{"id":479,"date":"2016-04-13T09:47:10","date_gmt":"2016-04-13T17:47:10","guid":{"rendered":"https:\/\/www.pnfsoftware.com\/blog\/?p=479"},"modified":"2018-12-19T13:36:45","modified_gmt":"2018-12-19T21:36:45","slug":"crypto-monitoring-android-debuggers-api","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/crypto-monitoring-android-debuggers-api\/","title":{"rendered":"Crypto Monitoring with the Android Debuggers API"},"content":{"rendered":"<p><em>Updated on May 4: <strong>JEB 2.2.3 is out<\/strong>. All users can now use the <a href=\"https:\/\/www.pnfsoftware.com\/blog\/jeb-android-debuggers\/\">Android debugger modules<\/a>.<\/em><\/p>\n<p>In this short post, we will show how the <a href=\"https:\/\/www.pnfsoftware.com\/jeb\/apidoc\/reference\/com\/pnfsoftware\/jeb\/core\/units\/code\/debug\/package-summary.html\">debuggers API<\/a> can be used to monitor an app execution, hook into various key methods and classes of the standard Java cryptography SPI, and extract input and output data, as they flow in and out encryption\/decryption routines.<\/p>\n<p>Very handy to retrieve encrypted data used within an app or exchanged with a remote server. <sup class='footnote'><a href='#fn-479-1' id='fnref-479-1' onclick='return fdfootnote_show(479)'>1<\/a><\/sup> Check out the following video to see what we are talking about:<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/mHBSWe_GJ48\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>The sample code of <a href=\"https:\/\/github.com\/pnfsoftware\/jeb2-andhook\">the <strong>AndroidCryptoHook<\/strong> plugin can be found on our public GitHub repository<\/a>.<\/p>\n<p>This simple plugin does the following:<\/p>\n<ul>\n<li>It looks for an active Dalvik debugging session<\/li>\n<li>It sets up a debugger listener, which will listen for <em>BREAKPOINT <\/em>and <em>BREAKPOINT_FUNCTION_EXIT <\/em>events<\/li>\n<li>It currently &#8220;hooks&#8221; 3 methods of the <a href=\"http:\/\/developer.android.com\/reference\/javax\/crypto\/Cipher.html\">javax.crypto.Cipher<\/a> abstract class:\n<ul>\n<li>byte[] doFinal(byte[] input)<\/li>\n<li>int doFinal (byte[] output, int outputOffset)<\/li>\n<li>int update(byte[] input, int inputOffset, int inputLen, byte[] output)<\/li>\n<\/ul>\n<\/li>\n<li>When any of the hooked method is called, the associated hook <em>onEntry<\/em> method is executed, which will dump interesting input parameters<\/li>\n<li>When the same hooked method returns, the associated hook <em>onExit<\/em> method is executed, which will dump interesting exit\u00a0parameters and return value<\/li>\n<\/ul>\n<p>The hook here consists of a double breakpoint, one triggered when a method is entered, another one, when it exits.<\/p>\n<figure style=\"width: 667px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2016\/04\/b2befda7e6061f00314933e1cc5bbdf2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2016\/04\/b2befda7e6061f00314933e1cc5bbdf2.png\" width=\"667\" height=\"391\" \/><\/a><figcaption class=\"wp-caption-text\">A hook on doFinal() capturing plain text data just before it gets encrypted<\/figcaption><\/figure>\n<p>The code for that Java plugin is fairly simple. More hooks\u00a0could be easily added, and hooks in native libraries could be set up in a similar fashion. Lastly, always keep in mind that the API in general (and this plugin in particular) can be leveraged\u00a0by UI or headless clients. Automate things away if you need to.<\/p>\n<p>The one and only entry-point for developer resources is our <a href=\"http:\/\/www.pnfsoftware.com\/jeb\/devportal\">Developer Portal<\/a>. Do not hesitate to reach out, publicly or privately, if you have issues or pointed questions. Thank you.<\/p>\n<div class='footnotes' id='footnotes-479'>\n<div class='footnotedivider'><\/div>\n<ol>\n<li id='fn-479-1'> Dynamic execution monitoring can be achieved\u00a0in several ways. Debugging a target is one of them.  <span class='footnotereverse'><a href='#fnref-479-1'>&#8617;<\/a><\/span><\/li>\n<\/ol>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Updated on May 4: JEB 2.2.3 is out. All users can now use the Android debugger modules. In this short post, we will show how the debuggers API can be used to monitor an app execution, hook into various key methods and classes of the standard Java cryptography SPI, and extract input and output data, &hellip; <a href=\"https:\/\/www.pnfsoftware.com\/blog\/crypto-monitoring-android-debuggers-api\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Crypto Monitoring with the Android Debuggers API<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,9,14,8],"tags":[],"class_list":["post-479","post","type-post","status-publish","format-standard","hentry","category-android","category-api-jeb2","category-debugging","category-jeb2"],"_links":{"self":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/comments?post=479"}],"version-history":[{"count":0,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/479\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/media?parent=479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/categories?post=479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/tags?post=479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}