def create_db_entry_ios(app_dict, info_dict, code_dict, files, sfiles):
"""Save an IOS ZIP DB entry"""
try:
# pylint: disable=E1101
static_db = StaticAnalyzerIOSZIP(TITLE='Static Analysis',
APPNAMEX=app_dict["app_name"],
SIZE=app_dict["size"],
MD5=app_dict["md5_hash"],
SHA1=app_dict["sha1"],
SHA256=app_dict["sha256"],
INFOPLIST=info_dict["plist_xml"],
BINNAME=info_dict["bin_name"],
IDF=info_dict["id"],
VERSION=info_dict["ver"],
SDK=info_dict["sdk"],
PLTFM=info_dict["pltfm"],
MINX=info_dict["min"],
FILES=files,
SFILESX=sfiles,
API=code_dict["api"],
CODEANAL=code_dict["code_anal"],
URLnFile=code_dict["urlnfile"],
DOMAINS=code_dict["domains"],
EmailnFile=code_dict["emailnfile"],
PERMISSIONS=info_dict["permissions"],
INSECCON=info_dict["inseccon"])
static_db.save()
except:
PrintException("[ERROR] Updating DB")
def create_db_entry_ios(app_dict, info_dict, code_dict, files, sfiles):
"""Save an IOS ZIP DB entry"""
try:
# pylint: disable=E1101
static_db = StaticAnalyzerIOSZIP(
TITLE='Static Analysis',
APPNAMEX=app_dict["app_name"],
SIZE=app_dict["size"],
MD5=app_dict["md5_hash"],
SHA1=app_dict["sha1"],
SHA256=app_dict["sha256"],
INFOPLIST=info_dict["plist_xml"],
BINNAME=info_dict["bin_name"],
IDF=info_dict["id"],
VERSION=info_dict["ver"],
SDK=info_dict["sdk"],
PLTFM=info_dict["pltfm"],
MINX=info_dict["min"],
FILES=files,
SFILESX=sfiles,
API=code_dict["api"],
CODEANAL=code_dict["code_anal"],
URLnFile=code_dict["urlnfile"],
DOMAINS=code_dict["domains"],
EmailnFile=code_dict["emailnfile"],
PERMISSIONS=info_dict["permissions"],
INSECCON=info_dict["inseccon"])
static_db.save()
except:
PrintException("[ERROR] Updating DB")
def create_db_entry_ios(app_dict, info_dict, code_dict, files, sfiles):
"""Save an IOS ZIP DB entry"""
try:
# pylint: disable=E1101
static_db = StaticAnalyzerIOSZIP(
TITLE='Static Analysis',
FILE_NAME=app_dict["file_name"],
SIZE=app_dict["size"],
MD5=app_dict["md5_hash"],
SHA1=app_dict["sha1"],
SHA256=app_dict["sha256"],
INFOPLIST=info_dict["plist_xml"],
BINNAME=info_dict["bin_name"],
IDF=info_dict["id"],
BUILD=info_dict["build"],
VERSION=info_dict["bundle_version_name"],
SDK=info_dict["sdk"],
PLTFM=info_dict["pltfm"],
MINX=info_dict["min"],
FILES=files,
SFILESX=sfiles,
API=code_dict["api"],
CODEANAL=code_dict["code_anal"],
URLnFile=code_dict["urlnfile"],
DOMAINS=code_dict["domains"],
EmailnFile=code_dict["emailnfile"],
PERMISSIONS=info_dict["permissions"],
INSECCON=info_dict["inseccon"],
BUNDLE_NAME=info_dict["bundle_name"],
BUNDLE_URL_TYPES=info_dict["bundle_url_types"],
BUNDLE_SUPPORTED_PLATFORMS=info_dict["bundle_supported_platforms"],
BUNDLE_LOCALIZATIONS=info_dict["bundle_localizations"],
APPSTORE_DETAILS=app_dict["appstore"],
FIREBASE=code_dict["firebase"],
)
static_db.save()
except:
PrintException("Saving DB")
def create_db_entry_ios(app_dict, info_dict, code_dict, files, sfiles):
"""Save an IOS ZIP DB entry"""
try:
# pylint: disable=E1101
static_db = StaticAnalyzerIOSZIP(
TITLE='Static Analysis',
FILE_NAME=app_dict["file_name"],
SIZE=app_dict["size"],
MD5=app_dict["md5_hash"],
SHA1=app_dict["sha1"],
SHA256=app_dict["sha256"],
INFOPLIST=info_dict["plist_xml"],
BINNAME=info_dict["bin_name"],
IDF=info_dict["id"],
BUILD=info_dict["build"],
VERSION=info_dict["bundle_version_name"],
SDK=info_dict["sdk"],
PLTFM=info_dict["pltfm"],
MINX=info_dict["min"],
FILES=files,
SFILESX=sfiles,
API=code_dict["api"],
CODEANAL=code_dict["code_anal"],
URLnFile=code_dict["urlnfile"],
DOMAINS=code_dict["domains"],
EmailnFile=code_dict["emailnfile"],
PERMISSIONS=info_dict["permissions"],
INSECCON=info_dict["inseccon"],
BUNDLE_NAME=info_dict["bundle_name"],
BUNDLE_URL_TYPES=info_dict["bundle_url_types"],
BUNDLE_SUPPORTED_PLATFORMS=info_dict["bundle_supported_platforms"],
BUNDLE_LOCALIZATIONS=info_dict["bundle_localizations"],
APPSTORE_DETAILS=app_dict["appstore"],
FIREBASE=code_dict["firebase"],
)
static_db.save()
except:
PrintException("Saving DB")
def create_db_entry_ios(app_dict, info_dict, code_dict, files, sfiles):
"""Save an IOS ZIP DB entry."""
try:
# pylint: disable=E1101
static_db = StaticAnalyzerIOSZIP(
TITLE='Static Analysis',
FILE_NAME=app_dict['file_name'],
SIZE=app_dict['size'],
MD5=app_dict['md5_hash'],
SHA1=app_dict['sha1'],
SHA256=app_dict['sha256'],
INFOPLIST=info_dict['plist_xml'],
BINNAME=info_dict['bin_name'],
IDF=info_dict['id'],
BUILD=info_dict['build'],
VERSION=info_dict['bundle_version_name'],
SDK=info_dict['sdk'],
PLTFM=info_dict['pltfm'],
MINX=info_dict['min'],
FILES=files,
SFILESX=sfiles,
API=code_dict['api'],
CODEANAL=code_dict['code_anal'],
URLnFile=code_dict['urlnfile'],
DOMAINS=code_dict['domains'],
EmailnFile=code_dict['emailnfile'],
PERMISSIONS=info_dict['permissions'],
INSECCON=info_dict['inseccon'],
BUNDLE_NAME=info_dict['bundle_name'],
BUNDLE_URL_TYPES=info_dict['bundle_url_types'],
BUNDLE_SUPPORTED_PLATFORMS=info_dict['bundle_supported_platforms'],
BUNDLE_LOCALIZATIONS=info_dict['bundle_localizations'],
APPSTORE_DETAILS=app_dict['appstore'],
FIREBASE=code_dict['firebase'],
)
static_db.save()
except Exception:
logger.exception('Saving DB')
def StaticAnalyzer_iOS(request):
try:
# Input validation
print "[INFO] iOS Static Analysis Started"
TYP = request.GET['type']
RESCAN = str(request.GET.get('rescan', 0))
m = re.match('^[0-9a-f]{32}$', request.GET['checksum'])
if ((m) and (request.GET['name'].lower().endswith('.ipa')
or request.GET['name'].lower().endswith('.zip'))
and (TYP in ['ipa', 'ios'])):
DIR = settings.BASE_DIR # BASE DIR
APP_NAME = request.GET['name'] # APP ORGINAL NAME
MD5 = request.GET['checksum'] # MD5
APP_DIR = os.path.join(settings.UPLD_DIR,
MD5 + '/') # APP DIRECTORY
TOOLS_DIR = os.path.join(DIR,
'StaticAnalyzer/tools/mac/') # TOOLS DIR
if TYP == 'ipa':
# DB
DB = StaticAnalyzerIPA.objects.filter(MD5=MD5)
if DB.exists() and RESCAN == '0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': DB[0].TITLE,
'name': DB[0].APPNAMEX,
'size': DB[0].SIZE,
'md5': DB[0].MD5,
'sha1': DB[0].SHA1,
'sha256': DB[0].SHA256,
'plist': DB[0].INFOPLIST,
'bin_name': DB[0].BINNAME,
'id': DB[0].IDF,
'ver': DB[0].VERSION,
'sdk': DB[0].SDK,
'pltfm': DB[0].PLTFM,
'min': DB[0].MINX,
'bin_anal': DB[0].BIN_ANAL,
'libs': DB[0].LIBS,
'files': python_list(DB[0].FILES),
'file_analysis': DB[0].SFILESX,
'strings': DB[0].STRINGS,
}
else:
print "[INFO] iOS Binary (IPA) Analysis Started"
APP_FILE = MD5 + '.ipa' # NEW FILENAME
APP_PATH = APP_DIR + APP_FILE # APP PATH
BIN_DIR = os.path.join(APP_DIR, "Payload/")
# ANALYSIS BEGINS
SIZE = str(FileSize(APP_PATH)) + 'MB' # FILE SIZE
SHA1, SHA256 = HashGen(APP_PATH) # SHA1 & SHA256 HASHES
print "[INFO] Extracting IPA"
Unzip(APP_PATH, APP_DIR) # EXTRACT IPA
# Get Files, normalize + to x, and convert binary plist ->
# xml
FILES, SFILES = iOS_ListFiles(BIN_DIR, MD5, True, 'ipa')
INFO_PLIST, BIN_NAME, ID, VER, SDK, PLTFM, MIN, LIBS, BIN_ANAL, STRINGS = BinaryAnalysis(
BIN_DIR, TOOLS_DIR, APP_DIR)
# Saving to DB
print "\n[INFO] Connecting to DB"
if RESCAN == '1':
print "\n[INFO] Updating Database..."
StaticAnalyzerIPA.objects.filter(MD5=MD5).update(
TITLE='Static Analysis',
APPNAMEX=APP_NAME,
SIZE=SIZE,
MD5=MD5,
SHA1=SHA1,
SHA256=SHA256,
INFOPLIST=INFO_PLIST,
BINNAME=BIN_NAME,
IDF=ID,
VERSION=VER,
SDK=SDK,
PLTFM=PLTFM,
MINX=MIN,
BIN_ANAL=BIN_ANAL,
LIBS=LIBS,
FILES=FILES,
SFILESX=SFILES,
STRINGS=STRINGS)
elif RESCAN == '0':
print "\n[INFO] Saving to Database"
STATIC_DB = StaticAnalyzerIPA(TITLE='Static Analysis',
APPNAMEX=APP_NAME,
SIZE=SIZE,
MD5=MD5,
SHA1=SHA1,
SHA256=SHA256,
INFOPLIST=INFO_PLIST,
BINNAME=BIN_NAME,
IDF=ID,
VERSION=VER,
SDK=SDK,
PLTFM=PLTFM,
MINX=MIN,
BIN_ANAL=BIN_ANAL,
LIBS=LIBS,
FILES=FILES,
SFILESX=SFILES,
STRINGS=STRINGS)
STATIC_DB.save()
context = {
'title': 'Static Analysis',
'name': APP_NAME,
'size': SIZE,
'md5': MD5,
'sha1': SHA1,
'sha256': SHA256,
'plist': INFO_PLIST,
'bin_name': BIN_NAME,
'id': ID,
'ver': VER,
'sdk': SDK,
'pltfm': PLTFM,
'min': MIN,
'bin_anal': BIN_ANAL,
'libs': LIBS,
'files': FILES,
'file_analysis': SFILES,
'strings': STRINGS,
}
template = "static_analysis/ios_binary_analysis.html"
return render(request, template, context)
elif TYP == 'ios':
DB = StaticAnalyzerIOSZIP.objects.filter(MD5=MD5)
if DB.exists() and RESCAN == '0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': DB[0].TITLE,
'name': DB[0].APPNAMEX,
'size': DB[0].SIZE,
'md5': DB[0].MD5,
'sha1': DB[0].SHA1,
'sha256': DB[0].SHA256,
'plist': DB[0].INFOPLIST,
'bin_name': DB[0].BINNAME,
'id': DB[0].IDF,
'ver': DB[0].VERSION,
'sdk': DB[0].SDK,
'pltfm': DB[0].PLTFM,
'min': DB[0].MINX,
'bin_anal': DB[0].BIN_ANAL,
'libs': DB[0].LIBS,
'files': python_list(DB[0].FILES),
'file_analysis': DB[0].SFILESX,
'api': DB[0].HTML,
'insecure': DB[0].CODEANAL,
'urls': DB[0].URLnFile,
'domains': python_dict(DB[0].DOMAINS),
'emails': DB[0].EmailnFile,
'strings': DB[0].STRINGS
}
else:
print "[INFO] iOS Source Code Analysis Started"
APP_FILE = MD5 + '.zip' # NEW FILENAME
APP_PATH = APP_DIR + APP_FILE # APP PATH
# ANALYSIS BEGINS - Already Unzipped
print "[INFO] ZIP Already Extracted"
SIZE = str(FileSize(APP_PATH)) + 'MB' # FILE SIZE
SHA1, SHA256 = HashGen(APP_PATH) # SHA1 & SHA256 HASHES
FILES, SFILES = iOS_ListFiles(APP_DIR, MD5, False, 'ios')
HTML, CODEANAL, URLnFile, DOMAINS, EmailnFile, INFO_PLIST, BIN_NAME, ID, VER, SDK, PLTFM, MIN = iOS_Source_Analysis(
APP_DIR, MD5)
LIBS, BIN_ANAL = '', ''
# Saving to DB
print "\n[INFO] Connecting to DB"
if RESCAN == '1':
print "\n[INFO] Updating Database..."
StaticAnalyzerIOSZIP.objects.filter(MD5=MD5).update(
TITLE='Static Analysis',
APPNAMEX=APP_NAME,
SIZE=SIZE,
MD5=MD5,
SHA1=SHA1,
SHA256=SHA256,
INFOPLIST=INFO_PLIST,
BINNAME=BIN_NAME,
IDF=ID,
VERSION=VER,
SDK=SDK,
PLTFM=PLTFM,
MINX=MIN,
BIN_ANAL=BIN_ANAL,
LIBS=LIBS,
FILES=FILES,
SFILESX=SFILES,
HTML=HTML,
CODEANAL=CODEANAL,
URLnFile=URLnFile,
DOMAINS=DOMAINS,
EmailnFile=EmailnFile)
elif RESCAN == '0':
print "\n[INFO] Saving to Database"
STATIC_DB = StaticAnalyzerIOSZIP(
TITLE='Static Analysis',
APPNAMEX=APP_NAME,
SIZE=SIZE,
MD5=MD5,
SHA1=SHA1,
SHA256=SHA256,
INFOPLIST=INFO_PLIST,
BINNAME=BIN_NAME,
IDF=ID,
VERSION=VER,
SDK=SDK,
PLTFM=PLTFM,
MINX=MIN,
BIN_ANAL=BIN_ANAL,
LIBS=LIBS,
FILES=FILES,
SFILESX=SFILES,
HTML=HTML,
CODEANAL=CODEANAL,
URLnFile=URLnFile,
DOMAINS=DOMAINS,
EmailnFile=EmailnFile)
STATIC_DB.save()
context = {
'title': 'Static Analysis',
'name': APP_NAME,
'size': SIZE,
'md5': MD5,
'sha1': SHA1,
'sha256': SHA256,
'plist': INFO_PLIST,
'bin_name': BIN_NAME,
'id': ID,
'ver': VER,
'sdk': SDK,
'pltfm': PLTFM,
'min': MIN,
'bin_anal': BIN_ANAL,
'libs': LIBS,
'files': FILES,
'file_analysis': SFILES,
'api': HTML,
'insecure': CODEANAL,
'urls': URLnFile,
'domains': DOMAINS,
'emails': EmailnFile
}
template = "static_analysis/ios_source_analysis.html"
return render(request, template, context)
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except Exception as exp:
PrintException("[ERROR] Static Analyzer iOS")
context = {'title': 'Error', 'exp': exp.message, 'doc': exp.__doc__}
template = "general/error.html"
return render(request, template, context)