一. 環(huán)境準(zhǔn)備

查看Drozer項(xiàng)目說明發(fā)現(xiàn)環(huán)境要求
大致就是:

1. jdk1.7+
2. python2.7和pip 2不支持python3和pip3
3. Protobuf 2.6 +
4. Pyopenssl 16.2 +
5. Twisted 10.2 +
6. android sdk
7. 安裝adb
8. 模擬器也要安裝drozer agent
9. 確保配置了adb、java環(huán)境變量

1.1 mac通過brew安裝python2

從MacOS 12.4 Beta版(21F5048e) 開始，可以通過pyenv在intel和Apple芯片中安裝python2

例如在M1中安裝 2.7.18 版本的 python2。

brew install pyenv
pyenv install 2.7.18
export PATH="$(pyenv root)/shims:${PATH}"
pyenv global 2.7.18
python --version

如果一切順利，將可以看到Python 2.7.18的輸出。

需要將上述路徑添加到環(huán)境變量里面，例如：

echo 'PATH=$(pyenv root)/shims:$PATH' >> ~/.zshrc

1.2. 安裝pyOpenSSL

安裝pyOpenSSL 是最坑的一步,沒有之一, 執(zhí)行 pip install -v pyOpenSSL==0.14 出現(xiàn)下面的錯誤

 clang -fno-strict-aliasing -I/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/Users/liam/.pyenv/versions/2.7.18/include/python2.7 -c build/temp.macosx-12.6-arm64-2.7/_openssl.c -o build/temp.macosx-12.6-arm64-2.7/build/temp.macosx-12.6-arm64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:575:10: fatal error: 'openssl/opensslv.h' file not found
  #include <openssl/opensslv.h>
           ^~~~~~~~~~~~~~~~~~~~
  1 error generated.
  
      =============================DEBUG ASSISTANCE=============================
      If you are seeing a compilation error please try the following steps to
      successfully install cryptography:
      1) Upgrade to the latest pip and try again. This will fix errors for most
         users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
      2) Read https://cryptography.io/en/latest/installation.html for specific
         instructions for your platform.
      3) Check our frequently asked questions for more information:
         https://cryptography.io/en/latest/faq.html
      =============================DEBUG ASSISTANCE=============================
  
  error: command 'clang' failed with exit status 1
  ----------------------------------------
  ERROR: Failed building wheel for cryptography
Failed to build cryptography
ERROR: Could not build wheels for cryptography which use PEP 517 and cannot be installed directly

去 https://github.com/WithSecureLabs/drozer/issues/155 找到相似問題, 要求pyOpenSSL的版本大于0.15, 但是啊, 安裝0.15版本仍然會出現(xiàn)相同問題

其實(shí)仔細(xì)分析日志可以發(fā)現(xiàn)問題大概出現(xiàn)在cryptography加密解密模塊的openssl引用
繼續(xù)通過搜索引擎大法發(fā)現(xiàn)了cryptography一個(gè)不能說毫不相干簡直就是一模一樣的問題

‘openssl/opensslv.h’ file not found ; OSX 10.11.6 #3367

最后通過該問題找到cryptography的官方安裝文檔 https://cryptography.io/en/latest/installation/

1.3. 安裝openssl和rust工具鏈

通過cryptography的官方安裝文檔其實(shí)能解決大部分問題了, 原來是需要openssl 3的版本
執(zhí)行下面的命令安裝openssl和rust

brew install openssl@3 rust

但是啊但是, 它一個(gè)clang不講武德，來， 騙！來， 偷襲！我69歲的老同志
繼續(xù)執(zhí)行下面的命令

env LDFLAGS="-L$(brew --prefix openssl@3)/lib" CFLAGS="-I$(brew --prefix openssl@3)/include" pip install cryptography

直接就破了個(gè)大防, 來個(gè)隱式聲明的報(bào)錯后直接裝死, 而且走的很安詳

build/temp.macosx-12.6-arm64-2.7/_openssl.c:18674:10: error: implicit declaration of function 'ERR_GET_FUNC' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    return ERR_GET_FUNC(x0);
           ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:18674:10: note: did you mean 'ERR_GET_LIB'?
  /opt/homebrew/opt/openssl@3/include/openssl/err.h:241:36: note: 'ERR_GET_LIB' declared here
  static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode)
                                     ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:18690:14: error: implicit declaration of function 'ERR_GET_FUNC' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    { result = ERR_GET_FUNC(x0); }
               ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:23389:10: error: implicit declaration of function 'FIPS_mode' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    return FIPS_mode();
           ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:23400:14: error: implicit declaration of function 'FIPS_mode' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    { result = FIPS_mode(); }
               ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:23415:10: error: implicit declaration of function 'FIPS_mode_set' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    return FIPS_mode_set(x0);
           ^
  build/temp.macosx-12.6-arm64-2.7/_openssl.c:23431:14: error: implicit declaration of function 'FIPS_mode_set' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    { result = FIPS_mode_set(x0); }

大致瞅了瞅原因, implicit declaration of function 'ERR_GET_FUNC' is invalid in C99
即 函數(shù) ERR_GET_FUNC 的隱式聲明在C99中無效

C語言是過程化的編程語言，程序執(zhí)行順序是從上到下。函數(shù)調(diào)用需要先聲明后調(diào)用。 C99 默認(rèn)不允許隱式聲明(1999年推出的c語言標(biāo)準(zhǔn))。
在之前的版本中，在C語言函數(shù)在調(diào)用前不聲明，編譯器會自動按照一種隱式聲明的規(guī)則，為調(diào)用函數(shù)的C代碼產(chǎn)生匯編代碼。

解決辦法：

這部分和主要問題毫不相干, 沒興趣的可以直接跳過

在 main 函數(shù)調(diào)用前聲明一下該函數(shù)。
（1）直接放到 main 函數(shù)前。
（2）或者定義在 .h 頭文件中，在main函數(shù)前 引入該頭文件。
（3）使用老版本編譯。 【不推薦】

使用 -std 參數(shù)指定c語言版本：

• 如果是使用 clang 編譯:

  # 使用 C89 <-- 不報(bào)錯
  $ clang test.c -std=c89
  
  # 使用 C99 <-- 提示不允許隱式聲明,報(bào)錯
  $ clang test.c -std=c99
  

• 如果是使用 gcc 編譯:

  # 使用 C89 <-- 不報(bào)錯
  $ gcc test.c -std=c89  
  
  # 使用 C99 <-- 提示不允許隱式聲明,報(bào)錯
  $ gcc test.c -std=c99
  

1.4. 修改CFLAGS

之前的解決辦法其實(shí)沒法用,因?yàn)槲沂峭ㄟ^pip方式來安裝cryptography的, 于是繼續(xù)面向搜索引擎編程 找到了一個(gè)類似問題的解決辦法

CFLAGS=-Wno-error=implicit-function-declaration pip3 install scipy

于是格局放大, 想著是不是能抄襲, 哦不對是模仿,模仿一下, 改造后的CFLAGS如下

env LDFLAGS="-L$(brew --prefix openssl@3)/lib" CFLAGS="-Wno-error=implicit-function-declaration -I$(brew --prefix openssl@3)/include" pip install cryptography

執(zhí)行pip list |grep cryptography可以查看安裝包

pip list |grep cryptography

Package            Version
------------------ -----------
cryptography       3.3.2

1. 5. 安裝drozer

wget https://github.com/mwrlabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl
pip install drozer-2.4.4-py2-none-any.whl --ignore-installed pyOpenSSL

1.6. drozer的安裝命令初步總結(jié)

注意這部分命令可能有問題,如果遇到openssl版本的問題可以看后面的章節(jié), 我遇到的是openssl@1.1 和openssl@3的問題

# 安裝python
brew install pyenv
pyenv install 2.7.18
export PATH="$(pyenv root)/shims:${PATH}"
pyenv global 2.7.18

#安裝cryptography
brew install openssl@3 rust 
env LDFLAGS="-L$(brew --prefix openssl@3)/lib" CFLAGS="-Wno-error=implicit-function-declaration -I$(brew --prefix openssl@3)/include" pip install cryptography

#安裝 protobuf Twisted和pyOpenSSL
pip install protobuf
pip install Twisted
pip install pyOpenSSL

# 安裝drozer
wget https://github.com/mwrlabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl
pip install drozer-2.4.4-py2-none-any.whl --ignore-installed pyOpenSSL

二. 繼續(xù)drozer的APK踩坑之旅

當(dāng)我把 drozer官網(wǎng) 的Agent .apk 和 sieve.apk拖進(jìn)模擬器 安裝的時(shí)候出現(xiàn)下面的報(bào)錯

The APK failed to install.
Error: INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113

瞅了瞅大概就是手機(jī)CPU架構(gòu)不一致導(dǎo)致的
早期的Android系統(tǒng)幾乎只支持ARMv5的CPU架構(gòu)，后面發(fā)展到支持七種不同的CPU架構(gòu)：ARMv5，ARMv7 (從2010年起)，x86 (從2011年起)，MIPS (從2012年起)，ARMv8，MIPS64和x86_64 (從2014年起)，每一種都關(guān)聯(lián)著一個(gè)相應(yīng)的ABI。
應(yīng)用程序二進(jìn)制接口（Application Binary Interface）定義了二進(jìn)制文件（尤其是.so文件）如何運(yùn)行在相應(yīng)的系統(tǒng)平臺上，從使用的指令集，內(nèi)存對齊到可用的系統(tǒng)函數(shù)庫。在Android 系統(tǒng)上，每一個(gè)CPU架構(gòu)對應(yīng)一個(gè)ABI：armeabi，armeabi-v7a，x86，mips，arm64- v8a，mips64，x86_64。
但是最新的谷歌官方文檔已經(jīng)把mips和armv5移除了，如圖所示：

2.1 查詢手機(jī)cpu命令行

執(zhí)行adb shell getprop ro.product.cpu.abi 查詢發(fā)現(xiàn)是arm64-v8a架構(gòu)的

adb shell getprop ro.product.cpu.abi
arm64-v8a

再把drozer的sieve.apk解壓看下支持的CPU架構(gòu)果然發(fā)現(xiàn)了華點(diǎn), 從lib/armeabi/ 就能發(fā)現(xiàn)sieve.apk大概只能支持armeabi的架構(gòu)了

user@local 下載 % unzip sieve.apk 
Archive:  sieve.apk
  inflating: res/layout/activity_add_entry.xml  
  inflating: res/layout/activity_file_select.xml  
  inflating: res/layout/activity_main_login.xml  
  inflating: res/layout/activity_pin.xml  
  inflating: res/layout/activity_pwlist.xml  
  inflating: res/layout/activity_settings.xml  
  inflating: res/layout/activity_short_login.xml  
  inflating: res/layout/activity_welcome.xml  
  inflating: res/layout/format_pwlist.xml  
  inflating: res/menu/activity_add_entry_add.xml  
  inflating: res/menu/activity_add_entry_edit.xml  
  inflating: res/menu/activity_file_select.xml  
  inflating: res/menu/activity_main_login.xml  
  inflating: res/menu/activity_pin.xml  
  inflating: res/menu/activity_pwlist.xml  
  inflating: res/menu/activity_settings.xml  
  inflating: res/menu/activity_short_login.xml  
  inflating: res/menu/activity_welcome.xml  
  inflating: res/xml/prefrences.xml  
  inflating: AndroidManifest.xml     
 extracting: resources.arsc          
 extracting: res/drawable-hdpi/ic_launcher.png  
 extracting: res/drawable-ldpi/ic_launcher.png  
 extracting: res/drawable-mdpi/ic_launcher.png  
 extracting: res/drawable-xhdpi/ic_launcher.png  
  inflating: classes.dex             
  inflating: lib/armeabi/gdbserver   
  inflating: lib/armeabi/libencrypt.so  
  inflating: lib/armeabi/libdecrypt.so  
  inflating: META-INF/MANIFEST.MF    
  inflating: META-INF/CERT.SF        
  inflating: META-INF/CERT.RSA    

有兩種解決方式, 一種是自己重新打apk添加其他的架構(gòu)支持, 修改 build.gradle

splits {
    abi {
        enable true
        reset()
        include 'x86', 'x86_64', 'armeabi', 'armeabi-v7a', 'mips', 'mips64', 'arm64-v8a'
        universalApk false
    }
}

或者:

defaultConfig {
   ndk {
         abiFilters 'x86', 'x86_64', 'armeabi', 'armeabi-v7a', 'mips', 'mips64', 'arm64-v8a'
        }
}

但是我是從官網(wǎng)下的apk沒法自己編譯, 最終決定下個(gè)Android Studio創(chuàng)建個(gè)32位的模擬器試下, 注意鏡像需要選擇armeabi-v7a這種架構(gòu)的,因?yàn)?armeabi-v7a兼容armeabi

1. 點(diǎn)擊More Actions下面的Virtual Device Manager創(chuàng)建模擬器
   
2. 點(diǎn)擊Create device選擇手機(jī)后點(diǎn)擊Next
3. 選擇Other Images 找到armeabi-v7a的鏡像點(diǎn)擊下載后再Next進(jìn)行下一步, 最后點(diǎn)Finish完成創(chuàng)建
4. 最后點(diǎn)擊三角符號啟動
   5. 直接安裝drozer的sieve.apk 會報(bào)錯

   The APK failed to install. Error:Could not parse error string.
   

   這種情況下直接通過命令指定abi就行, 例如 adb install --abi armeabi sieve.apk

   user@local 下載 % adb install --abi armeabi sieve.apk 
   Performing Push Install
   sieve.apk: 1 file pushed, 0 skipped. 1490.6 MB/s (367886 bytes in 0.000s)
           pkg: /data/local/tmp/sieve.apk
   

   drozer-agent-2.3.4.apk也可以通過同樣的方式安裝

   user@local 下載 % adb install --abi armeabi drozer-agent-2.3.4.apk 
   Performing Push Install
   drozer-agent-2.3.4.apk: 1 file pushed, 0 skipped. 269.4 MB/s (633111 bytes in 0.002s)
           pkg: /data/local/tmp/drozer-agent-2.3.4.apk
   Success
   

2.2 題外話, x86支持ARM架構(gòu)APP

• x86 平臺可以通過 Houdini來支持arm架構(gòu)的app, 安裝方法可以參考 How to install libhoudini on a custom Android x86 rig 或者 x86模擬器集成houdini
• Genymotion模擬器可以直接通過暗轉(zhuǎn)Genymotion_ARM_Translation 來支持ARM

Windows 11 將會支持在微軟商店中直接下載和安裝 Android 應(yīng)用,無需安裝額外的模擬器.這次兼容 Android 應(yīng)用，微軟是跟英特爾合作，采用了英特爾名為Bridge的新技術(shù). “英特爾 Bridge 技術(shù)是一種運(yùn)行時(shí)后期編譯器（runtime post-compiler），能夠讓移動應(yīng)用在基于 x86 的設(shè)備上以‘原生應(yīng)用’形態(tài)運(yùn)行.

說白了，這個(gè) Bridge 就是起到了“安卓模擬器”或“虛擬機(jī)”的作用，但因?yàn)樵\(yùn)行的緣故，效率會更高。而且攝像頭、網(wǎng)絡(luò)、傳感器等都可以直接調(diào)用本機(jī)硬件，避免卡頓或者兼容性問題。

英特爾 Bridge 與華為“方舟編譯器”以及蘋果為 M1 芯片準(zhǔn)備的“Rosetta 2”性質(zhì)相同，但與 Rosetta 2 的編譯方向相反，后者是從 x86 編譯到 ARM 架構(gòu)

Bridge 并非從天而降，諸多開發(fā)者一看到就覺得十分眼熟。這讓他們想起了英特爾 Houdini 技術(shù)，那是將原本基于 ARM 架構(gòu)開發(fā)的 Android 操作系統(tǒng)移植到 x86 架構(gòu)的關(guān)鍵部件。
更值得一提的是，Houdini 是英特爾中國團(tuán)隊(duì)獨(dú)立開發(fā)的。它從項(xiàng)目發(fā)起，概念驗(yàn)證，原型到最后的產(chǎn)品化，都由英特爾位于上海的研發(fā)團(tuán)隊(duì)完成。

引領(lǐng) Houdini 項(xiàng)目開發(fā)的靈魂人物是李劍慧博士，他是英特爾架構(gòu)、圖形和軟件事業(yè)部的首席工程師，負(fù)責(zé)領(lǐng)導(dǎo)深度學(xué)習(xí)框架集成和工作負(fù)載優(yōu)化工作。

2.3 openssl 踩坑

當(dāng)我繼續(xù)執(zhí)行drozer console connect想看下效果時(shí), 果然不出意外的又出意外了

/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/OpenSSL/crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  from cryptography import utils, x509
Traceback (most recent call last):
  File "/Users/user/.pyenv/versions/2.7.18/bin/drozer", line 30, in <module>
    __import__("drozer.cli.%s" % (sys.argv[1]))
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/cli/console.py", line 8, in <module>
    from drozer.console import Console
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/console/__init__.py", line 4, in <module>
    from drozer.console.console import Console
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/console/console.py", line 6, in <module>
    from pydiesel.api.transport.exceptions import ConnectionError
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/pydiesel/api/transport/__init__.py", line 5, in <module>
    from socket_transport import SocketTransport
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/pydiesel/api/transport/socket_transport.py", line 8, in <module>
    from drozer.ssl.provider import Provider # TODO: eugh
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/ssl/__init__.py", line 1, in <module>
    from drozer.ssl.ssl_manager import SSLManager
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/ssl/ssl_manager.py", line 6, in <module>
    from drozer.ssl.provider import Provider
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer/ssl/provider.py", line 2, in <module>
    import OpenSSL
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/OpenSSL/crypto.py", line 17, in <module>
    from OpenSSL._util import (
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: dlopen(/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so, 0x0002): symbol not found in flat namespace (_ERR_GET_FUNC)

其實(shí)大致還是openssl的問題, 咨詢大佬后給了個(gè)回復(fù)說我編譯的時(shí)候用的是OpenSSL 1.1.1但是鏈接的時(shí)候用了OpenSSL 3.0, 看了下openssl版本和報(bào)錯信息基本上確定就是版本問題問題, 可以通過重新鏈接到OpenSSL 1.1.1然后重新安裝pyenv和 cryptography來解決

user@user ~ % brew list |grep openssl
openssl@1.1
openssl@3

解決辦法如下:

#卸載pyenv
user@user ~ % pyenv uninstall 2.7.18
pyenv: remove /Users/user/.pyenv/versions/2.7.18? [y|N] y

#卸載openssl@3
user@user ~ % brew  uninstall openssl@3
Uninstalling /opt/homebrew/Cellar/openssl@3/3.0.5... (6,444 files, 27.9MB)

#強(qiáng)制鏈接到openssl@1.1
user@user ~ % brew link openssl --force openssl@1.1
Warning: Already linked: /opt/homebrew/Cellar/openssl@3/3.0.5
To relink, run:
  brew unlink openssl@3 && brew link --force openssl@3
Unlinking /opt/homebrew/Cellar/openssl@3/3.0.5... 5508 symlinks removed.
Linking /opt/homebrew/Cellar/openssl@1.1/1.1.1q... 3997 symlinks created.

If you need to have this software first in your PATH instead consider running:
  echo 'export PATH="/opt/homebrew/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc

#修改環(huán)境變量
user@user bin % echo 'export PATH="/opt/homebrew/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc
user@user bin % source  ~/.zshrc
user@user ~ % openssl version
OpenSSL 1.1.1q  5 Jul 2022

#重新安裝pyenv
user@user ~ % pyenv install 2.7.18
python-build: use openssl@1.1 from homebrew
python-build: use readline from homebrew
Downloading Python-2.7.18.tar.xz...

#安裝cryptography
user@user ~ % env LDFLAGS="-L$(brew --prefix openssl@1.1)/lib" CFLAGS="-I$(brew --prefix openssl@1.1)/include" PKG_CONFIG_PATH="$(brew --prefix openssl@1.1)/lib/pkgconfig" pip install cryptography

#驗(yàn)證cryptography
user@user ~ % python
Python 2.7.18 (default, Nov  7 2022, 09:51:47) 
[GCC Apple LLVM 14.0.0 (clang-1400.0.29.102)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.bindings._openssl import ffi
__main__:1: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.     

2.4 drozer安裝命令完整版總結(jié)

注意不要升級pip版本,pip升級后有可能變成了pip3對應(yīng)的路徑了, 可以通過pip --version確認(rèn)版本

#安裝rust工具鏈和openssl
brew install openssl@1.1 rust 

#強(qiáng)制鏈接到openssl@1.1
brew link openssl --force openssl@1.1

#寫入環(huán)境變量
echo 'export PATH="/opt/homebrew/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc
source  ~/.zshrc

# 安裝python
brew install pyenv
pyenv install 2.7.18
export PATH="$(pyenv root)/shims:${PATH}"
pyenv global 2.7.18

#安裝cryptography
env LDFLAGS="-L$(brew --prefix openssl@1.1)/lib" CFLAGS="-I$(brew --prefix openssl@1.1)/include" PKG_CONFIG_PATH="$(brew --prefix openssl@1.1)/lib/pkgconfig" pip install drozer-2.4.4-py2-none-any.whl --ignore-installed pyOpenSSL

#安裝 protobuf Twisted和pyOpenSSL
pip install protobuf
pip install Twisted
pip install pyOpenSSL

# 安裝drozer
wget https://github.com/mwrlabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl
pip install drozer-2.4.4-py2-none-any.whl --ignore-installed pyOpenSSL

三. drozer使用

3.1 給模擬器安裝agent.apk 和 sieve.apk

去官網(wǎng) https://labs.withsecure.com/tools/drozer 下載Agent .apk 和 sieve.apk

在電腦端執(zhí)行下面的命令安裝apk, --abi armeabi指定cpu架構(gòu)

adb install --abi armeabi sieve.apk
adb install --abi armeabi drozer-agent-2.3.4.apk 

3.2 電腦端開啟轉(zhuǎn)發(fā)

adb forward tcp:31415 tcp:31415

3.3 手機(jī)端啟動Embedded Server

模擬器里面點(diǎn)擊drozer agent的那個(gè)app然后點(diǎn)擊 OFF那個(gè)按鈕打開Embedded Server

3.4 啟動drozer console

執(zhí)行drozer console connect 啟動drozer console

user@user tmp %  drozer console connect
/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/OpenSSL/crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  from cryptography import utils, x509
Selecting 6fc8ab31aaf41650 (unknown sdk_phone_armv7 6.0)

            ..                    ..:.
           ..o..                  .r..
            ..a..  . ....... .  ..nd
              ro..idsnemesisand..pr
              .otectorandroidsneme.
           .,sisandprotectorandroids+.
         ..nemesisandprotectorandroidsn:.
        .emesisandprotectorandroidsnemes..
      ..isandp,..,rotectorandro,..,idsnem.
      .isisandp..rotectorandroid..snemisis.
      ,andprotectorandroidsnemisisandprotec.
     .torandroidsnemesisandprotectorandroid.
     .snemisisandprotectorandroidsnemesisan:
     .dprotectorandroidsnemesisandprotector.

drozer Console (v2.4.4)
dz>

3.5 drozer could not find or compile a required extension library.

執(zhí)行 drozer console connect --debug 可以顯示debug信息

需要把class_loader.py的apk_path 改成自己真實(shí)的ZipUtil.apk路徑

例如:文章來源地址http://www.zghlxwxcb.cn/news/detail-493539.html

    def __get_source(self, source_or_relative_path, relative_to=None):
        """
        Get source, either from an apk file or passed directly.
        """
        
        source = None

        if source_or_relative_path.endswith(".apk"):
           ...
            #apk_path = os.path.join(relative_to, *source_or_relative_path.split("/"))
            apk_path = "/Users/user/.pyenv/versions/2.7.18/lib/python2.7/site-packages/drozer-2.4.2-py2.7.egg/drozer/modules/common/ZipUtil.apk"
            java_path = apk_path.replace(".apk", ".java")
            
        ....
        return source

參考

1. https://github.com/WithSecureLabs/drozer
2. brew安裝python2
3. https://github.com/WithSecureLabs/drozer/issues/155
4. ‘openssl/opensslv.h’ file not found ; OSX 10.11.6 #3367
5. https://cryptography.io/en/latest/installation/
6. C編譯報(bào)錯: implicit declaration of function xxx is invalid in C99 [-Wimplicit-function-declaration]
7. https://github.com/scipy/scipy/issues/12935
8. 如何查看Android手機(jī)CPU類型是armeabi，armeabi-v7a，還是arm64-v8a
9. [INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113]
10. 在電腦上裝安卓摸魚，你要感謝一位中國工程
11. How to install libhoudini on a custom Android x86 rig
12. x86模擬器集成houdini
13. Genymotion_ARM_Translation
14. Android ABI
15. “ssl module in Python is not available” when installing package with pip3
16. drozer could not find or compile a required extension library.

到了這里，關(guān)于Mac安裝Drozer apk安全測試框架踩坑記錄, ‘openssl/opensslv.h‘ file not found 和implicit declaration of function‘xx‘的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！