: : :
t#, t#, t#,
i ;##W. . ;##W. ;##W.
LE :#L:WE Ef. :#L:WE GEEEEEEEL :#L:WE .. : f. ;WE.
L#E .KG ,#D E#Wi .KG ,#D ,;;L#K;;. .KG ,#D ,W, .Et E#, i#G
G#W. EE ;#f E#K#D: EE ;#f t#E EE ;#f t##, ,W#t E#t f#f
D#K. f#. t#iE#t,E#f. f#. t#i t#E f#. t#i L###, j###t E#t G#i
E#K. :#G GK E#WEE##Wt:#G GK t#E :#G GK .E#j##, G#fE#t E#jEW,
.E#E. ;#L LW. E##Ei;;;;.;#L LW. t#E ;#L LW. ;WW; ##,:K#i E#t E##E.
.K#E t#f f#: E#DWWt t#f f#: t#E t#f f#: j#E. ##f#W, E#t E#G
.K#D f#D#; E#t f#K; f#D#; t#E f#D#; .D#L ###K: E#t E#t
.W#G G#t E#Dfff##E, G#t t#E G#t :K#t ##D. E#t E#t
:W##########Wt t jLLLLLLLLL; t fE t ... #G .. EE.
:,,,,,,,,,,,,,. : j t
Lobotomy is an Android security toolkit that will automate different Android assessments and reverse engineering tasks. The goal of the Lobotomy toolkit is to provide a console environment, which would allow a user to load their target Android APK once, then have all the necessary tools without needing to exit that environment.
Lobotomy leverages and provides wrappers around other popular tools such as:
./setup.sh
In order to use the Frida instrumentation module please make sure you have pushed the frida-server binary over to your target device and executed it.
$ adb push frida-server /data/local/tmp/
root@android:/ # /data/local/tmp/frida-server
Make sure you change the IP in framework/config to your local network IP. This is used for the interactions with the deployed web services.
(lobotomy) help
Documented commands (type help <topic>):
----------------------------------------
_load components edit li pause run show
_relative_load d2j frida list permissions save
attacksurface debuggable hi load profiler set
bowser decompile history loader py shell
cmdenvironment ed l logcat r shortcuts
Undocumented commands:
----------------------
EOF eof exit help q quit
[~/Tools/mobile/android/lobotomy]> python web/run.py runserver -h 0.0.0.0
UI endpoints are located at: /ui/home
[~/Tools/mobile/android/lobotomy]> python lobotomy.py
: : :
t#, t#, t#,
i ;##W. . ;##W. ;##W.
LE :#L:WE Ef. :#L:WE GEEEEEEEL :#L:WE .. : f. ;WE.
L#E .KG ,#D E#Wi .KG ,#D ,;;L#K;;. .KG ,#D ,W, .Et E#, i#G
G#W. EE ;#f E#K#D: EE ;#f t#E EE ;#f t##, ,W#t E#t f#f
D#K. f#. t#iE#t,E#f. f#. t#i t#E f#. t#i L###, j###t E#t G#i
E#K. :#G GK E#WEE##Wt:#G GK t#E :#G GK .E#j##, G#fE#t E#jEW,
.E#E. ;#L LW. E##Ei;;;;.;#L LW. t#E ;#L LW. ;WW; ##,:K#i E#t E##E.
.K#E t#f f#: E#DWWt t#f f#: t#E t#f f#: j#E. ##f#W, E#t E#G
.K#D f#D#; E#t f#K; f#D#; t#E f#D#; .D#L ###K: E#t E#t
.W#G G#t E#Dfff##E, G#t t#E G#t :K#t ##D. E#t E#t
:W##########Wt t jLLLLLLLLL; t fE t ... #G .. EE.
:,,,,,,,,,,,,,. : j t
(lobotomy) loader /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk
[2015-08-03 19:16:44.866870] Loading : /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk
(lobotomy)
(lobotomy) permissions list
[2015-08-03 19:27:31.175369] Permission: android.permission.ACCESS_FINE_LOCATION
[2015-08-03 19:27:31.175409] Permission: android.permission.ACCESS_NETWORK_STATE
[2015-08-03 19:27:31.175421] Permission: android.permission.INTERNET
[2015-08-03 19:27:31.175430] Permission: android.permission.NFC
[2015-08-03 19:27:31.175438] Permission: android.permission.WRITE_EXTERNAL_STORAGE
[2015-08-03 19:27:31.175446] Permission: com.android.launcher.permission.INSTALL_SHORTCUT
[2015-08-03 19:27:31.175454] Permission: com.opera.GET_BRANDING
[2015-08-03 19:27:31.175461] Permission: com.opera.mini.native.permission.CRASHHANDLER
[2015-08-03 19:27:31.175469] Permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
[2015-08-03 19:27:31.175477] Permission: android.permission.SYSTEM_ALERT_WINDOW
[2015-08-03 19:27:31.175484] Permission: android.permission.WAKE_LOCK
[2015-08-03 19:27:31.175491] Permission: com.google.android.c2dm.permission.RECEIVE
[2015-08-03 19:27:31.175498] Permission: com.opera.mini.native.permission.C2D_MESSAGE
[2015-08-03 19:27:31.175505] Permission: android.permission.READ_CONTACTS
[2015-08-03 19:27:31.175571] Permission: android.permission.VIBRATE
(lobotomy) permissions map
[2015-08-03 19:28:07.078496] Found permission mapping : android.permission.ACCESS_FINE_LOCATION
[2015-08-03 19:28:07.078543] Searching for : android.telephony.TelephonyManager
[2015-08-03 19:28:12.686411] Searching for : android.location.LocationManager
1 Lbo/app/bs;-><init>(Landroid/content/Context; Landroid/location/LocationManager; Lbo/app/bb; Lcom/appboy/configuration/XmlAppConfigurationProvider;)V (0x120) ---> Landroid/location/LocationManager;->requestLocationUpdates(Ljava/lang/String; J F Landroid/app/PendingIntent;)V
1 Lpz;->a()V (0x20) ---> Landroid/location/LocationManager;->requestLocationUpdates(Ljava/lang/String; J F Landroid/location/LocationListener;)V
1 Lbo/app/bs;->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lpy;->a(Llb;)Landroid/location/Location; (0x50) ---> Landroid/location/LocationManager;->getProviders(Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lbo/app/bs;->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager;->getProviders(Landroid/location/Criteria; Z)Ljava/util/List;
1 Lkf;->detectlocation(Ljava/lang/String;)V (0x9e) --->
(lobotomy) attacksurface
[2015-08-03 19:29:02.272276] ---------
[2015-08-03 19:29:02.272317] Activites
[2015-08-03 19:29:02.272327] ---------
[2015-08-03 19:29:02.272472] com.opera.android.MiniActivity : Found Activity with launchMode!
[2015-08-03 19:29:02.272507] com.opera.android.MiniActivity : launchMode : singleTask
[2015-08-03 19:29:02.272778] com.opera.mini.android.Browser : Found Activity with launchMode!
[2015-08-03 19:29:02.272793] com.opera.mini.android.Browser : launchMode : singleTask
[2015-08-03 19:29:02.272900] com.opera.mini.android.Browser : Found Activity with schemes!
[2015-08-03 19:29:02.272912] com.opera.mini.android.Browser : scheme : ftp
[2015-08-03 19:29:02.272932] com.opera.mini.android.Browser : scheme : about
[2015-08-03 19:29:02.272943] com.opera.mini.android.Browser : scheme : http
[2015-08-03 19:29:02.272952] com.opera.mini.android.Browser : scheme : opera
[2015-08-03 19:29:02.272961] com.opera.mini.android.Browser : scheme : adx
[2015-08-03 19:29:02.272970] com.opera.mini.android.Browser : scheme : https
[2015-08-03 19:29:02.273250] com.opera.mini.android.Browser : action : android.intent.action.MAIN
[2015-08-03 19:29:02.273263] com.opera.mini.android.Browser : action : android.intent.action.VIEW
[2015-08-03 19:29:02.273272] com.opera.mini.android.Browser : action : android.nfc.action.NDEF_DISCOVERED
[2015-08-03 19:29:02.273280] com.opera.mini.android.Browser : action : android.speech.action.VOICE_SEARCH_RESULTS
[2015-08-03 19:29:02.273289] com.opera.mini.android.Browser : action : android.intent.action.WEB_SEARCH
[2015-08-03 19:29:02.273297] com.opera.mini.android.Browser : category : android.intent.category.LAUNCHER
[2015-08-03 19:29:02.273305] com.opera.mini.android.Browser : category : android.intent.category.DEFAULT
[2015-08-03 19:29:02.273313] com.opera.mini.android.Browser : category : android.intent.category.BROWSABLE
[2015-08-03 19:29:02.273321] ---------
[2015-08-03 19:29:02.273328] Receivers
[2015-08-03 19:29:02.273335] ---------
[2015-08-03 19:29:02.273712] com.AdX.tag.AdXAppTracker : Found exported receiver!
[2015-08-03 19:29:02.273724] com.AdX.tag.AdXAppTracker : exported : true
[2015-08-03 19:29:02.273880] com.AdX.tag.AdXAppTracker : action : com.android.vending.INSTALL_REFERRER
[2015-08-03 19:29:02.274348] com.opera.android.gcm.GcmBroadcastReceiver : action : com.google.android.c2dm.intent.RECEIVE
[2015-08-03 19:29:02.274361] com.opera.android.gcm.GcmBroadcastReceiver : category : com.opera.mini.native
[2015-08-03 19:29:02.274821] com.opera.android.appboy.AppboyBroadcastReceiver : action : com.opera.mini.native.intent.APPBOY_PUSH_RECEIVED
[2015-08-03 19:29:02.274833] com.opera.android.appboy.AppboyBroadcastReceiver : action : com.opera.mini.native.intent.APPBOY_NOTIFICATION_OPENED
[2015-08-03 19:29:02.274842] ---------
[2015-08-03 19:29:02.274848] Providers
[2015-08-03 19:29:02.274855] ---------
[2015-08-03 19:29:02.275486] ---------
[2015-08-03 19:29:02.275494] Services
[2015-08-03 19:29:02.275511] ---------