-
Notifications
You must be signed in to change notification settings - Fork 771
Agent
The drozer Agent is an Android application, and is implemented in Java using the Android SDK. The Agent requires Android API level 7, so is compatible with Android v2.1+.
The Agent supports two methods for connecting a Console.
In direct mode, the Console connects directly to the Agent.
The Agent opens a ServerSocket, on port 31415 by default, and awaits incoming connections. When a client connects, it creates a new socket for the channel, and passes this to a Connection (as SocketTransport).
In infrastructure mode, the Console connects to a Server.
The Console opens a socket, to port 31415 by default, and passes this to a Connection (as SocketTransport).
A Connection is a Java thread that implements the drozer Protocol on top of some Transport.
The Transport provides a general interface to send and receive Frame objects, as documented in the protocol.
The Connection receives messages from the Transport and passes them to a SystemMessageHandler, if they are a SYSTEM_REQUEST, or the appropriate Session if they are a REFLECTION_REQUEST.
Either the SystemMessageHandler or the session’s ReflectionRequestHandler will generate a message in response, which the Connection will forward back through the Transport to the Console.
Once a console has connected, regardless of whether it used direct or infrastructure mode, a Session is spawned in the Agent. A Session has a unique, 256-bit identifier, which must be included in all subsequent messages destined for the Session.
The Session provides a Queue, which receives all REFLECTION_REQUEST Message sent with the Session identifier. This queue is proactively polled, and all Message are passed to an instance of ReflectionMessageHandler, which processes the message, and invokes the required actions.
The Session also provides an ObjectStore, which the Reflector can use to stash objects when it is sending the object’s identifier to the Console.
drozer exposes the underlying Dalvik VM to the Console by using Reflection. The Console can instantiate arbitrary Java classes, and interact with their properties and methods. This allows a module writer to write Java code in their module, using Python syntax.
The drozer Agent can be compiled with Eclipse IDE, or using ant.
The drozer Agent includes an Eclipse IDE project.
The build with Eclipse, you will need the Eclipse ADT plugin, and the Google protocol buffer compiler (protoc) in your path.
The drozer Agent includes a build.xml file, which can be read by ant.
To use ant, ensure that android, ant and the Google protocol buffer compiler (protoc) are in your path. Then run:
android update project -p .
ant clean
ant debugThis will emit a .apk file in the bin/ directory.