Once you've got your drozer framework up and running, you may want to start scratching and messing around on your Android device. One useful thing you may want to do is list all the packages installed on your device. You can do this by firing off the following command from your drozer console:

dz> run app.package.list

You should see something similar to the following start appearing on your screen:

Let's take a look at the drozer source code to find out exactly how it interfaces with the package manager API to get all this useful information. I'm going to be explaining the code behind most of the modules so you get to see how drozer works, and build you up to writing a drozer module of your own later in this chapter! After all, that's what frameworks are about—building your own mods and add-ons.

Beware non-Python users/developers! You may need a little Python background to be able to read this source code; although, seeing that Python is pretty semantic even if you've never written Python code, you should be able to follow pretty easily. An added benefit of drozer's design is that they've basically mirrored the Android Java API to make module development easy to pick up for Android developers. So, in summary, you don't need to run out and get a book on Python just yet. If you've written Android apps before, this will be very easy to follow. Anyway, enough talk—let's see some code!

def add_arguments(self, parser):
  parser.add_argument("-a", "--package", default=None, help="the identifier of the package to inspect")
  parser.add_argument("-d", "--defines-permission", default=None, help="filter by the permissions a package defines")
  parser.add_argument("-f", "--filter", default=None, help="keyword filter conditions")
  parser.add_argument("-g", "--gid", default=None, help="filter packages by GID")
  parser.add_argument("-p", "--permission", default=None, help="permission filter conditions")
  parser.add_argument("-u", "--uid", default=None, help="filter packages by UID")

def execute(self, arguments):
  if arguments.package == None:
    for package in self.packageManager().getPackages(common.PackageManager.GET_PERMISSIONS | common.PackageManager.GET_CONFIGURATIONS | common.PackageManager.GET_GIDS | common.PackageManager.GET_SHARED_LIBRARY_FILES):
      self.__get_package(arguments, package)
  else:
    package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_PERMISSIONS | common.PackageManager.GET_CONFIGURATIONS | common.PackageManager.GET_GIDS | 
            common.PackageManager.GET_SHARED_LIBRARY_FILES)

      self.__get_package(arguments, package)

def get_completion_suggestions(self, action, text, **kwargs):
  if action.dest == "permission":
    return android.permissions

def __get_package(self, arguments, package):
  application = package.applicationInfo

The execute() method is called whenever you fire off the app.activity.info module from your console. It's essentially the entry point to the real hard work the module does.

We see the call to the package manager, self.packageManager().getPackages(…); this returns a list of package objects along with each package's permissions, configurations, GID, and shared libraries. The script calls self.__get_package() on each package object to print it out to the drozer console. The same is done for cases where a specific package is supplied via the command-line arguments.

If you'd like to get your own copy of this code, you can grab it from the official drozer GitHub repository, which is very easy to find if you Google hard enough. But to make your lives easier, I've dropped a URL to the code repository in the See also section of this recipe.

The dz> run app.package.list command is a wrapper to the Android package manager; because of this, one of the cool things you can do is filter through applications based on their name, as follows:

dz> run app.package.list –f [application name]

Here, [application name] is the name of the application or package you want to check for. Here's an example:

dz> run app.package.list –f facebook

Another enumeration-type module in drozer you can use to extract information is app.package.info, which will fetch the following information about a package:

You can use this module by firing off the following command from your drozer console:

dz> run app.package.info --help

When used this way, it will extract all the related information about all the packages on your Android device.

Naturally, you might want to narrow down this information to a particular package:

dz> run app.package.info –-package [package name]

You could also use the shorthand for the switch, as follows:

dz> run app.package.info –a [package name]

Here's an example:

dz> run app.package.info –a com.android.browser

A quick explanation of the output shown in the previous screenshot is as follows:

Another example, in case you have a Nexus device, would be to run this against the Google Services Framework as follows:

dz> run app.package.info –a com.google.android.gsf

The previous command should produce the output as shown in the following screenshot:

Another cool thing you can do with the app.package.info module is find packages based on permissions. You can do that by executing the following command:

dz> run app.package.info –p [permission label]

An example would be the following:

dz> run app.package.info –p android.permission.INTERNET

Why is this so cool? Well, you may want to know all the applications with a set of dangerous permissions. I mean, do you know how many of your applications have the INTERNET permission or any other dangerous permission? No? Exactly!