Merge branch 'main' of github.com:TongchengOpenSource/AppScan into fix-markError

Author: ChnMig

README.md

@@ -35,13 +35,23 @@ AppScan 这款隐私合规检测工具, 它是一款基于动态分析, 可以
 - android: 8.x及以上
 - app: 64位/未加固(有时候引入的第三方sdk也会自带一些反检测功能)
 
+## 模拟器
+根据 https://github.com/TongchengOpenSource/AppScan/discussions/29 的投票结果, 我们对MuMu和雷神进行了适配工作
+目前模拟器支持未完全上线, 用户可在 release 中下载pre版本进行测试
+目前支持的模拟器
+- 雷神模拟器9(需要在 设置-其他设置 中开启root权限, 设置ADB调试为'开启本地连接')
+
+目前暂不支持的模拟器
+- MuMu模拟器12(未找到ADB开关, 导致ADB无法识别到设备)
+
 ## 使用文档
 > 使用者查看此文档即可
 
 🏠[使用文档](https://github.com/TongchengOpenSource/AppScan/wiki)
 
 ## 开发文档
 > 开发者需要额外查看文档
+
 ### 架构
 👽[架构说明](./doc/architecture.md)
 
@@ -83,3 +93,9 @@ AppScan 这款隐私合规检测工具, 它是一款基于动态分析, 可以
 - FW5215118
 - mOan1215
 - wxid_yrhfgzsdjoj422
+
+## 404星链计划
+
+<img src="https://github.com/knownsec/404StarLink-Project/raw/master/logo.png" width="30%">
+
+AppScan 现已加入 [404星链计划](https://github.com/knownsec/404StarLink)

change-demo.md

@@ -0,0 +1,9 @@
+## 🆕新功能
+- XXXXXX
+- XXXXXX
+## 💯优化
+- XXXXXX
+- XXXXXX
+## 🐛修复
+- XXXXXX
+- XXXXXX

doc/build.md

@@ -4,8 +4,9 @@
 > 务必已经布置好了开发环境
 1. 进入 helper 文件夹
 2. 打开命令行
-3. 执行 `pyinstaller ./main.spec`
-4. 打包完成后, 会在 helper/dist 文件夹下生成文件夹, 将文件夹内的所有文件复制备用
+3. 进入虚拟环境 `.\venv\Scripts\activate`
+4. 执行 `pyinstaller ./main.spec`
+5. 打包完成后, 会在 helper/dist 文件夹下生成文件夹, 将文件夹内的所有文件复制备用
 
 ## view
 > 务必已经布置好了开发环境
@@ -14,4 +15,4 @@
 3. 打开命令行
 4. 执行 `corepack enable` 开启corepack
 5. 执行 `npx quasar build -m electron`
-6. 打包完成后, 会在 `dist\electron\Packaged` 文件夹下生成 `appScan Setup xx.exe` 文件, 双击安装即可
+6. 打包完成后, 会在 `dist\electron\Packaged` 文件夹下生成 `appScan Setup xx.exe` 文件, 双击安装即可

helper/custom.js

@@ -638,15 +638,22 @@ function useModule(moduleList) {
 
 function main() {
     try {
+        // Java.perform(function () {
+        //     console.log('[*] ' + get_format_time() + ' 隐私合规检测敏感接口开始监控...');
+        //     send({"type": "isHook"})
+        //     console.log('[*] ' + get_format_time() + ' 检测到安卓版本：' + Java.androidVersion);
+        //     var moduleList;
+        //     recv(function (received_json_object) {
+        //         moduleList = received_json_object.use_module;
+        //     }).wait();
+        //     useModule(moduleList);
+        // });
+        // TODO 模拟器适配
         Java.perform(function () {
             console.log('[*] ' + get_format_time() + ' 隐私合规检测敏感接口开始监控...');
             send({"type": "isHook"})
             console.log('[*] ' + get_format_time() + ' 检测到安卓版本：' + Java.androidVersion);
-            var moduleList;
-            recv(function (received_json_object) {
-                moduleList = received_json_object.use_module;
-            }).wait();
-            useModule(moduleList);
+            useModule({"type": "all"});
         });
     } catch (e) {
         console.log(e)

helper/default.js

@@ -166,9 +166,13 @@ function hookApplicationPackageManagerExceptSelf(targetMethod, action) {
                     if (j === 0) {
                         var string_to_recv;
                         send({'type': 'app_name', 'data': arguments[j]});
+                        // recv(function (received_json_object) {
+                        //     string_to_recv = received_json_object.my_data;
+                        // }).wait();
+                        // TODO 模拟器适配
                         recv(function (received_json_object) {
                             string_to_recv = received_json_object.my_data;
-                        }).wait();
+                        });
                     }
                     arg += '参数' + j + '：' + JSON.stringify(arguments[j]) + '\r\n';
                 }
@@ -624,15 +628,22 @@ function useModule(moduleList) {
 
 function main() {
     try {
+        // Java.perform(function () {
+        //     console.log('[*] ' + get_format_time() + ' 隐私合规检测敏感接口开始监控...');
+        //     send({"type": "isHook"})
+        //     console.log('[*] ' + get_format_time() + ' 检测到安卓版本：' + Java.androidVersion);
+        //     var moduleList;
+        //     recv(function (received_json_object) {
+        //         moduleList = received_json_object.use_module;
+        //     }).wait();
+        //     useModule(moduleList);
+        // });
+        // TODO 模拟器适配
         Java.perform(function () {
             console.log('[*] ' + get_format_time() + ' 隐私合规检测敏感接口开始监控...');
             send({"type": "isHook"})
             console.log('[*] ' + get_format_time() + ' 检测到安卓版本：' + Java.androidVersion);
-            var moduleList;
-            recv(function (received_json_object) {
-                moduleList = received_json_object.use_module;
-            }).wait();
-            useModule(moduleList);
+            useModule({"type": "all"});
         });
     } catch (e) {
         console.log(e)

helper/internal/hook/hook.py

@@ -2,6 +2,7 @@
 import uuid
 import frida
 import logging
+import traceback
 from queue import Queue
 from typing import Optional
 from threading import Thread
@@ -81,11 +82,15 @@ def handler(level, text):
                 if not self.is_attach:
                     device.resume(pid)
             except Exception as e:
-                self.queue.put({"type": "helper_error", "data": str(e)})
+                data = traceback.format_exc()
+                logging.error(data)
+                self.queue.put({"type": "helper_error", "data": data})
                 self.wait_time += 1
                 self.stop()
         except Exception as e:
-            self.queue.put({"type": "helper_error", "data": str(e)})
+            data = traceback.format_exc()
+            logging.error(data)
+            self.queue.put({"type": "helper_error", "data": data})
             self.stop()
 
     def start(self, join: bool = False):

helper/routers/adb/init.py

@@ -36,7 +36,12 @@
         + os.sep
         + "adb"
     )  # 默认mac环境
-frida_server = "hluda-server-15.2.2"
+frida_server_arm = "hluda-server-15.2.2-arm64"
+frida_server_x86 = "hluda-server-15.2.2-x86"
+# 根据手机架构选择 frida-server, arm和x86
+# 兼容模拟器
+detecting_phone_architecture_cmd = [adb_path, "shell", "su -c 'getprop ro.product.cpu.abi'"]
+frida_server = ""
 frida_path = (
     os.path.abspath(os.path.join(os.path.dirname(__file__), "../.."))
     + os.sep
@@ -70,6 +75,96 @@
     "su -c 'setprop persist.device_config.runtime_native.usap_pool_enabled false'",
 ]
 
+def generation_cmd():
+    # 重新生成cmd
+    global adb_path
+    global frida_server
+    global frida_path
+    global colse_SELinux_cmd
+    global kill_cmd
+    global clean_cmd
+    global push_cmd
+    global mv_cmd
+    global chmod_cmd
+    global run_cmd
+    global devices_cmd
+    global root_cmd
+    global stop_adb_cmd
+    global start_adb_cmd
+    global close_usap_cmd
+    global detecting_phone_architecture_cmd
+    global frida_server_arm
+    global frida_server_x86
+    adb_path = (
+        os.path.abspath(os.path.join(os.path.dirname(__file__), "../.."))
+        + os.sep
+        + "static"
+        + os.sep
+        + "windows"
+        + os.sep
+        + "adb.exe"
+    )  # default windows
+    if platform.system().lower() == "darwin":
+        # mac 环境
+        adb_path = (
+            os.path.abspath(os.path.join(os.path.dirname(__file__), "../.."))
+            + os.sep
+            + "static"
+            + os.sep
+            + "darwin"
+            + os.sep
+            + "adb"
+        )  # 默认mac环境
+    frida_server_arm = "hluda-server-15.2.2-arm64"
+    frida_server_x86 = "hluda-server-15.2.2-x86"
+    # 根据手机架构选择 frida-server, arm和x86
+    # 兼容模拟器
+    detecting_phone_architecture_cmd = [adb_path, "shell", "su -c 'getprop ro.product.cpu.abi'"]
+    frida_path = (
+        os.path.abspath(os.path.join(os.path.dirname(__file__), "../.."))
+        + os.sep
+        + "static"
+        + os.sep
+        + frida_server
+    )
+    colse_SELinux_cmd = [adb_path, "shell", "su -c 'setenforce 0'"]
+    kill_cmd = [adb_path, "shell", "su -c 'pkill -9 hluda'"]
+    clean_cmd = [adb_path, "shell", "su -c 'rm -rf /data/local/tmp/*'"]
+    push_cmd = [adb_path, "push", frida_path, "/storage/emulated/0/{}".format(frida_server)]
+    mv_cmd = [
+        adb_path,
+        "shell",
+        "su -c 'mv /storage/emulated/0/{} /data/local/tmp/'".format(frida_server),
+    ]
+    chmod_cmd = [
+        adb_path,
+        "shell",
+        "su -c 'chmod 777 /data/local/tmp/{}'".format(frida_server),
+    ]
+    run_cmd = [adb_path, "shell", "su -c 'nohup /data/local/tmp/{} &'".format(frida_server)]
+    devices_cmd = [adb_path, "devices"]
+    root_cmd = [adb_path, "shell", "su -c 'exit'"]
+    stop_adb_cmd = [adb_path, "kill-server"]
+    start_adb_cmd = [adb_path, "start-server"]
+    # https://github.com/frida/frida/issues/1788
+    close_usap_cmd = [
+        adb_path,
+        "shell",
+        "su -c 'setprop persist.device_config.runtime_native.usap_pool_enabled false'",
+    ]
+
+def detecting_phone_architecture():
+    # 检测手机架构
+    global frida_server
+    result = subprocess.Popen(detecting_phone_architecture_cmd, stdout=subprocess.PIPE).communicate()
+    outdata = result[0].decode("utf-8")
+    if "arm" in outdata:
+        frida_server = frida_server_arm
+    elif "x86" in outdata:
+        frida_server = frida_server_x86
+    else:
+        raise Exception("手机架构不支持", outdata)
+    return frida_server
 
 @router.post("", response_model=ApiBaseResponse, response_model_exclude_unset=False)
 async def init():
@@ -91,6 +186,9 @@ async def init():
         # kill 可能残留的进程
         subprocess.call(kill_cmd)
         time.sleep(2)
+        # 获取手机架构
+        detecting_phone_architecture()
+        generation_cmd()
         # 清理数据
         subprocess.call(clean_cmd)
         # 推送 frida-server 到设备