def analyze_apk(self, data):
'''
start analyzing apk logic (r2p timeout = 10) for all dex files
add description to strings, get words and wordsstripped from the packed files
'''
data["APK"] = {
"General": {},
"Permissions": [],
"_General": {},
"_Permissions": ["Permission", "Description"]
}
for index, item in enumerate(data["Packed"]["Files"]):
if item["Name"].lower() == "androidmanifest.xml":
#self.readpepackage(v["Path"])
data["APK"]["Permissions"] = self.read_permissions(
data, item["Path"])
if "classes" in item["Name"].lower() and item["Name"].lower(
).endswith(".dex"):
r2p = r2open(item["Path"], flags=['-2'])
r2p.cmd("e anal.timeout = 5")
r2p.cmd("aaaa;")
self.dex_wrapper(data, r2p, 'APK_DEX_{}'.format(index))
add_description("AndroidPermissions", data["APK"]["Permissions"],
"Permission")
get_words_multi_files(data, data["Packed"]["Files"])
r2p.quit()
def check_sig(self, data):
'''
start unknown files logic, this file is not detected by otehr modules
if file is archive, then unpack and get words, wordsstripped otherwise
get words, wordsstripped from the file only
'''
if data["Details"]["Properties"]["mime"] == "application/java-archive" or \
data["Details"]["Properties"]["mime"] == "application/zip" or \
data["Details"]["Properties"]["mime"] == "application/zlib":
unpack_file(data, data["Location"]["File"])
get_words_multi_files(data, data["Packed"]["Files"])
else:
get_words(data, data["Location"]["File"])
def analyze(self, data):
'''
start analyzing office logic, get office meta informations add description
to strings, get words and wordsstripped from the packed files
'''
data["Office"] = deepcopy(self.datastruct)
data["Office"]["General"] = self.office_meta_info(data)
data["Office"]["Text"] = self.extract_text(data)
data["Office"]["DDE"] = self.extract_dde(data)
data["Office"]["Macro"] = self.extract_macros(data["Location"]["File"])
data["Office"].update(self.office_analysis(data))
self.office_read_bin(data)
get_words_multi_files(data, data["Packed"]["Files"])
def analyze_dmg(self, data):
'''
start analyzing dmg file, loop over packed file and extract info.plist and shells
'''
data["DMG"] = {"General": {}, "_General": {}}
for i, v in enumerate(data["Packed"]["Files"]):
if v["Path"].lower().endswith("info.plist"):
data["DMG"]["General"] = self.get_plist(v["Path"])
break
for i, v in enumerate(data["Packed"]["Files"]):
if v["Type"] == "text/x-shellscript":
k = 'DMG_Shellscript_{}'.format(i)
data[k] = {"Shell": "", "_Shell": ""}
data[k]["Shell"] = open(v["Path"], "r").read()
get_words_multi_files(data, data["Packed"]["Files"])
def analyze_apk(self, data):
'''
start analyzing apk logic (r2p timeout = 10) for all dex files
add description to strings, get words and wordsstripped from the packed files
'''
data["APK"] = {
"General": {},
"Permissions": [],
"_General": {},
"_Permissions": ["Permission", "Description"]
}
for i, v in enumerate(data["Packed"]["Files"]):
if v["Name"].lower() == "androidmanifest.xml":
#self.readpepackage(v["Path"])
data["APK"]["Permissions"] = self.read_permissions(
data, v["Path"])
if "classes" in v["Name"].lower() and v["Name"].lower().endswith(
".dex"):
r2p = r2open(v["Path"], flags=['-2'])
r2p.cmd("e anal.timeout = 5")
r2p.cmd("aaaa;")
k = 'APK_DEX_{}'.format(i)
data[k] = {
"Classes": [],
"Externals": [],
"Symbols": [],
"Bigfunctions": [],
"Suspicious": [],
"_Classes": ["Type", "Name"],
"_Externals": ["Type", "Name"],
"_Symbols": ["Type", "Address", "X", "Name"],
"_Bigfunctions": ["Size", "Name"],
"_Suspicious": ["Location", "Function", "Xrefs"]
}
data[k]["Classes"] = self.get_all_classes(r2p)
data[k]["Externals"] = self.get_all_externals(r2p)
data[k]["Symbols"] = self.get_all_symbols(r2p)
data[k]["Bigfunctions"] = self.big_functions(r2p)
data[k]["Suspicious"] = self.check_sus(r2p)
add_description("AndroidPermissions", data["APK"]["Permissions"],
"Permission")
get_words_multi_files(data, data["Packed"]["Files"])
#future plan; force closing - try,except
r2p.quit()