Android-APP隐私合规检测Camille(安卓root模拟器)

根据隐私合规的场景，辅助检查是否符合隐私合规标准.

准备工作:

android studio模拟器(root权限)
python3环境
下载camille
下载pc端frida(pip)
手工下载安卓端frida

下面就开始,第一步下载camille

$ git clone https://github.com/zhengjim/camille
$ cd camille
$ pip3 install -r requirements.txt
Collecting xlwt==1.3.0
  Downloading xlwt-1.3.0-py2.py3-none-any.whl (99 kB)
     |████████████████████████████████| 99 kB 231 kB/s
Collecting click==7.1.2
  Using cached click-7.1.2-py2.py3-none-any.whl (82 kB)
Installing collected packages: xlwt, click
Successfully installed click-7.1.2 xlwt-1.3.0
WARNING: You are using pip version 21.1.1; however, version 22.2 is available.
You should consider upgrading via the '/mnt/python.exe -m pip install --upgrade pip' command.
$ python3 camille.py -h
Traceback (most recent call last):
  File "camille.py", line 1, in <module>
    import frida
ModuleNotFoundError: No module named 'frida'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

下载frida

$ pip3 install frida
Collecting frida
  Downloading frida-15.2.2.tar.gz (11 kB)
Requirement already satisfied: setuptools in c:\program files\windowsapps\pythonsoftwarefoundation.python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\site-packages (from frida) (56.0.0)
Using legacy 'setup.py install' for frida, since package 'wheel' is not installed.
Installing collected packages: frida
    Running setup.py install for frida ... done
Successfully installed frida-15.2.2
WARNING: You are using pip version 21.1.1; however, version 22.2 is available.
You should consider upgrading via the '/mnt/python.exe -m pip install --upgrade pip' command.
1
2
3
4
5
6
7
8
9
10

下载frida-tools

$ pip3 install frida-tools
Collecting frida-tools
  Downloading frida-tools-11.0.0.tar.gz (174 kB)
     |████████████████████████████████| 174 kB 328 kB/s
Collecting colorama<1.0.0,>=0.2.7
  Downloading colorama-0.4.5-py2.py3-none-any.whl (16 kB)
Requirement already satisfied: frida<16.0.0,>=15.2.0 in /mnt\python38\site-packages (from frida-tools) (15.2.2)
Collecting prompt-toolkit<4.0.0,>=2.0.0
  Downloading prompt_toolkit-3.0.30-py3-none-any.whl (381 kB)
     |████████████████████████████████| 381 kB 261 kB/s
Collecting pygments<3.0.0,>=2.0.2
  Downloading Pygments-2.12.0-py3-none-any.whl (1.1 MB)
     |████████████████████████████████| 1.1 MB 819 kB/s
Requirement already satisfied: setuptools in /mnt\lib\site-packages (from frida<16.0.0,>=15.2.0->frida-tools) (56.0.0)
Collecting wcwidth
  Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Using legacy 'setup.py install' for frida-tools, since package 'wheel' is not installed.
Installing collected packages: wcwidth, pygments, prompt-toolkit, colorama, frida-tools
  WARNING: The script pygmentize.exe is installed in '/mnt\Scripts' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
    Running setup.py install for frida-tools ... done
Successfully installed colorama-0.4.5 frida-tools-11.0.0 prompt-toolkit-3.0.30 pygments-2.12.0 wcwidth-0.2.5
WARNING: You are using pip version 21.1.1; however, version 22.2 is available.
You should consider upgrading via the '/mnt/python.exe -m pip install --upgrade pip' command.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

如果没有设置PATH,需要设置一下(我的电脑-右键高级-系统设置…)
验证安装完成

$ frida --version
15.2.2
1
2

pc端-frida安装完成

下面开始安装安卓版本frida

准备工作

1. 安装模拟器时, 选择安卓版本后缀为Google APIs,支持root (例: Andriod 11.0 Google APIs)
2. 下载安卓版frida-server-15.2.2-android-x86.xz 解压改名为 frida-server

//选择shell
$ adb shell
adb.exe: more than one device/emulator
$ adb devices
List of devices attached
660821030115    device
emulator-5554   device
//进入shell
$ adb -s 660821030115 shell
//查看设备版本
S60:/ $ getprop ro.product.cpu.abi
arm64-v8a
1
2
3
4
5
6
7
8
9
10
11
12

执行模拟器root

//root
$ adb -s emulator-5554 root
restarting adbd as root
//push文件到安卓系统
$ adb -s emulator-5554 push  frida-server /data/local/tmp/
$ adb -s emulator-5554 shell
//root成功的 前缀为 #号
# cd /data/local/tmp
//给可执行权限
# chmod 755 /data/local/tmp/frida-server
//后台运行
# /data/local/tmp/frida-server &
//查看进程
# ps |grep frida
root           5754   5746   71668  49636 do_sys_poll         0 S frida-server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

最后运行camille

$ python3 camille.py -h

-----------------------------------------------------------


 .o88b.  .d8b.  .88b  d88. d888888b db      db      d88888b
d8P  Y8 d8' `8b 88'YbdP`88   `88'   88      88      88'
8P      88ooo88 88  88  88    88    88      88      88ooooo
8b      88~~~88 88  88  88    88    88      88      88~~~~~
Y8b  d8 88   88 88  88  88   .88.   88booo. 88booo. 88.
 `Y88P' YP   YP YP  YP  YP Y888888P Y88888P Y88888P Y88888P

            https://github.com/zhengjim/camille
-------------------------------------------------------------

usage: camille.py [-h] [--time TIME] [--noshow] [--file ] [--isattach] [--use USE | --nouse NOUSE] package

App privacy compliance testing.

positional arguments:
  package               APP_NAME or process ID ex: com.test.demo01 、12345

optional arguments:
  -h, --help            show this help message and exit
  --time TIME, -t TIME  Delayed hook, the number is in seconds ex: 5
  --noshow, -ns         Showing the alert message
  --file , -f 
                        Name of Excel file to write
  --isattach, -ia       use attach hook
  --use USE, -u USE     Detect the specified module,Multiple modules are separated by ',' ex:phone,permission
  --nouse NOUSE, -nu NOUSE
                        Skip specified module，Multiple modules are separated by ',' ex:phone,permission

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

获取到最堆栈结果

$ python3 camille.py cn.xxx.xxx -t 3
-----------------------------------------------------------


 .o88b.  .d8b.  .88b  d88. d888888b db      db      d88888b
d8P  Y8 d8' `8b 88'YbdP`88   `88'   88      88      88'
8P      88ooo88 88  88  88    88    88      88      88ooooo
8b      88~~~88 88  88  88    88    88      88      88~~~~~
Y8b  d8 88   88 88  88  88   .88.   88booo. 88booo. 88.
 `Y88P' YP   YP YP  YP  YP Y888888P Y88888P Y88888P Y88888P

            https://github.com/zhengjim/camille
-------------------------------------------------------------

[*] 隐私合规检测敏感接口开始监控...
[*] 检测到安卓版本：11
------------------------------start---------------------------------
[*] 2022-6-26 9:25:48，APP行为：获取系统信息、行为描述：获取安卓ID、传入参数：参数0："$className: android.app.ContextImpl$ApplicationContentResolver>"，参数1："accessibility_captioning_locale"
[*] 调用堆栈：
   android.provider.Settings$Secure.getString(Native Method)
   android.view.accessibility.CaptioningManager.getRawLocale(CaptioningManager.java:82)
   略.....

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23