AndBug is a debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers. It uses the same interfaces as Android’s Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP) and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods, examine process state, and even perform changes.
Unlike Google’s own Android Software Development Kit debugging tools, AndBug does not require or expect source code. It does, however, require that you have some level of comfort with Python, as it uses a concept of scripted breakpoints, called “hooks”, for most nontrivial tasks. (If you just want to dump loaded classes, methods, or threads, there are example scripts for that.)
AndBug is very much a program in flux, as I seperate one-off scripts I have written at IOActive for various tasks from customer and IOActive-proprietary contexts. I do not recommend installation at this time, as you will want to update it frequently afterwards. AndBug runs very nicely from its own source directory with very little setup.
- Install the Android Software Development Kit from https://developer.android.com/sdk/index.html
- Ensure the Android Debugging Bridge is in your $PATH and usable.
which adb adb devices
- Ensure you have a good Python and GNU toolchain for your platform. You will need GCC, and Make. You may also want Pyrex, if you want to make changes at the primitive layer.
- Pull the latest AndBug code from https://github.com/swdunlop/AndBug.git
git clone https://github.com/swdunlop/AndBug.git
- Build using Make
- Adjust $PYTHONPATH
Examples can be found in the sample directory, but the easiest way to find prepackaged functionality in AndBug is using the “andbug” command directly.
This command does not currently have the intelligence to automatically detect when it is running from the source directory and update the PYTHONPATH on the fly to match. You will want to make sure that PYTHONPATH includes your andbug/lib directory.
Q: I get “Permission Denied” when trying to use AndBug, but “adb shell” works.
A: Your adbd is probably running as another user, blocking the effective use of ADB forward. Use “adb kill-server” then “adb start-server” with the correct effective user.
Q: I get “Shell Exception” when trying to use AndBug.
A: Verify that your ADB setup is working using “adb devices” — AndBug relies on ADB for a JDWP transport.
Q: Does AndBug work on Windows?
A: I think so; but since AndBug is unsupported software, you may experience less hand holding than Windows users are accustomed to. Patches are welcome.
Q: Does AndBug work on Mac OS X?
A: Yes, but see the snarkiness about Windows users. You didn’t find this in an app store..
Q: Navi gives me an RequestError 13.
A: You have resumed the process; Navi can only safely interact with suspended processes. Use “suspend” again.
Q: I get “EOF in read” when sending a commmand.
A: Ensure that no other debuggers are connected, such as DDMS.