All Projects → tkmru → dumproid

tkmru / dumproid

Licence: GPL-3.0 license
Android process memory dump tool without ndk.

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects

Projects that are alternatives of or similar to dumproid

Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+18467.27%)
Mutual labels:  android-security, mobile-security
Dexcalibur
[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+830.91%)
Mutual labels:  android-security, mobile-security
mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (+154.55%)
Mutual labels:  android-security, mobile-security
Evabs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (+214.55%)
Mutual labels:  android-security, mobile-security
Apkleaks
Scanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+4821.82%)
Mutual labels:  android-security, mobile-security
Rms Runtime Mobile Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+2070.91%)
Mutual labels:  android-security, mobile-security
Adhrit
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (+625.45%)
Mutual labels:  android-security, mobile-security
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+3240%)
Mutual labels:  android-security, mobile-security
Ovaa
Oversecured Vulnerable Android App
Stars: ✭ 152 (+176.36%)
Mutual labels:  android-security, mobile-security
remote-adb-scan
pure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-65.45%)
Mutual labels:  android-security, mobile-security
vminspect
Tools for inspecting disk images
Stars: ✭ 25 (-54.55%)
Mutual labels:  forensics
uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+372.73%)
Mutual labels:  forensics
fingerprint denoising
U-Net for fingerprint denoising
Stars: ✭ 19 (-65.45%)
Mutual labels:  forensics
Vol3xp
Volatility Explorer Suit
Stars: ✭ 31 (-43.64%)
Mutual labels:  forensics
btrfscue
Recover files from damaged BTRFS filesystems
Stars: ✭ 28 (-49.09%)
Mutual labels:  forensics
android-webauthn-authenticator
A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.
Stars: ✭ 101 (+83.64%)
Mutual labels:  android-security
SDR-Detector
GSM Scanner, RTL-SDR, StingWatch, Meteor
Stars: ✭ 56 (+1.82%)
Mutual labels:  mobile-security
yara-forensics
Set of Yara rules for finding files using magics headers
Stars: ✭ 115 (+109.09%)
Mutual labels:  forensics
powerauth-mobile-sdk
PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).
Stars: ✭ 27 (-50.91%)
Mutual labels:  mobile-security
sqbrite
SQBrite is a data recovery tool for SQLite databases
Stars: ✭ 27 (-50.91%)
Mutual labels:  forensics

Dumproid

GitHub release License: MIT

Dumproid is Android process memory dump tool without ndk. It is dumping memory from /proc/<pid>/mem.

Installation

Download the binary from GitHub Releases and push it to android using adb.

$ adb push dumproid /data/local/tmp/dumproid

How to Build

You need Go 1.13 compiler. After the build is complete, if adb is connected, place the built binary in /data/local/tmp/ on Android.

$ make
GOOS=linux GOARCH=arm64 GOARM=7 go build -o dumproid
/bin/sh -c "adb push dumproid /data/local/tmp/dumproid"
dumproid: 1 file pushed. 24.1 MB/s (4977746 bytes in 0.197s)

Usage

Start-up

When android device is rooted:

$ adb shell
$ su
# /data/local/tmp/dumproid -p <PID> <some option>
               
██████╗ ██╗   ██╗███╗   ███╗██████╗ ██████╗  ██████╗ ██╗██████╗
██╔══██╗██║   ██║████╗ ████║██╔══██╗██╔══██╗██╔═══██╗██║██╔══██╗
██║  ██║██║   ██║██╔████╔██║██████╔╝██████╔╝██║   ██║██║██║  ██║
██║  ██║██║   ██║██║╚██╔╝██║██╔═══╝ ██╔══██╗██║   ██║██║██║  ██║
██████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ██║  ██║╚██████╔╝██║██████╔╝
╚═════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚═╝  ╚═╝ ╚═════╝ ╚═╝╚═════╝

When the target app is debuggable and android device is not rooted:

$ adb shell
$ pm list packages # to check <target-package-name>
# run-as <target-package-name>
# cp /data/local/tmp/dumproid ./dumproid
# ./dumproid <some option>
               
██████╗ ██╗   ██╗███╗   ███╗██████╗ ██████╗  ██████╗ ██╗██████╗
██╔══██╗██║   ██║████╗ ████║██╔══██╗██╔══██╗██╔═══██╗██║██╔══██╗
██║  ██║██║   ██║██╔████╔██║██████╔╝██████╔╝██║   ██║██║██║  ██║
██║  ██║██║   ██║██║╚██╔╝██║██╔═══╝ ██╔══██╗██║   ██║██║██║  ██║
██████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ██║  ██║╚██████╔╝██║██████╔╝
╚═════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚═╝  ╚═╝ ╚═════╝ ╚═╝╚═════╝

Dump memory

Dump To File

Permissions like rwxs can be specified as a filter. By default, files are dumped under /data/local/tmp/.

sargo:/ # /data/local/tmp/dumproid -q -p 24264 --filter rw-p 
Output Dir: /data/local/tmp/20200315194818
  Dump File: 12c00000-131c0000__dev_ashmem_dalvik-main_space_(region_space)_(deleted)
  Dump File: 13340000-2ac00000__dev_ashmem_dalvik-main_space_(region_space)_(deleted)
  Dump File: 6f181000-6f3a6000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f3bc000-6f4b3000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f4c5000-6f4f6000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f4f9000-6f526000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f529000-6f57f000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f586000-6f5db000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f5e2000-6f61d000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6f628000-6fe2a000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6fe8a000-6ff6c000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ff7e000-6ff89000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ff8b000-6ffa0000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ffa2000-6ffa5000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ffa5000-6ffa9000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ffab000-6ffac000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 6ffad000-6ffb0000__data_dalvik-cache_arm_system@[email protected]
  Dump File: 70365000-70366000_[anon:.bss]
  Dump File: 707e5000-707e6000__system_framework_arm_boot.oat

Transfer dumped files to your PC using adb pull:

$ adb pull /data/local/tmp/20200315194818 
/data/local/tmp/20200315194818/: 736 files pulled. 30.0 MB/s (583184384 bytes in 18.552s)

Print hexdump

Use the dump option to display memory like a hexdump.

sargo:/ # /data/local/tmp/dumproid -q -p 24264 -a 0xf0c9e000 --dump                                                                                                         
00000000  00 40 00 00 d0 60 b7 f0  01 00 00 00 14 71 b7 f0  |.@...`.......q..|
00000010  2d 33 bf f0 00 00 00 00  00 00 00 00 1c e0 c9 f0  |-3..............|
00000020  2f 73 79 73 74 65 6d 2f  62 69 6e 2f 6c 69 6e 6b  |/system/bin/link|
00000030  65 72 00 00 1d 00 00 00  02 00 00 00 00 10 00 00  |er..............|
00000040  40 e0 c9 f0 40 e0 c9 f0  35 d7 c2 f0 4c e0 c9 f0  |@[email protected]...|
00000050  4c e0 c9 f0 00 00 00 00  00 00 00 00 ca 82 c8 f0  |L...............|
00000060  00 00 00 00 ff ff ff ff  00 00 00 00 e1 82 c8 f0  |................|
00000070  00 00 00 00 ff ff ff ff  00 00 00 00 95 26 c3 f0  |.............&..|
00000080  00 00 00 00 00 00 00 00  f3 82 c8 f0 00 00 00 00  |................|
00000090  ff ff ff ff fe 00 00 00  09 83 c8 f0 00 00 00 00  |................|
000000a0  ff ff ff ff fe 00 00 00  59 27 c3 f0 ac e0 c9 f0  |........Y'......|
000000b0  ac e0 c9 f0 27 28 c8 f0  79 27 c3 f0 b1 27 c3 f0  |....'(..y'...'..|
000000c0  d5 27 c3 f0 f1 27 c3 f0  f5 28 c3 f0 61 29 c3 f0  |.'...'...(..a)..|
000000d0  c9 29 c3 f0 4d 2a c3 f0  ad 2a c3 f0 0d 2b c3 f0  |.)..M*...*...+..|
000000e0  1d 2b c3 f0 99 2b c3 f0  e8 e0 c9 f0 e8 e0 c9 f0  |.+...+..........|
000000f0  f0 e0 c9 f0 f0 e0 c9 f0  f8 e0 c9 f0 f8 e0 c9 f0  |................|

Check memory mapping

Use the maps option to display memory mapping.

sargo:/ # /data/local/tmp/dumproid -q -p 24264 --maps --filter rw-p                                                                                                         
12c00000-131c0000 rw-p 00000000 00:05 23292                              /dev/ashmem/dalvik-main space (region space) (deleted)
13340000-2ac00000 rw-p 00740000 00:05 23292                              /dev/ashmem/dalvik-main space (region space) (deleted)
6f181000-6f3a6000 rw-p 00000000 fd:01 221                                /data/dalvik-cache/arm/system@[email protected]
6f3bc000-6f4b3000 rw-p 00000000 fd:01 229                                /data/dalvik-cache/arm/system@[email protected]
6f4c5000-6f4f6000 rw-p 00000000 fd:01 232                                /data/dalvik-cache/arm/system@[email protected]
6f4f9000-6f526000 rw-p 00000000 fd:01 235                                /data/dalvik-cache/arm/system@[email protected]
6f529000-6f57f000 rw-p 00000000 fd:01 240                                /data/dalvik-cache/arm/system@[email protected]
6f586000-6f5db000 rw-p 00000000 fd:01 250                                /data/dalvik-cache/arm/system@[email protected]
6f5e2000-6f61d000 rw-p 00000000 fd:01 263                                /data/dalvik-cache/arm/system@[email protected]
6f628000-6fe2a000 rw-p 00000000 fd:01 270                                /data/dalvik-cache/arm/system@[email protected]
6fe8a000-6ff6c000 rw-p 00000000 fd:01 275                                /data/dalvik-cache/arm/system@[email protected]
6ff7e000-6ff89000 rw-p 00000000 fd:01 278                                /data/dalvik-cache/arm/system@[email protected]
6ff8b000-6ffa0000 rw-p 00000000 fd:01 281                                /data/dalvik-cache/arm/system@[email protected]
6ffa2000-6ffa5000 rw-p 00000000 fd:01 284                                /data/dalvik-cache/arm/system@[email protected]
6ffa5000-6ffa9000 rw-p 00000000 fd:01 287                                /data/dalvik-cache/arm/system@[email protected]
6ffab000-6ffac000 rw-p 00000000 fd:01 290                                /data/dalvik-cache/arm/system@[email protected]
6ffad000-6ffb0000 rw-p 00000000 fd:01 293                                /data/dalvik-cache/arm/system@[email protected]
70365000-70366000 rw-p 00000000 00:00 0                                  [anon:.bss]
707e5000-707e6000 rw-p 003b4000 103:25 603                               /system/framework/arm/boot.oat
70967000-70968000 rw-p 00000000 00:00 0                                  [anon:.bss]
70c61000-70c62000 rw-p 00182000 103:25 601                               /system/framework/arm/boot-core-libart.oat
...

License

GPLv3 - GNU General Public License, version 3

Copyright (C) 2020 tkmru

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].