Merge branch 'release/0.2.4'

Author: thelicato

.env.sample

@@ -1,3 +1,4 @@
+DROIDGROUND_BASE_PATH= # If you want to host the webapp on a subpath
 DROIDGROUND_APP_PACKAGE_NAME=com.droidground.hiddenactivity
 DROIDGROUND_ADB_HOST=localhost
 DROIDGROUND_ADB_PORT=5037
@@ -19,4 +20,5 @@ DROIDGROUND_START_ACTIVITY_DISABLED=false # Feature enabled by default if not se
 DROIDGROUND_START_RECEIVER_DISABLED=false # Feature enabled by default if not set otherwise
 DROIDGROUND_START_SERVICE_DISABLED=false # Feature enabled by default if not set otherwise
 DROIDGROUND_TERMINAL_DISABLED=false # Feature enabled by default if not set otherwise
+DROIDGROUND_RESET_DISABLED=false # Feature enabled by default if not set otherwise
 DROIDGROUND_EXPLOIT_APP_DURATION=10 # The time (in seconds) the exploit app will be active before the target app is restarted. This field makes sense only if the App Manager is enabled. Default value is 10

README.md

@@ -77,6 +77,7 @@ The `.env.sample` file in the root directory is a good starting point. This is t
 
 | Variable                              | Description                                          | Default     |
 | ------------------------------------- | ---------------------------------------------------- | ----------- |
+| `DROIDGROUND_BASE_PATH`               | Path of the webapp (useful for hosting on subpaths)  | -           |
 | `DROIDGROUND_APP_PACKAGE_NAME`        | Package name of target app                           | -           |
 | `DROIDGROUND_ADB_HOST`                | ADB host                                             | `localhost` |
 | `DROIDGROUND_ADB_PORT`                | ADB port                                             | `5037`      |
@@ -98,6 +99,7 @@ The `.env.sample` file in the root directory is a good starting point. This is t
 | `DROIDGROUND_START_RECEIVER_DISABLED` | Disable broadcast                                    | `false`     |
 | `DROIDGROUND_START_SERVICE_DISABLED`  | Disable startService                                 | `false`     |
 | `DROIDGROUND_TERMINAL_DISABLED`       | Disable terminal                                     | `false`     |
+| `DROIDGROUND_RESET_DISABLED`          | Disable reset                                        | `false`     |
 | `DROIDGROUND_EXPLOIT_APP_DURATION`    | The time (in seconds) the exploit app will be active | `10`        |
 
 ## 🧩 Use Cases
@@ -144,6 +146,10 @@ Here are some suggestions for setting up your Android CTF:
 - Be careful when enabling the **Shutdown** feature.
 - If you plan to make the flag directly visible in the UI you may want to find a way to spawn different instances (one for each team/player)
 
+While testing the setup before going in production it could be useful to get the **attack surface** of the target app. This is something that players shouldn't see because it's part of their job to discover and analyze the attack surface!
+
+Therefore, a `GET` endpoint reachable at `/attackSurface` is provided and protected with a token (that needs to be used as the value of the `Authorization` header) that is randomly generated during the boot and printed in the logs (therefore accessible only by sysadmins).
+
 ## 🛠 Development
 
 Getting it up & running shouldn't be too difficult, but before starting you should have the following tools installed:

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "droidground",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "type": "module",
   "author": "Angelo Delicato",
   "scripts": {

package.json

@@ -107,9 +107,11 @@ const Navbar: React.FC = () => {
               </li>
             ))}
         </ul>
-        <button className="btn btn-error ml-4" onClick={() => resetCtfDialogRef.current?.showModal()}>
-          Reset
-        </button>
+        {featuresConfig.resetEnabled && (
+          <button className="btn btn-error ml-4" onClick={() => resetCtfDialogRef.current?.showModal()}>
+            Reset
+          </button>
+        )}
         <div className="flex h-full items-center justify-center">
           <div className="flex h-[1.5rem]">
             <div className="divider divider-horizontal" />

src/client/layout/Header.tsx

@@ -16,10 +16,6 @@ export const Overview: React.FC = () => {
     isRunning: false,
   });
   const isPowerMenuEnabled = featuresConfig.shutdownEnabled || featuresConfig.rebootEnabled;
-  const isActionsEnabled =
-    featuresConfig.startActivityEnabled ||
-    featuresConfig.startBroadcastReceiverEnabled ||
-    featuresConfig.startServiceEnabled;
   // Dialogs
   const startActivityDialogRef = useRef<HTMLDialogElement | null>(null);
   const startBroadcastReceiverDialogRef = useRef<HTMLDialogElement | null>(null);
@@ -171,22 +167,22 @@ export const Overview: React.FC = () => {
           </div>
         </div>
         {/* Actions */}
-        {isActionsEnabled && (
-          <div className="collapse collapse-arrow bg-base-300 border border-base-300">
-            <input type="checkbox" name="actions-accordion" className="peer" />
-            <div className="collapse-title font-semibold peer-hover:bg-gray-600 peer-checked:mb-4">Actions</div>
-            <div className="collapse-content text-sm flex flex-col items-center justify-between gap-4">
-              <div className="flex w-full justify-between items-center">
-                <p>
-                  Restart <b>App</b>
-                </p>
-                <div className="join">
-                  <button className="btn btn-accent join-item rounded-r-md" onClick={restartApp}>
-                    Restart
-                  </button>
-                </div>
+        <div className="collapse collapse-arrow bg-base-300 border border-base-300">
+          <input type="checkbox" name="actions-accordion" className="peer" />
+          <div className="collapse-title font-semibold peer-hover:bg-gray-600 peer-checked:mb-4">Actions</div>
+          <div className="collapse-content text-sm flex flex-col items-center justify-between gap-4">
+            <div className="flex w-full justify-between items-center">
+              <p>
+                Restart <b>App</b>
+              </p>
+              <div className="join">
+                <button className="btn btn-accent join-item rounded-r-md" onClick={restartApp}>
+                  Restart
+                </button>
               </div>
+            </div>
 
+            {featuresConfig.startActivityEnabled && (
               <div className="flex w-full justify-between items-center">
                 <p>
                   Start <b>Activity</b>
@@ -200,7 +196,9 @@ export const Overview: React.FC = () => {
                   </button>
                 </div>
               </div>
+            )}
 
+            {featuresConfig.startBroadcastReceiverEnabled && (
               <div className="flex w-full justify-between items-center">
                 <p>
                   Send <b>Broadcast Intent</b>
@@ -214,7 +212,9 @@ export const Overview: React.FC = () => {
                   </button>
                 </div>
               </div>
+            )}
 
+            {featuresConfig.startServiceEnabled && (
               <div className="flex w-full justify-between items-center">
                 <p>
                   Start <b>Service</b>
@@ -228,9 +228,9 @@ export const Overview: React.FC = () => {
                   </button>
                 </div>
               </div>
-            </div>
+            )}
           </div>
-        )}
+        </div>
         {/* Power Menu */}
         {isPowerMenuEnabled && (
           <div className="collapse collapse-arrow bg-base-300 border border-base-300">

src/client/views/Overview.tsx

@@ -72,7 +72,7 @@ export default (app: Router) => {
     validateBody<StartExploitAppRequest>(runExploitAppSchema),
     APIController.startExploitApp,
   );
-  endpoint.post(E.RESET, APIController.reset);
+  endpoint.post(E.RESET, checkFeatureEnabled(features.resetEnabled), APIController.reset);
   endpoint.get(E.FEATURES, APIController.features);
   endpoint.get(E.INFO, APIController.info);
   endpoint.post(E.RESTART, APIController.restartApp);

src/server/api/routes.ts

@@ -61,6 +61,7 @@ export class ManagerSingleton {
         startBroadcastReceiverEnabled: !(process.env.DROIDGROUND_START_RECEIVER_DISABLED === "true"),
         startServiceEnabled: !(process.env.DROIDGROUND_START_SERVICE_DISABLED === "true"),
         terminalEnabled: !(process.env.DROIDGROUND_TERMINAL_DISABLED === "true"),
+        resetEnabled: !(process.env.DROIDGROUND_RESET_DISABLED === "true"),
         fridaType: process.env.DROIDGROUND_FRIDA_TYPE === "full" ? "full" : "jail",
         exploitAppDuration:
           isNaN(exploitAppDuration) || exploitAppDuration.trim().length === 0 ? 10 : parseInt(exploitAppDuration),
@@ -252,6 +253,7 @@ export class ManagerSingleton {
       return false;
     }
 
+    Logger.info("Running setup.sh script...");
     execSync(setupScript, { cwd: process.env.DROIDGROUND_INIT_SCRIPTS_FOLDER }).toString().trim();
 
     // Check if the app is installed, otherwise stop DroidGround

src/server/manager.ts

@@ -14,6 +14,7 @@ export interface DroidGroundFeatures {
   appManagerEnabled: boolean;
   terminalEnabled: boolean;
   logcatEnabled: boolean;
+  resetEnabled: boolean;
   fridaType: "full" | "jail";
   exploitAppDuration: number;
 }