Lobotomy is an Android evaluation kit running in Python that helps security researchers evaluate different Android reverse engineering tasks. The goal of Lobotomy is to provide a perfect auditing platform for security researchers, allowing them to load target programs with the tools they need without leaving the platform environment.

Lobotomy mainly contains tools:

Androguard (Open source static analysis tool)

Apktool (decompiler, verified for Java version 1.7, 1.8)

Dex2Jar (decompiler tool)

Frida (Cross-platform injection tool)

Versions of Python tested:

2.7.9
2.7.10
2.7.11

The list of parameters

(lobotomy) help
Documented commands (type help ):
----------------------------------------
_load           components  edit     li      pause        run        show
_relative_load  d2j         frida    list    permissions  save
attacksurface   debuggable  hi       load    profiler     set
bowser          decompile   history  loader  py           shell
cmdenvironment  ed          l        logcat  r            shortcuts
Undocumented commands:
----------------------
EOF  eof  exit  help  q  quit

Connecting to the WEB Server

[~ / Tools/mobile/android/lobotomy] > python web/run. The py runserver then executes -h 0.0.0.0

The client information is located at: / UI /home

Load an Android installation package

[~/Tools/mobile/android/lobotomy]> python lobotomy.py : : : t#, t#, t#, i ; ##W. . ; ##W. ; ##W. LE :#L:WE Ef. :#L:WE GEEEEEEEL :#L:WE .. : f. ; WE. L#E .KG ,#D E#Wi .KG ,#D ,;; L#K;; . .KG ,#D ,W, .Et E#, i#G G#W. EE ; #f E#K#D: EE ; #f t#E EE ; #f t##, ,W#t E#t f#f D#K. f#. t#iE#t,E#f. f#. t#i t#E f#. t#i L###, j###t E#t G#i E#K. :#G GK E#WEE##Wt:#G GK t#E :#G GK .E#j##, G#fE#t E#jEW, .E#E. ; #L LW. E##Ei;;;; .; #L LW. t#E ; #L LW. ; WW; ##,:K#i E#t E##E. .K#E t#f f#: E#DWWt t#f f#: t#E t#f f#: j#E. ##f#W, E#t E#G .K#D f#D#; E#t f#K; f#D#; t#E f#D#; .D#L ###K: E#t E#t .W#G G#t E#Dfff##E, G#t t#E G#t :K#t ##D. E#t E#t :W##########Wt t jLLLLLLLLL; t fE t ... #G .. EE. :,,,,,,,,,,,,,. : j t (lobotomy) loader /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk [2015-08-03 19:16:44. 866870] Loading: /Users/benjaminwatson/Android-Web-Browsers/opera-mini/apk/com.opera.mini.native.apk (lobotomy)

Permissions list

Permission: permissions list [2015-08-03 19:27:31.175369] Android. Permission. ACCESS_FINE_LOCATION [the 2015-08-03 19:27:31. 175409] permission: Android, permission ACCESS_NETWORK_STATE [the 2015-08-03 19:27:31. 175421] permission: Android. Permission. The INTERNET [the 2015-08-03 19:27:31. 175430] permission: Android. Permission. NFC [the 2015-08-03 19:27:31. 175438] permission: Android. Permission. WRITE_EXTERNAL_STORAGE [the 2015-08-03 19:27:31. 175446] permission: Com. Android. The launcher. Permission. INSTALL_SHORTCUT [the 2015-08-03 19:27:31. 175454] permission: Com. Opera. GET_BRANDING [the 2015-08-03 19:27:31. 175461] Permission: Com. Opera. Mini. Native. Permission. CRASHHANDLER [the 2015-08-03 19:27:31. 175469] permission: Com. Android. Browser. Permission. READ_HISTORY_BOOKMARKS [the 2015-08-03 19:27:31. 175477] permission: Android. Permission. SYSTEM_ALERT_WINDOW [the 2015-08-03 19:27:31. 175484] permission: Android. Permission. WAKE_LOCK [the 2015-08-03 19:27:31. 175491] permission: Com. Google. Android. C2dm. Permission. The RECEIVE [the 2015-08-03 19:27:31. 175498] permission: Com. Opera. Mini. Native. Permission. C2D_MESSAGE [the 2015-08-03 19:27:31. 175505] permission: Android. Permission. READ_CONTACTS [the 2015-08-03 19:27:31. 175571] permission: android. Permission. VIBRATE

Permissions on the map

Permissions map [2015-08-03 19:28:07.078496] Found Permission mapping: Android. Permission. ACCESS_FINE_LOCATION [the 2015-08-03 19:28:07. 078543] the Searching for: Android. Telephony. TelephonyManager [the 2015-08-03 19:28:12. 686411] the Searching for: android.location.LocationManager 1 Lbo/app/bs; ->(Landroid/content/Context; Landroid/location/LocationManager; Lbo/app/bb; Lcom/appboy/configuration/XmlAppConfigurationProvider;) V (0x120) ---> Landroid/location/LocationManager; ->requestLocationUpdates(Ljava/lang/String; J F Landroid/app/PendingIntent;) V 1 Lpz; ->a()V (0x20) ---> Landroid/location/LocationManager; ->requestLocationUpdates(Ljava/lang/String; J F Landroid/location/LocationListener;) V 1 Lbo/app/bs; ->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager; ->getProviders(Landroid/location/Criteria; Z)Ljava/util/List; 1 Lbo/app/bs; ->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager; ->getProviders(Landroid/location/Criteria; Z)Ljava/util/List; 1 Lpy; ->a(Llb;) Landroid/location/Location; (0x50) ---> Landroid/location/LocationManager; ->getProviders(Z)Ljava/util/List; 1 Lbo/app/bs; ->c()Lbo/app/da; (0x2e) ---> Landroid/location/LocationManager; ->getProviders(Landroid/location/Criteria; Z)Ljava/util/List; 1 Lbo/app/bs; ->c()Lbo/app/da; (0x54) ---> Landroid/location/LocationManager; ->getProviders(Landroid/location/Criteria; Z)Ljava/util/List; 1 Lkf; ->detectlocation(Ljava/lang/String;) V (0x9e) --->

Attack interface

(Lobotomy) Attacksurface [2015-08-03 19:29:02.272276] --------- [2015-08-03 19:29:02.272317] Activites [2015-08-03 19:29:02. 272327] -- -- -- -- -- -- -- -- -- [the 2015-08-03 19:29:02. 272472] com. Opera. Android. MiniActivity: Found Activity with launchMode! [the 2015-08-03 19:29:02. 272507] com. Opera. Android. MiniActivity: launchMode: SingleTask [the 2015-08-03 19:29:02. 272778] com. Opera. Mini. Android. Browser: Found the Activity with launchMode! [the 2015-08-03 19:29:02. 272793] com. Opera. Mini. Android. Browser: launchMode: SingleTask [the 2015-08-03 19:29:02. 272900] com. Opera. Mini. Android. Browser: Found the Activity with schemes! [the 2015-08-03 19:29:02. 272912] com. Opera. Mini. Android. Browser: scheme: FTP. [the 2015-08-03 19:29:02. 272932] com. Opera mini. Android. The Browser: scheme: The about [the 2015-08-03 19:29:02. 272943] com. Opera. Mini. Android. Browser: scheme: HTTP [the 2015-08-03 19:29:02. 272952] com. Opera. Mini. Android. Browser: scheme: Opera [the 2015-08-03 19:29:02. 272961] com. Opera. Mini. Android. Browser: scheme: Adx. [the 2015-08-03 19:29:02. 272970] com. Opera mini. Android. Browser: scheme: HTTPS. [the 2015-08-03 19:29:02. 273250] com. Opera mini. Android. The Browser: action: Android. Intent. Action. The MAIN [the 2015-08-03 19:29:02. 273263] com. Opera. Mini. Android. Browser: action: Android. Intent. Action. The VIEW [the 2015-08-03 19:29:02. 273272] com. Opera. Mini. Android. Browser: action: Android. NFC. Action. NDEF_DISCOVERED [the 2015-08-03 19:29:02. 273280] com. Opera. Mini. Android. Browser: action: Android. Researched. Action. VOICE_SEARCH_RESULTS [the 2015-08-03 19:29:02. 273289] com. Opera. Mini. Android. Browser: action: Android. Intent. Action. WEB_SEARCH [the 2015-08-03 19:29:02. 273297] com. Opera. Mini. Android. Browser: category: Android. Intent. The category. The LAUNCHER. [the 2015-08-03 19:29:02. 273305] com. Opera mini. Android. Browser: category: Android. Intent. The category. The DEFAULT [the 2015-08-03 19:29:02. 273313] com. Opera. Mini. Android. Browser: category: Android. Intent. Category. BROWSABLE [the 2015-08-03 19:29:02. 273321] -- -- -- -- -- -- -- -- -- [the 2015-08-03 19:29:02. 273328] Receivers [the 2015-08-03 19:29:02. 273335] -- -- -- -- -- -- -- -- -- [the 2015-08-03 19:29:02. 273712] com. AdX. Tag. AdXAppTracker: Found exported receiver! [the 2015-08-03 19:29:02. 273724] com. AdX. Tag. AdXAppTracker: exported: True [the 2015-08-03 19:29:02. 273880] com. The AdX. Tag. AdXAppTracker: action: Com. Android. Vending. INSTALL_REFERRER [the 2015-08-03 19:29:02. 274348] com. Opera. Android. GCM. GcmBroadcastReceiver: action: Com. Google. Android. C2dm. Intent. The RECEIVE [the 2015-08-03 19:29:02. 274361] com. Opera. Android. GCM. GcmBroadcastReceiver: Category: com. Opera. Mini. Native [the 2015-08-03 19:29:02. 274821] com. Opera. Android. Appboy. AppboyBroadcastReceiver: action : Com. Opera. Mini. Native. Intent. APPBOY_PUSH_RECEIVED [the 2015-08-03 19:29:02. 274833] com.opera.android.appboy.AppboyBroadcastReceiver : action : Com. Opera. Mini. Native. Intent. APPBOY_NOTIFICATION_OPENED [the 2015-08-03 19:29:02. 274842] -- -- -- -- -- -- -- -- -- [in the 2015-08-03 s 19:29:02. 274848] will [the 2015-08-03 19:29:02. 274855] -- -- -- -- -- -- -- -- -- [the 2015-08-03 19:29:02. 275486] -- -- -- -- -- -- -- -- -- [in the 2015-08-03 s 19:29:02. 275494] Services [the 2015-08-03 19:29:02. 275511] -- -- -- -- -- -- -- -- --

Download address: Click me

FreeBuf hackers and geeks (FreeBuf.COM)