How to build TaintDroid in AVD and check if it works?
246 views
Skip to first unread message
zod.lin
Dec 29, 2010, 5:32:29 AM12/29/10
to TaintDroid
I have read these topics
TaintDroid can execute in AVD??
http://groups.google.com/group/taintdroid/browse_thread/thread/62ee675c5c3d6e99
I Have a question to build taintdroid
http://groups.google.com/group/taintdroid/browse_thread/thread/185f9c318ee6d2ae
Change Dalvik interpreter to portable
http://groups.google.com/group/android-platform/browse_thread/thread/5b6ba9e81e17c486/b6e9a626c47fdd69
These are my steps:
#Step 1: Get the Android source code
mkdir -p ~/tdroid/tdroid-2.1_r2.1p
cd ~/tdroid/tdroid-2.1_r2.1p
repo init -u git://android.git.kernel.org/platform/manifest.git -b
android-2.1_r2.1p
repo sync
#check if source can be make/run
. ./build/envsetup.sh
lunch 1
make -j4
#wait
#ensure the build works
cd ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic
~/android-sdk-linux_x86/tools/emulator
#it works
cd ~/tdroid/tdroid-2.1_r2.1p/.repo
wget http://appanalysis.org/files/local_manifest.xml
cd ~/tdroid/tdroid-2.1_r2.1p
repo sync
# XXX@XXX-desktop:~/tdroid/tdroid-2.1_r2.1p$ repo sync
# Fetching projects: 4% (7/153) remote: Counting objects: 552,
done.
# remote: Compressing objects: 100% (362/362), done.
# remote: Total 435 (delta 100), reused 400 (delta 69)
# Receiving objects: 100% (435/435), 419.93 KiB | 213 KiB/s, done.
# Resolving deltas: 100% (100/100), completed with 24 local objects.
# From git://github.com/TaintDroid/android_platform_dalvik
# * [new branch] master -> github/master
# * [new branch] taintdroid-2.1_r2.1p -> github/
taintdroid-2.1_r2.1p
# remote: Counting objects: 295, done.
# remote: Compressing objects: 100% (111/111), done.
# remote: Total 140 (delta 56), reused 98 (delta 17)
# Receiving objects: 100% (140/140), 109.45 KiB | 171 KiB/s, done.
# Resolving deltas: 100% (56/56), completed with 32 local objects.
# From git://github.com/TaintDroid/android_platform_frameworks_base
# * [new branch] master -> github/master
# * [new branch] taintdroid-2.1_r2.1p -> github/
taintdroid-2.1_r2.1p
# Fetching projects: 96% (147/153) remote: Counting objects: 34,
done.
# remote: Compressing objects: 100% (14/14), done.
# remote: Total 18 (delta 11), reused 0 (delta 0)
# Unpacking objects: 100% (18/18), done.
# From git://android.git.kernel.org/platform/sdk
# e44238e..40e2a97 master -> korg/master
# Fetching projects: 100% (153/153), done.
# Syncing work tree: 100% (153/153), done.
cd dalvik
git branch --track taintdroid-2.1_r2.1p github/taintdroid-2.1_r2.1p
# Branch taintdroid-2.1_r2.1p set up to track remote branch
taintdroid-2.1_r2.1p from github.
git checkout taintdroid-2.1_r2.1p
# Switched to branch 'taintdroid-2.1_r2.1p'
git pull # (just to be safe)
# Already up-to-date.
cd ..
cd frameworks/base
git branch --track taintdroid-2.1_r2.1p github/taintdroid-2.1_r2.1p
# Branch taintdroid-2.1_r2.1p set up to track remote branch
taintdroid-2.1_r2.1p from github.
git checkout taintdroid-2.1_r2.1p
# Switched to branch 'taintdroid-2.1_r2.1p'
git pull # (just to be safe)
# Already up-to-date.
#Step 2.1: Enable ext2 SDcard support
cd tdroid-2.1_r2.1p
cd ~/tdroid/system/core
git apply -v ~/ext2fs_xattr.patch
#Step 3b (harder option): Build a kernel with YAFFS2 XATTR support
cd ~
wget http://www.appanalysis.org/files/yaffs_xattr.patch
#...
cd ~/tdroid/tdroid-2.1_r2.1p
git clone git://android.git.kernel.org/kernel/common.git
# Initialized empty Git repository in /home/zod/tdroid/
tdroid-2.1_r2.1p/common/.git/
# remote: Counting objects: 1728031, done.
# remote: Compressing objects: 100% (276209/276209), done.
# remote: Total 1728031 (delta 1446701), reused 1714185 (delta
1437071)
# Receiving objects: 100% (1728031/1728031), 341.94 MiB | 333 KiB/s,
done.
# Resolving deltas: 100% (1446701/1446701), done.
# Checking out files: 100% (34503/34503), done.
cd common
#TO CREATE A TRACKING BRANCH (A SLAVE BRANCH). Ie. to link a local
branch to a remote branch:
git branch --track android-gldfish-2.6.29 origin/archive/android-
gldfish-2.6.29
# Branch android-gldfish-2.6.29 set up to track remote branch archive/
android-gldfish-2.6.29 from origin.
git checkout android-gldfish-2.6.29
# Switched to branch 'android-gldfish-2.6.29'
git pull # (just to be safe)
# Already up-to-date.
#...
patch -p1 < ~/yaffs_xattr.patch
# patching file fs/yaffs2/Kconfig
# patching file fs/yaffs2/Makefile
# patching file fs/yaffs2/xattr.c
# patching file fs/yaffs2/xattr.h
# patching file fs/yaffs2/xattr_security.c
# patching file fs/yaffs2/xattr_trusted.c
# patching file fs/yaffs2/xattr_user.c
# patching file fs/yaffs2/yaffs_fs.c
# patching file fs/yaffs2/yaffs_guts.c
# patching file fs/yaffs2/yaffs_guts.h
#...
cd ~/tdroid/tdroid-2.1_r2.1p
. ./build/envsetup.sh
lunch 1 # (lunch 1 is fine for now)
# ============================================
# PLATFORM_VERSION_CODENAME=REL
# PLATFORM_VERSION=2.1-update1
# TARGET_PRODUCT=generic
# TARGET_BUILD_VARIANT=eng
# TARGET_SIMULATOR=false
# TARGET_BUILD_TYPE=release
# TARGET_ARCH=arm
# HOST_ARCH=x86
# HOST_OS=linux
# HOST_BUILD_TYPE=release
# BUILD_ID=EPE54B
# ============================================
#...
cd common
export ARCH=arm
export SUBARCH=arm
export CROSS_COMPILE=arm-eabi-
adb pull /proc/config.gz # from a AVD 2.1 image
gunzip config.gz
cp config .config
make oldconfig
#... say "Y" to YAFFS_XATTR and YAFFS_SECURITY
make menuconfig
#... verify YAFFS and EXT2 with XATTR and SECURITY support
#
# File systems
#
# CONFIG_EXT2_FS=y
#
# CONFIG_EXT2_FS_XATTR=y
# CONFIG_EXT2_FS_POSIX_ACL is not set
# CONFIG_EXT2_FS_SECURITY=y
# CONFIG_EXT2_FS_XIP is not set
# CONFIG_YAFFS_FS=y
# CONFIG_YAFFS_YAFFS1=y
# CONFIG_YAFFS_XATTR=y
# CONFIG_YAFFS_SECURITY=y
# CONFIG_YAFFS_9BYTE_TAGS is not set
# CONFIG_YAFFS_DOES_ECC is not set
# CONFIG_YAFFS_YAFFS2=y
# CONFIG_YAFFS_AUTO_YAFFS2=y
# CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set
# CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set
# CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set
# CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y
make -j4
cp arch/arm/boot/zImage ~/tdroid/
#Step 5: Build TaintDroid
cd ~/tdroid/tdroid-2.1_r2.1p
cat > buildspec.mk <<eof
# Enable core taint tracking logic (always add this)
WITH_TAINT_TRACKING := true
# Enable taint tracking for ODEX files (always add this)
WITH_TAINT_ODEX := true
# Enable taint tracking in the "fast" (aka ASM) interpreter
(recommended)
WITH_TAINT_FAST := true
# Enable addition output for tracking JNI usage (not recommended)
#TAINT_JNI_LOG := true
eof
. ./build/envsetup.sh
lunch 1
# ============================================
# PLATFORM_VERSION_CODENAME=REL
# PLATFORM_VERSION=2.1-update1
# TARGET_PRODUCT=generic
# TARGET_BUILD_VARIANT=eng
# TARGET_SIMULATOR=false
# TARGET_BUILD_TYPE=release
# TARGET_ARCH=arm
# HOST_ARCH=x86
# HOST_OS=linux
# HOST_BUILD_TYPE=release
# BUILD_ID=EPE54B
# ============================================
make clean
make -j4
emulator -kernel ~/tdroid/zImage -image ~/tdroid/tdroid-2.1_r2.1p/out/
target/product/generic/system.img \
-data ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic/
userdata.img \
-ramdisk ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic/
ramdisk.img
#Step 9: Install the TaintDroid UI
#... boot device
wget http://www.appanalysis.org/files/TaintDroidNotify.apk
adb install TaintDroidNotify.apk
--------------------------------------------------------------------------------------------------------------------------
After emulator boot, it will cause some segfault shown in logcat, then
I use adb shell to setprop dalvik.vm.execution-mode int:portable
However, emulator will work after setprop, but after `adb install
TaintDroidNotify.apk`, then run and click it to start without any
message. I don't know if it starts or not.
I run many applications with adMob, but never see any notification.
Are there any benchmark applications to make sure that it will sent my
sensitive data and detected by Taintdroid?
Or I build some steps wrong I don't know ?
Any suggestions are greatly appreciated
Thanks, zod.lin
TaintDroid can execute in AVD??
http://groups.google.com/group/taintdroid/browse_thread/thread/62ee675c5c3d6e99
I Have a question to build taintdroid
http://groups.google.com/group/taintdroid/browse_thread/thread/185f9c318ee6d2ae
Change Dalvik interpreter to portable
http://groups.google.com/group/android-platform/browse_thread/thread/5b6ba9e81e17c486/b6e9a626c47fdd69
These are my steps:
#Step 1: Get the Android source code
mkdir -p ~/tdroid/tdroid-2.1_r2.1p
cd ~/tdroid/tdroid-2.1_r2.1p
repo init -u git://android.git.kernel.org/platform/manifest.git -b
android-2.1_r2.1p
repo sync
#check if source can be make/run
. ./build/envsetup.sh
lunch 1
make -j4
#wait
#ensure the build works
cd ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic
~/android-sdk-linux_x86/tools/emulator
#it works
cd ~/tdroid/tdroid-2.1_r2.1p/.repo
wget http://appanalysis.org/files/local_manifest.xml
cd ~/tdroid/tdroid-2.1_r2.1p
repo sync
# XXX@XXX-desktop:~/tdroid/tdroid-2.1_r2.1p$ repo sync
# Fetching projects: 4% (7/153) remote: Counting objects: 552,
done.
# remote: Compressing objects: 100% (362/362), done.
# remote: Total 435 (delta 100), reused 400 (delta 69)
# Receiving objects: 100% (435/435), 419.93 KiB | 213 KiB/s, done.
# Resolving deltas: 100% (100/100), completed with 24 local objects.
# From git://github.com/TaintDroid/android_platform_dalvik
# * [new branch] master -> github/master
# * [new branch] taintdroid-2.1_r2.1p -> github/
taintdroid-2.1_r2.1p
# remote: Counting objects: 295, done.
# remote: Compressing objects: 100% (111/111), done.
# remote: Total 140 (delta 56), reused 98 (delta 17)
# Receiving objects: 100% (140/140), 109.45 KiB | 171 KiB/s, done.
# Resolving deltas: 100% (56/56), completed with 32 local objects.
# From git://github.com/TaintDroid/android_platform_frameworks_base
# * [new branch] master -> github/master
# * [new branch] taintdroid-2.1_r2.1p -> github/
taintdroid-2.1_r2.1p
# Fetching projects: 96% (147/153) remote: Counting objects: 34,
done.
# remote: Compressing objects: 100% (14/14), done.
# remote: Total 18 (delta 11), reused 0 (delta 0)
# Unpacking objects: 100% (18/18), done.
# From git://android.git.kernel.org/platform/sdk
# e44238e..40e2a97 master -> korg/master
# Fetching projects: 100% (153/153), done.
# Syncing work tree: 100% (153/153), done.
cd dalvik
git branch --track taintdroid-2.1_r2.1p github/taintdroid-2.1_r2.1p
# Branch taintdroid-2.1_r2.1p set up to track remote branch
taintdroid-2.1_r2.1p from github.
git checkout taintdroid-2.1_r2.1p
# Switched to branch 'taintdroid-2.1_r2.1p'
git pull # (just to be safe)
# Already up-to-date.
cd ..
cd frameworks/base
git branch --track taintdroid-2.1_r2.1p github/taintdroid-2.1_r2.1p
# Branch taintdroid-2.1_r2.1p set up to track remote branch
taintdroid-2.1_r2.1p from github.
git checkout taintdroid-2.1_r2.1p
# Switched to branch 'taintdroid-2.1_r2.1p'
git pull # (just to be safe)
# Already up-to-date.
#Step 2.1: Enable ext2 SDcard support
cd tdroid-2.1_r2.1p
cd ~/tdroid/system/core
git apply -v ~/ext2fs_xattr.patch
#Step 3b (harder option): Build a kernel with YAFFS2 XATTR support
cd ~
wget http://www.appanalysis.org/files/yaffs_xattr.patch
#...
cd ~/tdroid/tdroid-2.1_r2.1p
git clone git://android.git.kernel.org/kernel/common.git
# Initialized empty Git repository in /home/zod/tdroid/
tdroid-2.1_r2.1p/common/.git/
# remote: Counting objects: 1728031, done.
# remote: Compressing objects: 100% (276209/276209), done.
# remote: Total 1728031 (delta 1446701), reused 1714185 (delta
1437071)
# Receiving objects: 100% (1728031/1728031), 341.94 MiB | 333 KiB/s,
done.
# Resolving deltas: 100% (1446701/1446701), done.
# Checking out files: 100% (34503/34503), done.
cd common
#TO CREATE A TRACKING BRANCH (A SLAVE BRANCH). Ie. to link a local
branch to a remote branch:
git branch --track android-gldfish-2.6.29 origin/archive/android-
gldfish-2.6.29
# Branch android-gldfish-2.6.29 set up to track remote branch archive/
android-gldfish-2.6.29 from origin.
git checkout android-gldfish-2.6.29
# Switched to branch 'android-gldfish-2.6.29'
git pull # (just to be safe)
# Already up-to-date.
#...
patch -p1 < ~/yaffs_xattr.patch
# patching file fs/yaffs2/Kconfig
# patching file fs/yaffs2/Makefile
# patching file fs/yaffs2/xattr.c
# patching file fs/yaffs2/xattr.h
# patching file fs/yaffs2/xattr_security.c
# patching file fs/yaffs2/xattr_trusted.c
# patching file fs/yaffs2/xattr_user.c
# patching file fs/yaffs2/yaffs_fs.c
# patching file fs/yaffs2/yaffs_guts.c
# patching file fs/yaffs2/yaffs_guts.h
#...
cd ~/tdroid/tdroid-2.1_r2.1p
. ./build/envsetup.sh
lunch 1 # (lunch 1 is fine for now)
# ============================================
# PLATFORM_VERSION_CODENAME=REL
# PLATFORM_VERSION=2.1-update1
# TARGET_PRODUCT=generic
# TARGET_BUILD_VARIANT=eng
# TARGET_SIMULATOR=false
# TARGET_BUILD_TYPE=release
# TARGET_ARCH=arm
# HOST_ARCH=x86
# HOST_OS=linux
# HOST_BUILD_TYPE=release
# BUILD_ID=EPE54B
# ============================================
#...
cd common
export ARCH=arm
export SUBARCH=arm
export CROSS_COMPILE=arm-eabi-
adb pull /proc/config.gz # from a AVD 2.1 image
gunzip config.gz
cp config .config
make oldconfig
#... say "Y" to YAFFS_XATTR and YAFFS_SECURITY
make menuconfig
#... verify YAFFS and EXT2 with XATTR and SECURITY support
#
# File systems
#
# CONFIG_EXT2_FS=y
#
# CONFIG_EXT2_FS_XATTR=y
# CONFIG_EXT2_FS_POSIX_ACL is not set
# CONFIG_EXT2_FS_SECURITY=y
# CONFIG_EXT2_FS_XIP is not set
# CONFIG_YAFFS_FS=y
# CONFIG_YAFFS_YAFFS1=y
# CONFIG_YAFFS_XATTR=y
# CONFIG_YAFFS_SECURITY=y
# CONFIG_YAFFS_9BYTE_TAGS is not set
# CONFIG_YAFFS_DOES_ECC is not set
# CONFIG_YAFFS_YAFFS2=y
# CONFIG_YAFFS_AUTO_YAFFS2=y
# CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set
# CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set
# CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set
# CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y
make -j4
cp arch/arm/boot/zImage ~/tdroid/
#Step 5: Build TaintDroid
cd ~/tdroid/tdroid-2.1_r2.1p
cat > buildspec.mk <<eof
# Enable core taint tracking logic (always add this)
WITH_TAINT_TRACKING := true
# Enable taint tracking for ODEX files (always add this)
WITH_TAINT_ODEX := true
# Enable taint tracking in the "fast" (aka ASM) interpreter
(recommended)
WITH_TAINT_FAST := true
# Enable addition output for tracking JNI usage (not recommended)
#TAINT_JNI_LOG := true
eof
. ./build/envsetup.sh
lunch 1
# ============================================
# PLATFORM_VERSION_CODENAME=REL
# PLATFORM_VERSION=2.1-update1
# TARGET_PRODUCT=generic
# TARGET_BUILD_VARIANT=eng
# TARGET_SIMULATOR=false
# TARGET_BUILD_TYPE=release
# TARGET_ARCH=arm
# HOST_ARCH=x86
# HOST_OS=linux
# HOST_BUILD_TYPE=release
# BUILD_ID=EPE54B
# ============================================
make clean
make -j4
emulator -kernel ~/tdroid/zImage -image ~/tdroid/tdroid-2.1_r2.1p/out/
target/product/generic/system.img \
-data ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic/
userdata.img \
-ramdisk ~/tdroid/tdroid-2.1_r2.1p/out/target/product/generic/
ramdisk.img
#Step 9: Install the TaintDroid UI
#... boot device
wget http://www.appanalysis.org/files/TaintDroidNotify.apk
adb install TaintDroidNotify.apk
--------------------------------------------------------------------------------------------------------------------------
After emulator boot, it will cause some segfault shown in logcat, then
I use adb shell to setprop dalvik.vm.execution-mode int:portable
However, emulator will work after setprop, but after `adb install
TaintDroidNotify.apk`, then run and click it to start without any
message. I don't know if it starts or not.
I run many applications with adMob, but never see any notification.
Are there any benchmark applications to make sure that it will sent my
sensitive data and detected by Taintdroid?
Or I build some steps wrong I don't know ?
Any suggestions are greatly appreciated
Thanks, zod.lin
Reply all
Reply to author
Forward
0 new messages