GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nccgroup → House

nccgroup / House

Licence: mit
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

androidmobilepentest-toolfrida

Projects that are alternatives of or similar to House

Objection
📱 objection - runtime mobile exploration
Stars: ✭ 4,404 (+383.96%)
Mutual labels:  frida, mobile
Command Mobile Penetration Testing Cheatsheet
Mobile penetration testing android & iOS command cheatsheet
Stars: ✭ 221 (-75.71%)
Mutual labels:  frida, mobile
Socialfishmobile
📱 🐟 An app to remote control SocialFish.
Stars: ✭ 200 (-78.02%)
Mutual labels:  pentest-tool, mobile
Frida Scripts
A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
Stars: ✭ 665 (-26.92%)
Mutual labels:  frida, mobile
Flutter Tutorial
Learn how to start creating a Flutter application, first edition in the tutorial series.
Stars: ✭ 12 (-98.68%)
Mutual labels:  mobile
Cve 2016 8610 Poc
CVE-2016-8610 (SSL Death Alert) PoC
Stars: ✭ 26 (-97.14%)
Mutual labels:  pentest-tool
Didicallcar
这是我自己做的一个类似滴滴打车的Android出行项目,主要针对滴滴等出行平台一直饱受质疑的“人车不符”问题,以及当前越发火热的或计划和出海战略,给出行项目增加了下面几个功能: 1. RFID识别验证功能:在司机证件或者车内识别硬件嵌入RFID识别芯片,乘客使用手机读取到芯片信息,并且通过网络发送到出行平台数据库进行验证(我用JNI加了一个C语言的MD5加密算法对识别到的信息进行了加密)。如果不是合规的“人”或“车”,则不能完成订单并向平台或监管单位汇报当前位置。(为了方便读者测试,可以使用手机读取任何一个加密或非加密RFID芯片,比如银行卡、公交卡等,我在代码中的验证前阶段把芯片信息都换成我自己的司机信息,确保读者测试时可以收到服务器的回复) 2. 海外版功能:点击切换当前语言。 3. 司机证件号码识别功能:读取司机证件上的证件号码,也可以用来与出行平台数据库的接单司机信息进行。I complete this whole project on my own . Including Android application programming,web server ( Apache + PHP + MySQL), and UI. 1.Map route planing。You can use mobile phone choose pick up & destination address,application provide address name hint and draw optimized route for user , then call car for you. 2.RFID authentication function:User can use application to scan driver license or other RFID hardware, then use NDK MD5 algorithm encrypt RFID number, and send it to Web Server Database, check with driver information and authenticate ID number , if ID number coherent with driver info , send back driver information to User and continue call car order . record user location and alert if ID not coherent. 3.Driver License Number Recognition : Application can recognize driver license digit number ,and also can send to web server for authentication & feed back result to user.
Stars: ✭ 935 (+2.75%)
Mutual labels:  mobile
Ionicitude
AngularJS module for using the Wikitude cordova plugin in an Ionic project.
Stars: ✭ 24 (-97.36%)
Mutual labels:  mobile
Flutterdesignex
Pack of screens and widgets from my Flutter layouting exercises
Stars: ✭ 15 (-98.35%)
Mutual labels:  mobile
Cordova Plugin Camera
Apache Cordova Plugin camera
Stars: ✭ 879 (-3.41%)
Mutual labels:  mobile
Mjolner
Cycript backend powered by Frida.
Stars: ✭ 11 (-98.79%)
Mutual labels:  frida
Amazeui Touch
Web Components for mobile devices based on React.
Stars: ✭ 936 (+2.86%)
Mutual labels:  mobile
Metrica Plugin Xamarin
Xamarin plugin for Yandex AppMetrica SDK
Stars: ✭ 12 (-98.68%)
Mutual labels:  mobile
Android Cookbook Examples
Contributed code examples from O'Reilly Android Cookbook. See #user-content-table README below!
Stars: ✭ 935 (+2.75%)
Mutual labels:  mobile
Immuni App Android
Official repository for the Android version of the immuni application
Stars: ✭ 881 (-3.19%)
Mutual labels:  mobile
Dat React Native
Browse through the web with the Dat protocol in your device!
Stars: ✭ 25 (-97.25%)
Mutual labels:  mobile
Cordova Cli
Apache Cordova CLI
Stars: ✭ 861 (-5.38%)
Mutual labels:  mobile
Voucherify Android Sdk
Android SDK for Voucherify - coupons, vouchers, promo codes
Stars: ✭ 13 (-98.57%)
Mutual labels:  mobile
Awesome Unam
A curated list of awesome engineering ecosystem, including UNAM Projects
Stars: ✭ 10 (-98.9%)
Mutual labels:  mobile
Swipe
Swipe is the most accurate touch slider. Support both React and Angular.
Stars: ✭ 850 (-6.59%)
Mutual labels:  mobile
View All Similar Projects ➔ 
                  ___ ___
                 /   |   \  ____  __ __  ______ ____
                /    ~    \/  _ \|  |  \/  ___// __ \
                \    Y    (  <_> )  |  /\___ \  ___/
                 \___|_  / \____/|____//____  >\___  >
                       \/      House        \/     \/
                
                    Dynamic Mobile Analysis Tool
                    Contact: [email protected]

House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. It is designed for helping assess mobile applications by implementing dynamic function hooking and intercepting and intended to make Frida script writing as simple as possible.

TL;DR

git clone https://github.com/nccgroup/house
cd house
pip3 install -r requirements.txt
pip3 install pipenv
pipenv --python=/usr/bin/python3 install
pipenv --python=/usr/bin/python3 shell
python3 app.py <PORT>

# or:
mkvirtualenv --python=/usr/local/bin/python3 house
workon house
pip install -r requirements.txt
python app.py <PORT>

# or: (only for Mac OS)
git clone https://github.com/nccgroup/house
cd house
pip3 install -r requirements.txt
pip3 install pipenv
pipenv --python=/usr/local/bin/python3 install
pipenv --python=/usr/local/bin/python3 shell
python3 app.py <PORT>

By default, House binds to http://127.0.0.1:8000.

To get an overview of House capabilities, you can visit user's manual for details.

News

  • Added dynamic dex/jar hooking, House now can hook functions in dynamically loaded dex/jar files hook.gif
  • Added Mini Script option for Hooks hook.gif
  • ClassLoader Enum

Note: Make sure to update your Frida version to >= 12.8.3 for /dex/jar function hooking

Example Usage

In this section, a small example is provided to illustrate basic usage of House. The demo case is performed against a small testing android application: com.ha0k3.overloads.

Start

  • Make sure an Android device is plugged in over USB and Frida server is running on the device. Check the Frida server is successfully spawned using the following command: frida-ps -U.

  • Start the House application by running app.py : python app.py <PORT>.

  • Open a browser and navigate to http://127.0.0.1:PORT.

  • Observe the device information is displayed on the page, if not, click the Refresh button or restart the application and Frida server. start.gif

Monitor

  • Dynamically generating hook script from templates based on the config file, monitor key operations including FILEIO, IPC, etc.

monitor.png

  • It is experimental at this point, If you find more functions needed to be hooked, feel free to let me know or file a PR.

Preload & Sideload

  • House now support sideload. It supports stetho side loading at this point; which makes it easier for us to examine the UI; storage; etc. sideload_stetho.png
  • It is experimental at this point, but more functionalities such as SSLStrip will be added under this tab.

Enumeration

  • Enumerate all loaded classes: enum_load.gif
  • Enumerate all classes in the Dex file: enum_dex.gif
  • Enumerates all methods within a given class enum_method1.gif enum_method2.gif
  • History Scripts management enum_history_script.gif

Multiple Function Tracing

  • Scripts rendering and Function Tracing hook.gif

  • Hooks for functions in dynamically loaded dex/jar files hook.gif

  • Mini Script option hook.gif

  • History Scripts management hook_history_script.gif

Function intercepting

  • Via House, researchers can dynamically change the arguments being passed to the target functions and forward it. int1.gif

  • Sometimes House cannot perfectly parse argument informations. For example, an arguments can be with special type. In the example app, it implemented isLit function that takes customized object as its argument. To tackle those situations, a simple "REPL" is provided by House. Security researchers can dynamically type in Frida script in the REPL and modify the function behaviors. int2.gif

  • Several REPL functions were provided by House to make the testing easier:

    • inspectObject(obj) uses java.lang.reflect to inspect fields information within an object.
    • setRetval(ret) takes a parameter and will try to cast it to the correct return type using the original return value's constructor.
    • getStackTrace() will print the stack trace.
    • More REPL functions will be added in the future.

    int3.gif

Note: For constructor method hooking/intercept, input $init as method name.

FAQ

Prerequisite:

To make House work; you would need:

  1. A rooted android device with frida-server running plugged in your computer, use only one USB device is recommended.
  2. Local frida-python version matches frida-server's.

Cannot get device? Does not work?

Also please try to restart both the frida server and House, if still not working, please file an issue.

Time out error?

Often occues when there are multiple USB devices connected, try to restart the target application.

Frida error?

House has been tested using Frida version 12.8.6; there might be some issues with some other versions, also make sure frida-python matches frida-server's version. If still not working, try to run the generated frida scripts manually to see if it works.

Acknowledgements

Special thanks to following open-source projects for inspirations on House:

  1. Frida, the great instrumentation toolkit that making all of these possible.
  2. Objection, an inspiration and guide in building part of the Frida templating scripts of House.
  3. Inspeckage, an inspiration on the Monitor functionality of House.
  4. 0xdea/frida-scripts - a great Frida scripts arsenal.

Contact

If you have more questions about House, or want to help extending it, feel free to contact:

@haoOnBeat

Or send an email to: Hao Ke

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].