS) or a custom list of APIs passed through the command line to the script. The tool stores the invoked API, the parameters, the return value, and the line and file from where it was called.

Below is an example of output:

{   
    "category": "Custom", 
    "class": "com.dave.popupre.MainActivity", 
    "method": "getText", 
    "args": [], 
    "calledFrom": "com.dave.popupre.MainActivity$1.onClick(MainActivity.java:26)", 
    "returnValue": "Hello Toast!", 
    "time": "03/09/2021, 14:43:06"
}

⚠️ Warning with Google Emulator

Google Emulator Ubuntu Windows MacOS
7.x x86 ✔️ ✔️ ✔️
8.x x86 ✔️ ✔️ ✔️
9.0 x86 ✔️ ✔️ ✔️
10.0 x86 ✔️ ✔️ ✔️
11.0 x86 ✔️ ✔️ ✔️
12.0 x86 ✔️ ✔️ ✔️

⚠️ Frida seems broken on Android 11-12 (x86_64) (Google Emulatore).


Installation

General requirements:

sudo apt-get install libjpeg-dev zlib1g-dev

Installation with pyenv and virtualenv

pyenv install 3.8.0
pyenv virtualenv 3.8.0 papi-monitor
pyenv activate 3.8.0/envs/papi-monitor
pip3 install -r requirements

Installation with virtualenv

  • install virtualenv
sudo apt-get install python3-virtualenv
  • activate virtualenv
virtualenv env
source env/bin/activate
  • install requirements
pip install -r requirements
  • Download frida-server in resources/frida-server/

Post Installation

  • adb in path file
  • emulator/device already running and connect

Usage

python papi_monitor.py --package-name com.package.name --filter "Crypto"
python papi_monitor.py --file-apk app.apk --api-monitor api_personalized.json
python papi_monitor.py --package-name com.package.name --api-monitor api_personalized.json
python papi_monitor.py --package-name com.package.name --filter "ALL"
python papi_monitor.py --package-name com.package.name --api-monitor api_personalized.json --store-script True --filter "Crypto" "Crypto - Hash"
python papi_monitor.py --package-name com.package.name --api-monitor api_personalized.json --pinning-bypass --antiroot-bypass     

Predefined Categories

  • Device Data
  • Device Info
  • SMS
  • System Manager
  • Base64 encode/decode
  • Dex Class Loader
  • Network
  • Crypto
  • Crypto - Hash
  • Binder
  • IPC
  • Database
  • SharedPreferences
  • WebView
  • Java Native Interface
  • Command
  • Process
  • FileSytem - Java

Frida Script

A lot of Frida Script for Android can be found here.