#!/usr/bin/env python
import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.core.bytecodes import dvm
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS( TEST )
x = analysis.VMAnalysis( a.get_vm() )
# CFG
for method in a.get_methods():
g = x.get_method( method )
# Display only methods with exceptions
if method.get_code() == None:
continue
if method.get_code().tries_size <= 0:
continue
print method.get_class_name(), method.get_name(), method.get_descriptor(), method.get_code().get_length(), method.get_code().registers_size
idx = 0
# write app infomation
fileUtils.write_app_info_to_file(appName, file_obj);
fileUtils.write_app_activities_to_file(appName, file_obj);
fileUtils.write_app_permissions_to_file(appName, file_obj);
fileUtils.write_all_permissions_to_file(appName, file_obj);
fileUtils.write_permissions_analysis_to_file(appName, file_obj);
fileUtils.write_sensitive_apis_to_file(appName, file_obj);
file_obj.close()
# -- comment -- create database with name is the name of the input file --
#createDatabase(analysis_init_default_value.APP_NAME)
a = AndroguardS( TEST )
x = analysis.uVMAnalysis( a.get_vm() )
#print a.get_vm().get_strings()
print a.get_vm().get_regex_strings( "access" )
print a.get_vm().get_regex_strings( "(long).*2" )
print a.get_vm().get_regex_strings( ".*(t\_t).*" )
classes = a.get_vm().get_classes_names()
vm = a.get_vm()
display_STRINGS( vm, x, classes )
#display_PERMISSION( vm, x, classes )
#display_PACKAGES( vm, x, classes )
# --- comment: This function cannot run if no activities have define in db
#display_Activities()
#!/usr/bin/env python
import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS( TEST )
x = analysis.VMAnalysis( a.get_vm() )
for method in a.get_methods() :
g = x.get_method( method )
if method.get_code() == None :
continue
idx = 0
for i in g.basic_blocks.get() :
for ins in i.get_instructions() :
op_value = ins.get_op_value()
# packed/sparse
if op_value == 0x2b or op_value == 0x2c :
special_ins = i.get_special_ins(idx)
if special_ins != None :
print "\t %x" % idx, ins, special_ins, ins.get_name(), ins.get_output(), special_ins.get_values()
#!/usr/bin/env python
import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS(TEST)
x = analysis.VMAnalysis(a.get_vm())
for method in a.get_methods():
g = x.get_method(method)
if method.get_code() == None:
continue
idx = 0
for i in g.basic_blocks.get():
for ins in i.get_instructions():
op_value = ins.get_op_value()
# packed/sparse
if op_value == 0x2b or op_value == 0x2c:
special_ins = i.get_special_ins(idx)
if special_ins != None:
print "\t %x" % idx, ins, special_ins, ins.get_name(
print("Search method", package_name, method_name, descriptor)
analysis.show_Paths( a, x.get_tainted_packages().search_methods( package_name, method_name, descriptor) )
def display_PERMISSION(a, x, classes):
# Show methods used by permission
perms_access = x.get_tainted_packages().get_permissions( [] )
for perm in perms_access:
print("PERM : ", perm)
analysis.show_Paths( a, perms_access[ perm ] )
def display_OBJECT_CREATED(a, x, class_name):
print("Search object", class_name)
analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ) )
a = AndroguardS( TEST )
x = analysis.uVMAnalysis( a.get_vm() )
#print a.get_vm().get_strings()
print(a.get_vm().get_regex_strings( "access" ))
print(a.get_vm().get_regex_strings( "(long).*2" ))
print(a.get_vm().get_regex_strings( ".*(t\_t).*" ))
classes = a.get_vm().get_classes_names()
vm = a.get_vm()
display_CFG( a, x, classes )
display_STRINGS( vm, x, classes )
display_FIELDS( vm, x, classes )
display_PACKAGES( vm, x, classes )
display_PACKAGES_IE( vm, x, classes )
display_PACKAGES_II( vm, x, classes )
#!/usr/bin/env python
import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.core.bytecodes import dvm
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS(TEST)
x = analysis.VMAnalysis(a.get_vm())
# CFG
for method in a.get_methods():
g = x.get_method(method)
# Display only methods with exceptions
if method.get_code() == None:
continue
if method.get_code().tries_size <= 0:
continue
print method.get_class_name(), method.get_name(), method.get_descriptor(
), method.get_code().get_length(), method.get_code().registers_size
idx = 0
class AssDexAnalysis(AssModule):
def init(self, argv):
super(AssDexAnalysis, self).init(argv)
self.analysis_apk(self.apk_file)
def analysis_apk(self, apkpath):#apk dex analysis
self.a = AndroguardS(apkpath)
self.x = analysis.VMAnalysis(self.a.get_vm())
self.classes = self.a.get_vm().get_classes_names()
def search_method_withparams(self, class_name, method_namelist, descriptor, param_list):#search a method that have params
pathdic = {}
for method_name in method_namelist:
paths = analysis.get_Paths(self.a, self.x.get_tainted_packages().search_methods( class_name, method_name, descriptor))
for path in paths:
pathset = path['src'].split(' ', 2)
method_class_set = self.a.get_vm().get_methods_class(pathset[0])
for method in method_class_set:
if method.get_name() == pathset[1] and method.get_descriptor() == pathset[2]:
code = method.get_code()
if code == None:
continue
bc = code.get_bc()
instructions = [i for i in bc.get_instructions()]
for instruction in instructions:
if self.check_params(instruction, param_list):
pathdic[pathset[0][:-1]] = pathset[0][:-1] + "/" + pathset[1]
return pathdic.values()
def check_params(self, instruction, param_list):#match the param
if isinstance(instruction,Instruction21c) and instruction.get_op_value()==0x1A:
outputset = instruction.get_output(-1)
for listItem in param_list:
if listItem in outputset:
return True
return False
def search_method_noparams(self, class_name, method_namelist, descriptor):#search a method that have no param
pathdic = {}
for method_name in method_namelist:
#print "search method", package_name, method_name, descriptor
#analysis.show_Paths(self.a, self.x.get_tainted_packages().search_methods( package_name, method_name, descriptor) )
paths = analysis.get_Paths(self.a, self.x.get_tainted_packages().search_methods( class_name, method_name, descriptor))
# for path in paths:
# pathset = path['src'].split(' ')
# if class_name == pathset[0][0:-1]:
# pathdic[pathset[0][:-1]] = pathset[0][:-1] + "/" + pathset[1]
# elif class_name == "all":
# pathdic[pathset[0][:-1]] = pathset[0][:-1] + "/" + pathset[1]
# else:
# continue
for path in paths:
pathset = path['src'].split(' ')
pathdic[pathset[0][:-1]] = pathset[0][:-1] + "/" + pathset[1]
return pathdic.values()
def search_str(self,stringItem):#search all strings
for s, _ in self.x.get_tainted_variables().get_strings():
if stringItem == _:
return s.get_paths()
return None
def match_str(self,keywordlist):#match the specific string
strDict = {}
for keyword in keywordlist:
stringset = self.a.get_vm().get_regex_strings(keyword)
for stringsetItem in stringset:
pathInfo = self.search_str(stringsetItem)
if pathInfo == None:
continue
strDict[stringsetItem] = []
for path in pathInfo:
access, idx = path[0]
m_idx = path[1]
method = self.a.get_vm().get_cm_method(m_idx)
strDict[stringsetItem].append("{:s}->{:s} {:s}".format(method[0], method[1], method[2][0] + method[2][1]))
vadlist = []
for va in strDict.values():
vadlist.extend(va)
return vadlist
def run(self):
print "dex analysis begin"
super(AssDexAnalysis, self).run()
for keyworddict in keyword_list:
print keyworddict['id']
riskdic = {"strrisk":[], "methNoParam":[], "methWithParam":[]}
n = 1
for type in keyworddict['type']:
pkey = 'key'
pclass = 'class'
pparam = 'param'
if type == '0':
strkey = keyworddict[ pkey + str(n) ]
riskdic["strrisk"].extend(self.match_str(strkey))
n = n + 1
elif type == '1':
methnokey = keyworddict[ pkey + str(n) ]
methnoclass = keyworddict[ pclass + str(n) ]
riskdic["methNoParam"].extend(self.search_method_noparams(methnoclass, methnokey, "."))
n = n + 1
else:
methwithkey = keyworddict[ pkey + str(n) ]
methwithclass = keyworddict[ pclass + str(n) ]
methwithparam = keyworddict[ pparam + str(n) ]
riskdic["methWithParam"].extend(self.search_method_withparams(methwithclass, methwithkey, ".", methwithparam))
n = n + 1
flag = self.judge_rule(riskdic, "or" , keyworddict['type'])
if keyworddict.has_key('not'):
flag = not flag
if flag:
account,riskString = self.convertDictToStr(riskdic)
#self.report.setItem(keyworddict['id'], self.convertDictToStr(riskdic))
self.report.setItem(keyworddict['id'], riskString,account)
print "dex analysis end"
def convertDictToStr(self, dict):
num = 0
Tostr = ""
if dict["strrisk"] != None and len(dict["strrisk"]) != 0:
for i in dict["strrisk"]:
print "**************************************************"
print type(i)
Tostr += (i + "\n")
num += len(dict["strrisk"])
print num
if dict["methNoParam"] != None and len(dict["methNoParam"]) != 0:
for i in dict["methNoParam"]:
print "**************************************************"
print type(i)
Tostr += (i + "\n")
num += len(dict["methNoParam"])
print num
if dict["methWithParam"] != None and len(dict["methWithParam"]) != 0:
for i in dict["methWithParam"]:
print "**************************************************"
print type(i)
Tostr += (i + "\n")
num += len(dict["methWithParam"])
print num
print num
restr = "风险数量:"+ str(num) + "\n" + Tostr
return (num,restr)
#return restr
#return Tostr
def judge_rule(self, dic , rule , type):
b1 = b2 = b3 = 0
if "0" in type:
if dic.has_key("strrisk") and len(dic["strrisk"]) == 0 :
b1 = -1 # no risk
else:
b1 = 1 #exist risk
if "1" in type:
if dic.has_key("methNoParam") and len(dic["methNoParam"]) == 0:
b2 = -1
else:
b2 = 1
if "2" in type:
if dic.has_key("methWithParam") and len(dic["methWithParam"]) == 0:
b3 = -1
else:
b3 = 1
if rule == "or":
return b1 > 0 or b2 > 0 or b3 > 0
