/** Hook main methods of the ServiceState class */
private void attachOnServiceStateClass() {
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("getIsManualSelection", 1);
methodsToHook.put("getOperatorAlphaLong", 1);
methodsToHook.put("getOperatorAlphaShort", 1);
methodsToHook.put("getOperatorNumeric", 1);
methodsToHook.put("getRoaming", 1);
methodsToHook.put("getState", 1);
methodsToHook.put("setIsManualSelection", 2);
methodsToHook.put("setOperatorName", 2);
methodsToHook.put("setRoaming", 2);
methodsToHook.put("setState", 2);
methodsToHook.put("setStateOff", 2);
methodsToHook.put("setStateOutOfService", 2);
try {
hookMethods(null, "android.telephony.ServiceState", methodsToHook);
SubstrateMain.log("hooking android.telephony.ServiceState methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.telephony.ServiceState methods has failed", e);
}
}
/** Attach on PackageManager class */
private void attachOnPackageManagerClass() {
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("addPermission", 2);
methodsToHook.put("addPermissionAsync", 2);
methodsToHook.put("checkPermission", 0);
methodsToHook.put("getActivityInfo", 1);
methodsToHook.put("getAllPermissionGroups", 1);
methodsToHook.put("getApplicationEnabledSetting", 1);
methodsToHook.put("getInstalledPackages", 1);
// methodsToHook.put("getPackageInfo", 1); //This is quiet verbose and
// frequent...
methodsToHook.put("getPermissionInfo", 1);
methodsToHook.put("getServiceInfo", 1);
methodsToHook.put("getSystemSharedLibraryNames", 1);
methodsToHook.put("hasSystemFeature", 1);
methodsToHook.put("removePermission", 2);
methodsToHook.put("setComponentEnabledSetting", 2);
methodsToHook.put("setApplicationEnabledSetting", 2);
try {
hookMethods(null, "android.app.ApplicationPackageManager", methodsToHook);
SubstrateMain.log("hooking android.app.ApplicationPackageManager methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.app.ApplicationPackageManager methods has failed", e);
}
}
/** Hook main methods of the SmsManager class */
private void attachOnSmsManagerClass() {
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("sendDataMessage", 2);
methodsToHook.put("sendMultipartTextMessage", 2);
methodsToHook.put("sendTextMessage", 2);
try {
hookMethods(null, "android.telephony.SmsManager", methodsToHook);
SubstrateMain.log("hooking android.telephony.SmsManager methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.telephony.SmsManager methods has failed", e);
}
}
/** @return */
private FileOutputStream getCurrentFileOutputStream() {
if (currentFileOutputStream == null) {
File sdCardPath = Environment.getExternalStorageDirectory();
// create directory if it doesn't exist
File outputDir = new File(sdCardPath.getAbsolutePath() + File.separator + OUTPUT_PATH);
if (!outputDir.exists()) {
SubstrateMain.log("Creating the output directtory for event reporting");
outputDir.mkdirs();
}
// delete old log files if exist
String outputPath = outputDir.getAbsolutePath() + File.separator + this.outputFile;
File outputFile = new File(outputPath);
if (outputFile.exists()) {
outputFile.delete();
}
// create the file
try {
outputFile.createNewFile();
} catch (IOException e) {
SubstrateMain.log(
new StringBuilder("Error, impossible to create the file: ")
.append(outputFile.getAbsolutePath())
.toString(),
e);
return null;
}
try {
currentFileOutputStream = new FileOutputStream(outputFile);
} catch (FileNotFoundException e) {
SubstrateMain.log(
new StringBuilder("Error, impossible to open ")
.append(outputFile.getAbsolutePath())
.append(" on the sdcard")
.toString(),
e);
}
}
return currentFileOutputStream;
}
/** Hook main methods of the telephony manager class */
private void attachOnTelephonyManagerClass() {
Map<String, Integer> methodsFromTelephonyManagerToHook = new HashMap<String, Integer>();
methodsFromTelephonyManagerToHook.put("getCellLocation", 1);
methodsFromTelephonyManagerToHook.put("getSubscriberId", 1);
methodsFromTelephonyManagerToHook.put("getDeviceId", 1);
methodsFromTelephonyManagerToHook.put("getDeviceSoftwareVersion", 1);
methodsFromTelephonyManagerToHook.put("getNeighboringCellInfo", 1);
methodsFromTelephonyManagerToHook.put("getNetworkCountryIso", 1);
methodsFromTelephonyManagerToHook.put("getNetworkOperator", 1);
methodsFromTelephonyManagerToHook.put("getNetworkOperatorName", 1);
methodsFromTelephonyManagerToHook.put("getLine1Number", 1);
methodsFromTelephonyManagerToHook.put("getAllCellInfo", 1);
methodsFromTelephonyManagerToHook.put("getCallState", 1);
methodsFromTelephonyManagerToHook.put("getGroupIdLevel1", 1);
methodsFromTelephonyManagerToHook.put("getNetworkType", 1);
methodsFromTelephonyManagerToHook.put("getPhoneType", 1);
methodsFromTelephonyManagerToHook.put("getSimCountryIso", 1);
methodsFromTelephonyManagerToHook.put("getSimOperator", 1);
methodsFromTelephonyManagerToHook.put("getSimOperatorName", 1);
methodsFromTelephonyManagerToHook.put("getSimSerialNumber", 1);
methodsFromTelephonyManagerToHook.put("getSimState", 1);
methodsFromTelephonyManagerToHook.put("getVoiceMailNumber", 1);
methodsFromTelephonyManagerToHook.put("isNetworkRoaming", 1);
Map<String, Object> outputs = new HashMap<String, Object>();
outputs.put("getDeviceId", "134679718293842");
try {
hookMethodsWithOutputs(
null, "android.telephony.TelephonyManager", methodsFromTelephonyManagerToHook, outputs);
SubstrateMain.log("hooking android.telephony.TelephonyManager methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.telephony.TelephonyManager methods has failed", e);
}
}
/** Hook main methods of the SmsMessage class */
private void attachOnSmsMessageClass() {
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("createFromPdu", 2);
methodsToHook.put("getDisplayMessageBody", 1);
methodsToHook.put("getDisplayOriginatingAddress", 21);
methodsToHook.put("getEmailBody", 1);
methodsToHook.put("getEmailFrom", 1);
methodsToHook.put("getIndexOnIcc", 1);
methodsToHook.put("getIndexOnSim", 1);
methodsToHook.put("getMessageBody", 1);
methodsToHook.put("getOriginatingAddress", 1);
methodsToHook.put("getPdu", 1);
methodsToHook.put("getProtocolIdentifier", 1);
methodsToHook.put("getPseudoSubject", 1);
methodsToHook.put("getServiceCenterAddress", 1);
methodsToHook.put("getStatus", 1);
methodsToHook.put("getStatusOnIcc", 1);
methodsToHook.put("getStatusOnSim", 1);
methodsToHook.put("getSubmitPdu", 1);
methodsToHook.put("getUserData", 1);
try {
hookMethods(null, "android.telephony.SmsMessage", methodsToHook);
SubstrateMain.log("hooking android.telephony.SmsMessage methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.telephony.SmsMessage methods has failed", e);
}
try {
hookMethods(null, "android.telephony.gsm.SmsMessage", methodsToHook);
SubstrateMain.log("hooking android.telephony.gsm.SmsMessage methods sucessful");
} catch (HookerInitializationException e) {
SubstrateMain.log("hooking android.telephony.gsm.SmsMessage methods has failed", e);
}
}
/** Attach on ActivityManager class. */
private void attachOnActivityManagerClass() {
final String className = "android.app.ActivityManager";
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("clearApplicationUserData", 2);
methodsToHook.put("dumpPackageState", 1);
methodsToHook.put("getDeviceConfigurationInfo", 0);
methodsToHook.put("getLargeMemoryClass", 0);
methodsToHook.put("getMemoryClass", 0);
methodsToHook.put("getMemoryInfo", 0);
methodsToHook.put("getMyMemoryState", 0);
methodsToHook.put("getProcessMemoryInfo", 0);
methodsToHook.put("getProcessesInErrorState", 0);
methodsToHook.put("getRecentTasks", 0);
methodsToHook.put("getRunningAppProcesses", 0);
methodsToHook.put("getRunningServiceControlPanel", 0);
methodsToHook.put("getRunningServices", 0);
methodsToHook.put("getRunningTasks", 0);
methodsToHook.put("isLowRamDevice", 0);
methodsToHook.put("isRunningInTestHarness", 0);
methodsToHook.put("isUserAMonkey", 0);
methodsToHook.put("killBackgroundProcesses", 0);
methodsToHook.put("moveTaskToFront", 0);
methodsToHook.put("restartPackage", 0);
Map<String, Object> outputs = new HashMap<String, Object>();
outputs.put("isUserAMonkey", false);
try {
hookMethodsWithOutputs(null, className, methodsToHook, outputs);
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods sucessful").toString());
} catch (HookerInitializationException e) {
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods has failed").toString(),
e);
}
}
/** Attach on SecurityManager */
private void attachOnSecurityManagerClass() {
final String className = "java.lang.SecurityManager";
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("checkAccept", 0);
methodsToHook.put("checkAccess", 0);
methodsToHook.put("checkConnect", 0);
methodsToHook.put("checkCreateClassLoader", 0);
methodsToHook.put("checkDelete", 0);
methodsToHook.put("checkExec", 0);
methodsToHook.put("checkExit", 0);
methodsToHook.put("checkLink", 0);
methodsToHook.put("checkListen", 0);
methodsToHook.put("checkMulticast", 0);
methodsToHook.put("checkPackageAccess", 0);
methodsToHook.put("checkPackageDefinition", 0);
methodsToHook.put("checkPermission", 0);
methodsToHook.put("checkPrintJobAccess", 0);
methodsToHook.put("checkPropertiesAccess", 0);
methodsToHook.put("checkPropertyAccess", 0);
methodsToHook.put("checkRead", 0);
methodsToHook.put("checkSecurityAccess", 0);
methodsToHook.put("checkSetFactory", 0);
methodsToHook.put("checkSystemClipboardAccess", 0);
methodsToHook.put("checkWrite", 0);
methodsToHook.put("checkSecurityContext", 0);
try {
hookMethods(null, className, methodsToHook);
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods sucessful").toString());
} catch (HookerInitializationException e) {
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods has failed").toString(),
e);
}
}
/** Attach on PowerManager class. */
private void attachOnPowerManagerClass() {
final String className = "android.os.PowerManager";
Map<String, Integer> methodsToHook = new HashMap<String, Integer>();
methodsToHook.put("goToSleep", 0);
methodsToHook.put("isScreenOn", 0);
methodsToHook.put("newWakeLock", 1);
methodsToHook.put("reboot", 1);
methodsToHook.put("userActivity", 1);
methodsToHook.put("wakeUp", 1);
try {
hookMethods(null, className, methodsToHook);
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods sucessful").toString());
} catch (HookerInitializationException e) {
SubstrateMain.log(
new StringBuilder("hooking ").append(className).append(" methods has failed").toString(),
e);
}
}
/** @param jsonEvent */
private void writeToFile(String jsonEvent) {
FileOutputStream fos = this.getCurrentFileOutputStream();
if (fos != null) {
byte[] data = new String(jsonEvent + EVENT_DELIMITER).getBytes();
try {
fos.write(data);
fos.flush();
} catch (IOException e) {
SubstrateMain.log(
new StringBuilder("Error, while writing (or flushing) file ")
.append(this.outputFile)
.append(" on the sdcard")
.toString(),
e);
}
}
}
@Override
protected void report(InterceptEvent event) {
SubstrateMain.log("File reporter write to file an event.");
this.writeToFile(event.toJson());
}
