The Android Device Testing Framework (“dtf”) is a data collection and analysis framework to help individuals answer the question: “Where are the vulnerabilities on this mobile device?”
Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. By default, dtf does not include any modules, but a collection of testing modules is made available on the Cobra Den website. These modules allow testers to obtain information from their Android device, process this information into databases, and then start searching for vulnerabilities (all without requiring root privileges). These modules help you focus on changes made to AOSP components such as applications, frameworks, system services, as well as lower-level components such as binaries, libraries, and device drivers. In addition, you’ll be able to analyze new functionality implemented by the OEMs and other parties to find vulnerabilities.
Installing & Using
dtf is offically supported on Ubuntu, particularly versions 14 and 15. To install dtf on Ubuntu, run the following command as root:
A true Bash shell (no Dash!!!), with general purpose Linux utilities (sed, awk, etc.)
‘colored’ pip module
Download the dtf framework from GitHub:
git clone https://github.com/jakev/dtf dtf/
If you are using Ubuntu 14, you can simply run the install_dependencies.sh script to obtain the prequiste software:
You’ll need to add dtf to your $PATH. If you want to use the auto completion features of dtf.
You can source the file “dtf_bash_completion.sh” in your “.bashrc”, copy “dtf_bash_completion.sh to “/etc/bash_completion.d/” (if you are already sourcing this in your “.bashrc”), or just run:
To confirm dtf is working, try the command:
If you see the dtf help screen with no errors, you are good to go!
dtf is just a framework. Without installing actual content, it doesn’t do anything!
Dtf comes with a basic package manager that helps manage your active content. This allows you to download and install modules from anywhere. To download and install the content mentioned above, you can use the pm built-in command: