Start Instrument - ZSShen/ProbeDroid GitHub Wiki

Silence SEAndroid

Modern Android enforces SEAndroid mandatory access control. To let the target app load and execute our instrumentation gadgets, we must turn off that access control after the experiment device is boot up.

$ su 0 setenforce 0

After that, we can freely hack the interested app.

Launch ProbeDroid

• Run the ProbeDroid launcher deployed under PATH_IN_DEVICE working directory.

$ ./launcher --app APP_NAME  --lib PATH_LIB  --module PATH_MODULE  --class CLASS_NAME 

--app    [-a] APP_NAME    (The package name (or keyword) of the target app)
--lib    [-l] PATH_LIB    (The *absolute path name* of libProbeDroid.so)
--module [-m] PATH_MODULE (The *absolute path name* of your instrumentation apk)
--class  [-c] CLASS_NAME  (The *fully qualified main class name* of your instrumentation apk)

$ ./launcher --app com.google.android.apps.maps --lib /data/local/tmp/libProbeDroid.so --module /data/local/tmp/StringInspector.apk --class org.zsshen.stringinspector.StringInspector
$ ./launcher -a maps -l /data/local/tmp/libProbeDroid.so -m /data/local/tmp/StringInspector.apk -c org.zsshen.stringinspector.StringInspector

• Monitor the message spewed by logcat daemon.

• Terminate the instrumentation process by kill the PID of target app.

kill -SIGTERM PID