Result Analysis

[Abhishekpratapsingh]

For some reasons actual data is not getting stored in my database,only their datatype are getting stored up on the elastic search database,even though the dynamic analysis ran successfully.
(Also what's up with the events.logs file ,where is it stored ? )

Can I somehow get the result of the analysis in a .txt file or is there some other way to extract the information out of the dynamic analysis done by the tool ?

Thanks in Advance :)

[Tibap]

Hi Abhishekpratapsingh,

In order to help you, we need more information about your environment et what you describe... Can you please list:

• your hooker version,
• your type of device (emulated or physical),
• the content of your configuration file for hooker_xp,
• an example of what kind of results you have in your elasticsearch DB,
• how your network is done (especially how your android device is connected to the network where the elasticsearch DB listen),
• any information worth valuable...

Concerning your second question, you can store results in a file when you set the file_mode parameter to true in your hooker_xp configuration file.

[Abhishekpratapsingh]

--Thanks for replying :)
--I downloaded the latest version of Android hooker.
--I am using an emulated device.
--The elastic search host is the same as my android emulator host (my own PC :P )

----------- Configuration file content -----------
--#
--# Main configuration
--#
--[main]
--# Path to the reference AVD, emulators are clones of this reference
--# [no extension must be provided]
--referenceAVD=/home/abhishek/.android/avd/NVEDIA

--# Path to the Android SDK
--# [should end whith '/sdk/']
--androidSDKPath=/home/abhishek/Downloads/android-sdk-linux/

--# Path to your local Android temporary directory
--androidTemporaryPath=/tmp/android-abhishek/

--# Path to androguard framework
--androguardPath=/home/abhishek/Downloads/androguard-1.9

--# type of device (real or emulated)
--device=emulated

--#
--# Analysis Configuration
--#
--[analysis]
--# type of the analysis (manual or automatic)
--type=automatic
--# name of the analysis
--name=Sample Automatic Analysis
--# directory in which APKs
--apks=../tools/sampleApps/
--# number of emulators
--# in manual mode, only a single emulator is used
--# in automatic mode, one APK = one Emulator
--maxNumberOfEmulators=1
--# applications to install and execute before starting the experiment
--# [application filename MUST equals their main activity name]
--prepareApks=../tools/APK-contactGenerator/com.amossys.hooker.generatecontacts.ImportContacts.apk
--# scenario
--# IMPORTANT: In your scenario, you cannot have a stimulate action separated from an execute action
--scenario=execute,stimulate,reboot,execute,stimulate,externalStimulation
--# output directory
--outputdirectory=/home/abhishek/Downloads/YOYO

--#
--# Reporting Configuration
--#
--[reporting]
--# activate or not the reporting of events in an elasticsearch database
--elasticsearch_mode=true
--# if elasticsearch activated, specify the ES IP address
--elasticsearch_ip=127.0.0.1
--# if elasticsearch activated, specify the ES IP port number
--elasticsearch_port=9200
--# elasticsearch index
--elasticsearch_index=test
--# elasticsearch doctype for events
--elasticsearch_doctype=event

--# activate or not the creation of a text report containing all the captured events
--file_mode=true

---

--In which file (name + the path ) are the dynamic results getting stored ?

---

--Log of Analysis

--[MainProcess/MainThread/DEBUG] 768: Initialize the Elasticsearch reporter
--[MainProcess/MainThread/DEBUG] 768: Initializes connection with the elasticsearch database.
--[MainProcess/MainThread/DEBUG] 771: Cluster seems to be reachable.
--[MainProcess/MainThread/DEBUG] 775: Configure the manual analysis.
$$Manual Analysis

--Main Conf:
-- - SDK /home/abhishek/Downloads/android-sdk-linux/
-- - Ref. AVD /home/abhishek/.android/avd/NVEDIA
-- - Androguard /home/abhishek/Downloads/androguard-1.9
-- - Type of device emulated
--Manual Analysis Conf.:
-- - Name Sample Manual Analysis
-- - APKs ../tools/sampleApps/12.apk
-- - Nb Emulators 1
-- - Preparation APKs ../tools/APK-contactGenerator/bin/ImportContacts-debug.apk
-- - Backup directory None
--Reporting Conf:
-- + Elasticsearch
$$ Active True
-- - IP 127.0.0.1
-- - TCP Port 9200
-- - ES Index hooker
-- - ES Doctype event
-- + File mode
Active True

--[MainProcess/MainThread/WARNING] 777: 12.apk
--[MainProcess/MainThread/DEBUG] 777: ID Experiment: 18ce7deb965a61df333c202e2d44f508 (based on 12.apk and 1432656773026)
--[MainProcess/MainThread/INFO] 853: No APK found associated with IDXP 18ce7deb965a61df333c202e2d44f508
--[MainProcess/MainThread/DEBUG] 864: The APK '../tools/sampleApps/12.apk' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 864: APK ../tools/sampleApps/12.apk with ID eb37e46b-4e6b-4c98-bd88-57f5d34781cc has been assiocated to IDXP in ES cluster
--[MainProcess/MainThread/DEBUG] 871: The experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/DEBUG] 878: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 1007: Analyzing /home/abhishek/Downloads/hooker-master/tools/sampleApps/12.apk with androguard...
--[MainProcess/MainThread/DEBUG] 1088: The static event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 1089: Static Analysis results:
-- - APK: /home/abhishek/Downloads/hooker-master/tools/sampleApps/12.apk
-- - Version code: 2
-- - Version name: 1.0.1
-- - Main act.: com.cyancanyon.aleatori_lite.Splash
-- - Max SDK: -1
-- - Min SDK: 3
-- - Package name: com.cyancanyon.aleatori_lite
-- - Timestamp: 1432656773329
-- - Activities: [com.cyancanyon.aleatori_lite.Splash, com.cyancanyon.aleatori_lite.Aleatori, com.cyancanyon.aleatori_lite.NumberSetEditor, com.cyancanyon.aleatori_lite.TextSetEditor, com.cyancanyon.aleatori_lite.ImageSetEditor, com.cyancanyon.aleatori_lite.ProfileEditor, com.cyancanyon.aleatori_lite.MultiEditor, com.cyancanyon.aleatori_lite.AzarResults]
-- - Permissions: [android.permission.WRITE_EXTERNAL_STORAGE]
-- - Providers: []
-- - Receivers: []
-- - Services: []
-- - Libraries: []
--[MainProcess/MainThread/DEBUG] 1096: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/DEBUG] 1097: Create 1 templates, one for each emulator
--[MainProcess/MainThread/DEBUG] 1126: Executing command ['cp', '-R', '/home/abhishek/.android/avd/NVEDIA.avd/', '/home/abhishek/.android/avd/NVEDIA_0.avd/']
--[MainProcess/MainThread/DEBUG] 46984: Creation of new device named 'Emulator_0'.
--[MainProcess/MainThread/DEBUG] 46985: Duplicate AVD '/home/abhishek/.android/avd/NVEDIA'.
--[MainProcess/MainThread/DEBUG] 46985: Deleting old emulator config file '/home/abhishek/.android/avd/Emulator_0.ini'
--[MainProcess/MainThread/DEBUG] 46985: Deleting old emulator FS '/home/abhishek/.android/avd/Emulator_0.avd/'
--[MainProcess/MainThread/DEBUG] 46985: Copy AVD reference config file '/home/abhishek/.android/avd/NVEDIA_0.ini' in '/home/abhishek/.android/avd/Emulator_0.ini'...
--[MainProcess/MainThread/DEBUG] 46999: Duplicate the AVD internal content from '/home/abhishek/.android/avd/NVEDIA_0.avd/' in '/home/abhishek/.android/avd/Emulator_0.avd/'...
--[MainProcess/MainThread/DEBUG] 46999: Executing command ['cp', '-R', '/home/abhishek/.android/avd/NVEDIA_0.avd/', '/home/abhishek/.android/avd/Emulator_0.avd/']
--[MainProcess/MainThread/DEBUG] 92226: Replacing 'NVEDIA' with 'Emulator_0' in '/home/abhishek/.android/avd/Emulator_0.ini'
--[MainProcess/MainThread/DEBUG] 92242: Replacing 'NVEDIA' with 'Emulator_0' in '/home/abhishek/.android/avd/Emulator_0.avd/hardware-qemu.ini'
--[MainProcess/MainThread/DEBUG] 92247: Replacing 'NVEDIA' with 'Emulator_0' in '/home/abhishek/.android/avd/Emulator_0.avd/snapshots.img.default-boot.ini'
--[MainProcess/MainThread/DEBUG] 92281: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/DEBUG] 92296: Executing Asynchronous command ['/home/abhishek/Downloads/android-sdk-linux/tools/emulator64-arm', '@Emulator_0', '-no-snapshot-save', '-netspeed', 'full', '-netdelay', 'none', '-port', '5554']
--[MainProcess/MainThread/DEBUG] 92332: Waiting for device emulator-5554 to be ready.
--[MainProcess/MainThread/DEBUG] 92332: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'wait-for-device']
--[MainProcess/MainThread/DEBUG] 93441: Waiting for the device to be ready
--[MainProcess/MainThread/DEBUG] 93441: - (dev.bootcomplete)
--[MainProcess/MainThread/DEBUG] 93442: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'getprop', 'dev.bootcomplete']
--[MainProcess/MainThread/DEBUG] 93517: - (sys_bootcomplete)
--[MainProcess/MainThread/DEBUG] 93517: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'getprop', 'sys.boot_completed']
--[MainProcess/MainThread/DEBUG] 93584: - (init.svc.bootanim)
--[MainProcess/MainThread/DEBUG] 93584: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'getprop', 'init.svc.bootanim']
--emulator: ERROR: Unable to load VM from snapshot. The snapshot has been saved for a different hardware configuration.
--[MainProcess/MainThread/DEBUG] 98661: Device emulator-5554 seems to be ready
--[MainProcess/MainThread/DEBUG] 98661: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'pm', 'list', 'packages', 'com.amossys.hooker']
--[MainProcess/MainThread/INFO] 99860: ApkInstrumenter application is installed on device
--[MainProcess/MainThread/DEBUG] 99867: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 99867: Installing APK ../tools/APK-contactGenerator/bin/ImportContacts-debug.apk on device Emulator_0
--[MainProcess/MainThread/DEBUG] 99868: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'install', '../tools/APK-contactGenerator/bin/ImportContacts-debug.apk']
--[MainProcess/MainThread/DEBUG] 101655: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 101655: Checking if ADB recognizes device...
--[MainProcess/MainThread/DEBUG] 101655: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', 'devices']
--[MainProcess/MainThread/DEBUG] 101659: Device has been find!
--[MainProcess/MainThread/INFO] 101659: Starting activity ImportContacts-debug on device Emulator_0
--[MainProcess/MainThread/DEBUG] 101659: Executing Asynchronous command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'am', 'start', '-n', '/.ImportContacts-debug']
--[MainProcess/MainThread/DEBUG] 101674: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/DEBUG] 101675: Deploy the following configuration on emulator Emulator_0:
--# Hooker Analysis Configuration File
--# Network configuration
--[elasticsearch]
--elasticsearch_mode=True
--elasticsearch_nb_thread=1
--elasticsearch_ip=10.0.2.2
--elasticsearch_port=9200
--elasticsearch_index=hooker
--elasticsearch_doctype=event

--# File configuration
--[file]
--file_mode=True
--file_name=events.logs

--[analysis]
--idXP=18ce7deb965a61df333c202e2d44f508

--[MainProcess/MainThread/DEBUG] 101675: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'mkdir', '/mnt/sdcard/hooker/']
--[MainProcess/MainThread/DEBUG] 101771: Writing content on '/mnt/sdcard/hooker/experiment.conf'
--[MainProcess/MainThread/DEBUG] 101771: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'touch', '/mnt/sdcard/hooker/experiment.conf']
--[MainProcess/MainThread/DEBUG] 101861: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'echo', '# Hooker Analysis Configuration File\n# Network configuration\n[elasticsearch]\nelasticsearch_mode=True\nelasticsearch_nb_thread=1\nelasticsearch_ip=10.0.2.2\nelasticsearch_port=9200\nelasticsearch_index=hooker\nelasticsearch_doctype=event\n\n# File configuration\n[file]\nfile_mode=True\nfile_name=events.logs\n\n[analysis]\nidXP=18ce7deb965a61df333c202e2d44f508\n', '>', '/mnt/sdcard/hooker/experiment.conf']
--[MainProcess/MainThread/DEBUG] 101947: Waiting 30 seconds for the device to prepare...
--Starting: Intent { cmp=/.ImportContacts-debug }
--Error type 3
--Error: Activity class {/.ImportContacts-debug} does not exist.
--[MainProcess/MainThread/DEBUG] 131985: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 131985: Installing APK ../tools/sampleApps/12.apk on device Emulator_0
--[MainProcess/MainThread/DEBUG] 131985: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'install', '../tools/sampleApps/12.apk']
--[MainProcess/MainThread/DEBUG] 138840: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 138840: Starting main activity: com.cyancanyon.aleatori_lite.Splash
--[MainProcess/MainThread/INFO] 138840: Checking if ADB recognizes device...
--[MainProcess/MainThread/DEBUG] 138840: Executing command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', 'devices']
--[MainProcess/MainThread/DEBUG] 138844: Device has been find!
--[MainProcess/MainThread/INFO] 138844: Starting activity com.cyancanyon.aleatori_lite/com.cyancanyon.aleatori_lite.Splash on device Emulator_0
--[MainProcess/MainThread/DEBUG] 138844: Executing Asynchronous command ['/home/abhishek/Downloads/android-sdk-linux/platform-tools/adb', '-s', 'emulator-5554', 'shell', 'am', 'start', '-n', 'com.cyancanyon.aleatori_lite/com.cyancanyon.aleatori_lite.Splash']
--[MainProcess/MainThread/INFO] 138846: Proceed to the stimulation of the environnment.
--[MainProcess/MainThread/INFO] 138846: Once achieved, close the device and waits for the hooker to finish.
--[MainProcess/MainThread/DEBUG] 138852: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/DEBUG] 138853: Waiting for the device to finish.
--[MainProcess/MainThread/DEBUG] 138888: The event information of experiment '18ce7deb965a61df333c202e2d44f508' has successfuly been inserted into ES cluster.
--[MainProcess/MainThread/INFO] 138888: Device has finished, IDXP is 18ce7deb965a61df333c202e2d44f508

---

--I ran this query

--curl -XGET 'http://localhost:9200/*'

--{"hooker_test":{"aliases":{},"mappings":{"apk":{"_id":{"path":"IDAPK"},"_timestamp":{"enabled":true,"path":"Timestamp"},"properties":{"Author":{"type":"string"},"Category":{"type":"string"},"Description":{"type":"string"},"Filename":{"type":"string"},"Filesha1":{"type":"string"},"Filesize":{"type":"long"},"IDAPK":{"type":"string"},"Market":{"type":"string"},"Name":{"type":"string"},"Timestamp":{"type":"date","format":"dateOptionalTime"},"Url":{"type":"string"},"Version":{"type":"string"}}},"static":{"_parent":{"type":"experiment"},"_routing":{"required":true},"_timestamp":{"enabled":true,"path":"Timestamp"},"properties":{"Activities":{"type":"nested","properties":{"Activity":{"type":"string"}}},"Android Version Code":{"type":"string"},"Android Version Name":{"type":"string"},"Filename":{"type":"string","index":"not_analyzed"},"Libraries":{"type":"nested","properties":{"Library":{"type":"string"}}},"Main Activity":{"type":"string"},"Max SDK Version":{"type":"string"},"Min SDK Version":{"type":"string"},"PackageName":{"type":"string"},"Permissions":{"type":"nested","properties":{"Permission":{"type":"string"}}},"Providers":{"type":"nested","properties":{"Provider":{"type":"string"}}},"Receivers":{"type":"nested","properties":{"Receiver":{"type":"string"}}},"Services":{"type":"nested","properties":{"Service":{"type":"string"}}},"Timestamp":{"type":"date","format":"dateOptionalTime"}}},"event":{"_parent":{"type":"experiment"},"_routing":{"required":true},"_timestamp":{"enabled":true,"path":"Timestamp"},"properties":{"ClassName":{"type":"string"},"Data":{"properties":{"DataName":{"type":"string"},"DataValue":{"type":"string"}}},"HookerName":{"type":"string","index":"not_analyzed"},"IntrusiveLevel":{"type":"short"},"MethodName":{"type":"string"},"PackageName":{"type":"string"},"Parameters":{"type":"nested"},"RelativeTimestamp":{"type":"long"},"Return":{"properties":{"ParameterType":{"type":"string"},"ParameterValue":{"type":"string"}}},"Timestamp":{"type":"date","format":"dateOptionalTime"}}},"experiment":{"_id":{"path":"IDXP"},"_timestamp":{"enabled":true,"path":"Timestamp"},"properties":{"Analysis":{"type":"string"},"Analyzed":{"type":"boolean"},"Author":{"type":"string","index":"not_analyzed"},"Description":{"type":"string"},"Emulator":{"type":"string","index":"not_analyzed"},"Filename":{"type":"string"},"Filesha1":{"type":"string"},"IDXP":{"type":"string"},"PackageName":{"type":"string"},"Timestamp":{"type":"date","format":"dateOptionalTime"}}}},"settings":{"index":{"creation_date":"1432647592995","uuid":"u7ZB4uulRGOelFRg0t3IRA","number_of_rep

[Tibap]

Hi Abhishekpratapsingh,
Can you tell me if you've executed socat when running the experiment (if not, check out the section Configure the host where Hooker is executed in the README).
Considering your other question, you can find the log file on your android device at /mnt/sdcard/hooker/events.log.
Finally, I would recommend you to install the ElasticSearch plugin called Head (http://mobz.github.io/elasticsearch-head/) if you want to have a better visualisation tool to checkout your results.

[Abhishekpratapsingh]

--Hi Tibap,
-- I was able to solve all the issues(the results are correctly getting stored on the elastic search) but I just realized that the bool value correspoinding to the emulator is false (In the log i found an error saying the VM was not able to launch from the screenshot )
--Also I am using an emulator not a real device,How do I access the events.logs file of the sdcard in that case ?

--LOG ERROR

--emulator: ERROR: Unable to load VM from snapshot. The snapshot has been saved for a different hardware configuration.

[Tibap]

Hi Abhishekpratapsingh,
Can you please indicate how you resolved your issues? These details can help other people if they meet something similar...
Regarding the other questions:

• the error Unable to load VM from snapshot is indicating your snapshot is kind of broken. This is not due to Hooker, but entirely on the Android emulator (you can try to run the device without hooker, you'll see)... In order to correct that, you have to build a new reference emulator.
• to access the file events.logs, you can set the configuration parameter file_mode to True. Then check out hooker_xp logs at the end of an XP, there should be a log indicating where the log file has been pulled.

[Abhishekpratapsingh]

--The query " export ANDROID_HOME=/home/abhishek/Downloads/android-sdk-linux " gave empty results but the data was actually stored in the database which i could access after installing the suggested plugin.

--After setting up the environment . I edited the emulator by UNTICKING the snapshot option,this resolved the "Can't launch from the snapshot Error".

--But now it gets stuck while emulating the actions (intends). It was stuck on the same state for 15 minutes or so.

--LOG

--[MainProcess/MainThread/INFO] 145084: Once achieved, close the device and waits for the hooker to finish.
--[MainProcess/MainThread/DEBUG] 145084: Waiting for the device to finish.
--Starting: Intent { cmp=com.ku6.android.videobrowser/.SplashActivity } (/* It was stuck here */ )

--Any idea about it?

[Abhishekpratapsingh]

Please try to reply ASAP :)

[Tibap]

Hi Abhishekpratapsingh,
If you unticked the snapshot options, you should have lost the prepared configuration needed by the hooker to work... That's why I told you you have to build a new reference emulator (see README file for this).
Once you've rebuild a reference emulator, you must be careful with what you ask to hooker_xp. If you look at the log you've mentioned, you could see the information: Once achieved, close the device and waits for the hooker to finish. This means you are in manual mode and hooker_xp let you stimulate the device. If you want to have an automatic stimulation, you have to edit your configuration file and set the "type" parameter to "automatic".
To finish with, please be careful with the markdown syntax used by github. By copy-pasting directly your logs within github, it is misinterpreting the syntax as you can see...

[Abhishekpratapsingh]

Thanks for the suggestion Tibap,I changed my previous comments on this issue to increase the readability of this issue.
I changed the settings ( un-ticked the save to snapshot option ) after creating the AVD. So my reference AVD works perfectly.
After creating the AVD if I don't un-tick the "Save to snapshot option" the analysis in both (manual and automatic mode give this error : -- ERROR: Unable to load VM from snapshot. The snapshot has been saved for a different hardware configuration ) .
If un-tick it then for the manual mode , The emulator loads up on the screen and I can do the simulation (and When I close the emulator the logs say the device has finished and the results have been successfully pushed into the cluster but the "Analyzed" column corresponding to the experiment says false indicating the analysis didn't finish successfully )

[Tibap]

Abhishekpratapsingh,
Can you check that you have logs specific to the Hooker in your adb logcat? You should have lines like:
I/Hooker (13665): Hooking method android.hardware.usb.UsbDeviceConnection:releaseInterface
when your device boots up.

[Abhishekpratapsingh]

Hi,
I just checked the adb logcat of the emulator that was generated as a result of running hooker_xy.py on manual mode and found that there was no line with I/Hooker tag in its log.
Though some lines related to Hooker appeared after I explicitly open the Hooker Application on the emulator (Not a relevant info. , I guess :P )

[Tibap]

Abhishekpratapsingh,
The issue is when you unticked the "Save to snapshot" option: when unticking, you lose your device configuration. From my experience, every time I ended up with this annoying "Can't launch from the snapshot Error", I had to rebuild an emulator from scratch.

[Abhishekpratapsingh]

I tried at least 3 times creating new reference Emulators but the "Can't launch from the snapshot Error" just won't go.

[Tibap]

Well, this is not normal then... From my point of view, this is not a bug from Hooker. Did you check on the internet if someone else has found similar bug using the android emulator? Did you try with another version?

[Abhishekpratapsingh]

Which system image did you choose for the emulation (ARM or INTEL) ?

[Tibap]

ARM image.

[fenildf]

I have the same problem as Abhishekpratapsingh. I have no lucky to launch Emulators from snapshot for one time, always the annoying "Can't launch from the snapshot Error".

Definitely, hooker is not the cause. However, when this problem persist, I fail to experience this tool.

From Tibap's response, it seems this problem happens occasionally. why 100 percent here? any clue?

[Tibap]

Guys,
Did you run the prepareEmulator.sh script in tools\emulatorCreator when preparing your emulator?
Can you check that you succeed to restart the emulator from snapshot after this single step? I'm wondering if the error don't come from the anti-detection options we set within this script...

[Tibap]

For your interest, the new version of Hooker now has the tools/emulatorCreator/HookerInstaller.py script to build a clean AVD. The script specifically creates an emulator with the good options, which are not correctly set when you run the Android Studio. Hope this helps.