def export_apps_to_format(a, output, dot=None, _format=None):
output_name = output
if output_name[-1] != "/":
output_name = output_name + "/"
for vm in a.get_vms():
x = analysis.VMAnalysis(vm)
for method in vm.get_methods():
filename = output_name + valid_class_name(method.get_class_name())
if filename[-1] != "/":
filename = filename + "/"
descriptor = method.get_descriptor()
descriptor = descriptor.replace(";", "")
descriptor = descriptor.replace(" ", "")
descriptor = descriptor.replace("(", "-")
descriptor = descriptor.replace(")", "-")
descriptor = descriptor.replace("/", "_")
filename = filename + method.get_name() + descriptor
buff = method2dot(x.get_method(method))
if dot:
fd = open(filename + ".dot", "w")
fd.write(buff)
fd.close()
if _format:
method2format(filename + "." + _format, _format, raw=buff)
def __init__(self, name):
vm = androguard.AndroguardS(name)
self.vm = vm.get_vm()
self.bca = analysis.VMAnalysis(self.vm)
ldict = [(dvclass.get_name(), DvClass(dvclass, self.bca))
for dvclass in self.vm.get_classes()]
self.classes = dict(ldict)
Util.merge_inner(self.classes)
def export_apps_to_xgmml( input, output, fcg, efcg ) :
a = androguard.Androguard( [ input ] )
fd = open(output, "w")
fd.write("<?xml version='1.0'?>\n")
fd.write("<graph label=\"Androguard XGMML %s\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:ns1=\"http://www.w3.org/1999/xlink\" xmlns:dc=\"http://purl.org/dc/elements/1.1/\" xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\" xmlns=\"http://www.cs.rpi.edu/XGMML\" directed=\"1\">\n" % (os.path.basename(input)))
for vm in a.get_vms() :
x = analysis.VMAnalysis( vm )
# CFG
for method in vm.get_methods() :
g = x.hmethods[ method ]
export_xgmml_cfg(g, fd)
if fcg :
export_xgmml_fcg(vm, x, fd)
if efcg :
export_xgmml_efcg(vm, x, fd)
fd.write("</graph>")
fd.close()
if __name__ == "__main__":
# a = apk.APK( PATH_INSTALL + "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" )
# a = apk.APK( PATH_INSTALL + "apks/drweb-600-android-beta.apk" )
# a = apk.APK( PATH_INSTALL + "debug/062d5e38dc4618a8b1c6bf3587dc2016a3a3db146aea0d82cc227a18ca21ad13")
a = apk.APK(PATH_INSTALL + "apks/malwares/kungfu/sample2.apk")
t1 = time.time()
if len(sys.argv) > 1:
d = dvm.DalvikVMFormat(a.get_dex(), engine=["python"])
else:
d = dvm.DalvikVMFormat(a.get_dex())
t2 = time.time()
x = analysis.VMAnalysis(d)
t3 = time.time()
print('-> %0.8f %0.8f %0.8f' % ((t2 - t1, t3 - t2, t3 - t1)))
sys.exit(0)
for method in d.get_methods():
print(method.get_class_name(), method.get_name(),
method.get_descriptor())
code = method.get_code()
if code == None:
continue
bc = code.get_bc()
#!/usr/bin/env python
import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL + "/core")
sys.path.append(PATH_INSTALL + "/core/bytecodes")
sys.path.append(PATH_INSTALL + "/core/analysis")
import jvm, analysis
TEST = "./examples/java/test/orig/Test1.class"
j = jvm.JVMFormat(open(TEST).read())
x = analysis.VMAnalysis(j)
# SHOW CLASS (verbose and pretty)
#j.pretty_show( x )
# SHOW METHODS
for i in j.get_methods():
print i
i.pretty_show(x)
import androguard, analysis
from analysis import *
TEST_CASE = "examples/android/TestsAndroguard/bin/classes.dex"
def test(got, expected):
if got == expected:
prefix = ' OK '
else:
prefix = ' X '
print '%s got: %s expected: %s' % (prefix, repr(got), repr(expected))
a = androguard.AndroguardS(TEST_CASE)
x = analysis.VMAnalysis(a.get_vm(), code_analysis=True)
for method in a.get_methods():
print method.get_class_name(), method.get_name(), method.get_descriptor()
print "-> : \t", x.get_method_signature(
method, predef_sign=SIGNATURE_L0_0).get_string()
print "-> : \t", x.get_method_signature(
method, predef_sign=SIGNATURE_L0_1).get_string()
print "-> : \t", x.get_method_signature(
method, predef_sign=SIGNATURE_L0_2).get_string()
print "-> : \t", x.get_method_signature(method, "L4", {
"L4": {
"arguments": ["Landroid"]
}
}).get_string()
print "-> : \t", x.get_method_signature(method, "L2").get_string()
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL + "./")
import androguard, analysis
#TEST = 'examples/java/test/orig/Test1.class'
#TEST = 'examples/java/Demo1/orig/DES.class'
#TEST = 'examples/java/Demo1/orig/Util.class'
#TEST = 'examples/android/Test/bin/classes.dex'
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
#TEST = 'examples/android/TC/bin/classes.dex'
#TEST = 'examples/android/Hello_Kitty/classes.dex'
a = androguard.AndroguardS(TEST)
x = analysis.VMAnalysis(a.get_vm())
# CFG
for method in a.get_methods():
g = x.hmethods[method]
print method.get_class_name(), method.get_name(), method.get_descriptor(
), method.get_code().get_length(), method.get_code(
).registers_size.get_value()
idx = 0
for i in g.basic_blocks.get():
print "\t %s %x %x" % (i.name, i.start, i.end), i.ins[-1].get_name(
), '[ CHILDS = ', ', '.join(
"%x-%x-%s" % (j[0], j[1], j[2].get_name())
for j in i.childs), ']', '[ FATHERS = ', ', '.join(
def analyze(self) :
self.__a = analysis.VMAnalysis( self.__bc, code_analysis=True )
r = r.next[0]
except ValueError :
break
print ret, l
if __name__ == "__main__" :
u = cdll.LoadLibrary( "./libsign.so")
u.add_sign.restype = c_int
u.entropy.restype = c_float
new_sign = u.init()
a = apk.APK( PATH_INSTALL + "apks/DroidDream/Magic Hypnotic Spiral.apk" )
vm = dvm.DalvikVMFormat( a.get_dex() )
vmx = analysis.VMAnalysis( vm )
n = 0
for s in NCD_SIGNATURES :
v = NCD_SIGNATURES[ s ]
m = vm.get_method_descriptor( v[0], v[1], v[2] )
entropies = create_entropies( vmx, m, u )
print m, entropies
value = vmx.get_method_signature(m, predef_sign = analysis.SIGNATURE_L0_0 ).get_string()
print "ADD NCD_SIGNATURE -->", u.add_sign( new_sign, n, 0, cast( value, c_void_p ), len( value ), addressof ( entropies ) )
n += 1
