androproto not working

[eonghk]

Hi,
Thank you for developing such an awesome tool!
I'm trying to use your androproto to extract the proto in the GoogleServiceFramework.odex(4.1 version) but androguard seems not be able to solve the "invoke-virtual-quick/vtable" bytecode, then it can't find the "read/set" pair. Any idea?

Regards,
Eong

[egirault]

Hi,
Thanks for your feedback. This script is indeed more like a PoC than a
generic tool. It worked well on Google Play APK but I didn't have the
opportunity to try it on other apps. You can try to troubleshoot the issue
using Androguard or IDA to disassemble the app, follow basic blocks of the
switch within the protobuf parsing method, and see what's wrong.
Unfortunately I do not have much time to work on this now, hopefully I will
soon.

2012/12/18 eonghk [email protected]

Hi,
Thank you for developing such an awesome tool!
I'm trying to use your androproto to extract the proto in the
GoogleServiceFramework.odex(4.1 version) but androguard seems not be able
to solve the "invoke-virtual-quick/vtable" bytecode, then it can't find the
"read/set" pair. Any idea?

Regards,
Eong

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/15.

[eonghk]

Thank you for your reply!
I used baksmali to extract the proto from the dissembled smali files, text scanning, and solved my problem.
I just want to check if androguard will work out. I'm not that familiar with androguard and it has very few documents. Using IDA is not a good idea as it's not a free GNU tool. XD

The problem is in analyse_bb function:
if n == "invoke-virtual":
icn, imn, imd = get_invoked_method_info(i)
l.append( imn ) # class name : icn.split("/")[-1]

if n == "invoke-direct":
  icn, imn, _ = get_invoked_method_info(i)

Actually there is no "invoke-virtual" as the androguard doesn't resolve the vtable part. The instruction looks like this:
invoke-virtual-quick v2, v1, vtable[0x18]
I just want to ask if it is possible to let androguard to load the basic class from another apk or odex(framework.apk) and resolve the vtable?

[egirault]

Yes, Androguard is unfortunately not very documented, but i'm pretty sure
it should be able to parse a vtable, either manually or by hand. I'm really
not a Dalvik expert and don't know how virtual calls are handled, but you
can have a look at Dalvik Opcodes reference. For sure Androguard can load
any files as you want, but I'm not aware of a method for resolving virtual
tables. You should ask its creator, Anthony Desnos :)

2012/12/18 eonghk [email protected]

Thank you for your reply!
I used baksmali to extract the proto from the dissembled smali files, text
scanning, and solved my problem.
I just want to check if androguard will work out. I'm not that familiar
with androguard and it has very few documents. Using IDA is not a good idea
as it's not a free GNU tool. XD

The problem is in analyse_bb function:
if n == "invoke-virtual":
icn, imn, imd = get_invoked_method_info(i)
l.append( imn ) # class name : icn.split("/")[-1]

if n == "invoke-direct":
icn, imn, _ = get_invoked_method_info(i)

Actually there is no "invoke-virtual" as the androguard doesn't resolve
the vtable part. The instruction looks like this:
invoke-virtual-quick v2, v1, vtable[0x18]
I just want to ask if it is possible to let androguard to load the basic
class from another apk or odex(framework.apk) and resolve the vtable?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/15#issuecomment-11479185.

[eonghk]

Thank you. Are you going to add the check-in code? I saw that you already added the proto.

[egirault]

Actually it is not commited into the master branch, the #10 pull request is
still pending. I tested https://github.com/nviennot/android-checkin but I
couldn't make it work. I get an androidID, but I'm not sure the device is
properly registrated as it does not appear under "My devices" on my Google
account parameters. I will try to have a deeper look later when I find some
time.

2012/12/18 eonghk [email protected]

Thank you. Are you going to add the check-in code? I saw that you already
added the proto.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/15#issuecomment-11479651.

[eonghk]

I did some tests and I can confirm it's working. I register a new gmail account and I tried to use the account to do something. Before activating this account on my android device or "checkin-in", the account doesn't work. After "check-in", everything works fine. You may check the "auth" response from Google. Before "check-in", there is no "android" in the "service" section even you activate the "google play" through the web.
And if you can add proxy support and put the proxy config in config.py, that will be great! XD

[egirault]

What kind of operation did you try before "checking in" your account ? Can
you see the device you registered on Google Play Web interface ? I only
tried with an account having already a registered device and couldn't make
the 2nd appear on the interface, so I thought it wasn't registered
correctly.

2012/12/18 eonghk [email protected]

I did some tests and I can confirm it's working. I register a new gmail
account and I tried to use the account to do something. Before activating
this account on my android device or "checkin-in", the account doesn't
work. After "check-in", everything works fine. You may check the "auth"
response from Google. Before "check-in", there is no "android" in the
"service" section even you activate the "google play" through the web.
And if you can add proxy support and put the proxy config in config.py,
that will be great! XD

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/15#issuecomment-11481271.

[eonghk]

I tried to use the account to submit a review for an app.

[eonghk]

And the device also doesn't appear under my account in Google Play. But it doesn't affect the functions except pushing an app to your non-exist device. XD