dex_file.close()
#smali_jar = os.path.join(working_dir, "smali", "smali.jar")
#baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar")
smali_jar = os.path.join(working_dir, "smali", "smali-1.4.1.jar")
baksmali_jar = os.path.join(working_dir, "smali", "baksmali-1.4.1.jar")
cert_path = os.path.join(working_dir, "config", "cert", "apkil.cert")
call(args=['java', '-jar', baksmali_jar,
'-b', '-o', smalidir, dexpath])
s = smali.SmaliTree(level, smalidir)
s = mo.inject(s, level)
s.save(new_smalidir)
print "\n[Create new dex file]"
print "java -jar " + smali_jar + " -a %d" % level + " -o " + new_dexpath + " " + new_smalidir
call(args=['java', '-jar', smali_jar,
'-a', str(level), '-o', new_dexpath, new_smalidir])
new_dex = open(new_dexpath).read();
a.new_zip(filename=new_apk,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk(new_apk, cert_path, "apkil", "apkilapkil" )
print "\n[Instrumented apk]\n%s" % new_apk
#print "\n[Install new apk]"
#os.system("./install.script " + new_apk)
print "ORIG : "
print hexdump(b1[j - 8: j + 8], off=j-8) + "\n"
print "NEW : "
print hexdump(b2[j - 8: j + 8], off=j-8) + "\n"
j += 1
print "OK"
#TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk"
TEST = "apks/malwares/smszombie/40F3F16742CD8AC8598BF859A23AC290.apk"
FILENAME = "./toto.apk"
androconf.set_debug()
a = apk.APK( TEST )
j = dvm.DalvikVMFormat( a.get_dex() )
x = analysis.VMAnalysis( j )
m = MDalvikVMFormat(j, x)
print j, x, m
new_dex = m.test_save()
a.new_zip( filename=FILENAME,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk( FILENAME, "./keystore/keystore1", "tototo" )
) == "Lre/androguard/android/invalid/MainActivity;":
#if i.get_name() == "testStrings":
# instructions = [ins for ins in i.get_instructions()]
# instructions[0].BBBB = 10000
# i.set_instructions(instructions)
if i.get_name() == "testInstances":
instructions = [ins for ins in i.get_instructions()]
instructions[0].BBBB = 0x4141
i.set_instructions(instructions)
FILENAME_INPUT = "./examples/android/Invalid/Invalid.apk"
FILENAME_OUTPUT = "./toto.apk"
androconf.set_debug()
a = apk.APK(FILENAME_INPUT)
vm = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.VMAnalysis(vm)
patch_dex(vm)
new_dex = vm.save()
a.new_zip(filename=FILENAME_OUTPUT,
deleted_files="(META-INF/.)",
new_files={"classes.dex": new_dex})
# Please configure your keystore !! :) follow the tutorial on android website
apk.sign_apk(FILENAME_OUTPUT, "./keystore/keystore1", "tototo")
if (not args.level) or args.level[0] < min_version:
level = min_version
else:
level = args.level[0]
dex_file = open(dexpath, 'w')
dex_file.write(a.get_dex())
dex_file.close()
smali_jar = os.path.join(working_dir, "smali", "smali.jar")
baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar")
cert_path = os.path.join(working_dir, "config", "apkil.cert")
call(args=['java', '-jar', baksmali_jar, '-b', '-o', smalidir, dexpath])
s = smali.SmaliTree(level, smalidir)
s = mo.inject(s, level)
s.save(new_smalidir)
call(args=[
'java', '-jar', smali_jar, '-a',
str(level), '-o', new_dexpath, new_smalidir
])
new_dex = open(new_dexpath).read()
a.new_zip(filename=new_apk,
deleted_files="(META-INF/.)",
new_files={"classes.dex": new_dex})
apk.sign_apk(new_apk, cert_path, "apkil", "apkilapkil")
print "NEW APK: %s" % new_apk
print("BEGIN @ OFFSET 0x%x" % j)
print("ORIG : ")
print(hexdump(b1[j - 8:j + 8], off=j - 8) + "\n")
print("NEW : ")
print(hexdump(b2[j - 8:j + 8], off=j - 8) + "\n")
j += 1
print("OK")
#TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk"
TEST = "apks/malwares/smszombie/40F3F16742CD8AC8598BF859A23AC290.apk"
FILENAME = "./toto.apk"
androconf.set_debug()
a = apk.APK(TEST)
j = dvm.DalvikVMFormat(a.get_dex())
x = analysis.VMAnalysis(j)
m = MDalvikVMFormat(j, x)
print(j, x, m)
new_dex = m.test_save()
a.new_zip(filename=FILENAME,
deleted_files="(META-INF/.)",
new_files={"classes.dex": new_dex})
apk.sign_apk(FILENAME, "./keystore/keystore1", "tototo")
def instrument(filename, hooks):
"""
Instruments API calls with an "Injector" and repackages the modified App
@param filename: str indicating the full path to the APK file to instrument
@param hooks: annotation object from dftest, indicating code locations to instrument
"""
print "Instrumenting %s" % filename
root_name, _ = os.path.splitext(filename)
# APK gives access to the resources of an apk file
a = apk.APK(filename)
api_config = default_api
db_path = os.path.join(working_dir, "androidlib")
mo = injector.injection.Injector(db_path, config=api_config)
new_apk = os.path.join(outdir, os.path.split(root_name)[1] + "_new.apk")
if os.path.exists(outdir):
shutil.rmtree(outdir)
os.makedirs(outdir)
dexpath = os.path.join(outdir, "origin.dex")
smalidir = os.path.join(outdir, "origin_smali")
new_dexpath = os.path.join(outdir, "new.dex")
new_smalidir = os.path.join(outdir, "new_smali")
level = 8
min_version = level
target_version = level
if a.get_min_sdk_version():
min_version = int(a.get_min_sdk_version())
print "min_sdk_version=%d" % min_version
level = min_version
if a.get_target_sdk_version():
target_version = int(a.get_target_sdk_version())
print "target_sdk_version=%d" % target_version
# Configuration of smali and the certificate required for signing the repackaged APK
smali_jar = os.path.join(working_dir, "smali", "smali.jar")
baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar")
cert_path = os.path.join(working_dir, "config", "apkil.cert")
# Extract dex (bytecode) file from apk
dex_file = open(dexpath, "w")
dex_file.write(a.get_dex())
dex_file.close()
# call smali and write result to outdir
print "Applying baksmali, writing to %s" % outdir
call(args=["java", "-jar", baksmali_jar, "-b", "-o", smalidir, dexpath])
s = injector.smali.SmaliTree(level, smalidir)
# Instrument smali code
print "Injecting code, writing to %s" % new_smalidir
s = mo.inject(s, level, hooks)
s.save(new_smalidir)
# Compile smali code to bytecode again
print "Applying smali, writing to %s" % new_dexpath
call(args=["java", "-jar", smali_jar, "-a", str(level), "-o", new_dexpath, new_smalidir])
# Create new APK with modified classes.dex file
print "Re-Package modified classes.dex into %s" % new_apk
new_dex = open(new_dexpath).read()
a.new_zip(filename=new_apk, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex})
# Finally sign the apk again
print "Signing the new apk with cert from %s" % cert_path
apk.sign_apk(new_apk, cert_path, "apkilapkil", "apkil")
print "DONE. Have fun with %s" % new_apk
for i in m.get_methods():
if i.get_class_name() == "Lre/androguard/android/invalid/MainActivity;":
#if i.get_name() == "testStrings":
# instructions = [ins for ins in i.get_instructions()]
# instructions[0].BBBB = 10000
# i.set_instructions(instructions)
if i.get_name() == "testInstances":
instructions = [ins for ins in i.get_instructions()]
instructions[0].BBBB = 0x4141
i.set_instructions(instructions)
FILENAME_INPUT = "./examples/android/Invalid/Invalid.apk"
FILENAME_OUTPUT = "./toto.apk"
androconf.set_debug()
a = apk.APK(FILENAME_INPUT)
vm = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.VMAnalysis(vm)
patch_dex(vm)
new_dex = vm.save()
a.new_zip(filename=FILENAME_OUTPUT,
deleted_files="(META-INF/.)",
new_files={"classes.dex": new_dex})
# Please configure your keystore !! :) follow the tutorial on android website
apk.sign_apk(FILENAME_OUTPUT, "./keystore/keystore1", "tototo")
call(args=["ant", "debug", "-buildfile", \
os.path.join(EXPORT_FOLDER, "build.xml")])
sys.exit(0)
dex_file_path = os.path.join(EXPORT_FOLDER, "bin", "classes.dex")
MONITOR_SMALI = "examples/APIMonitor/smali"
call(args=['baksmali', '-b', '-o', MONITOR_SMALI, dex_file_path])
m_s = smali.SmaliTree(MONITOR_SMALI)
for api in API_LIST:
insns = s.get_insn35c("invoke-virtual", api)
for i in insns:
i.obj.replace("invoke-static", m.method_map[api])
for c in m.get_class_descs():
s.add_class(m_s.get_class(c))
s.save(NEW_OUT)
call(args=['smali', '-a', '6', '-o', NEW_DEX, NEW_OUT])
new_dex = open(NEW_DEX).read();
a.new_zip(filename=NEW_APK,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk( NEW_APK, \
"/Users/kelwin/Dropbox/Backup/androguard", "apkil", "apkilapkil" )
"Landroid/net/Uri;->parse(Ljava/lang/String;)", \
"Landroid/content/Intent;-><init>(Ljava/lang/String;)", \
"Landroid/content/ContextWrapper;->openFileOutput(Ljava/lang/String;I)", \
"Ljava/io/OutputStreamWriter;->write(Ljava/lang/String;)", \
"Lapkil/tests/APKIL;->openFileInput(Ljava/lang/String;)",
"Ljava/io/BufferedReader;->readLine()Ljava/lang/String;", \
"Landroid/telephony/SmsManager;->sendTextMessage(\
Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;\
Landroid/app/PendingIntent;Landroid/app/PendingIntent;)" , \
"Landroid/content/pm/PackageManager;->getInstalledApplications(I)",
]
mo = monitor.APIMonitor(db_path, API_LIST)
API_CONFIG = "config/default_api_collection"
mo = monitor.APIMonitor(db_path, config=API_CONFIG)
s = mo.inject(s, min_version)
s.save(NEW_OUT)
call(args=[
'java', '-jar', 'smali/smali.jar', '-a',
str(min_version), '-o', NEW_DEX, NEW_OUT
])
new_dex = open(NEW_DEX).read()
a.new_zip(filename=NEW_APK,
deleted_files="(META-INF/.)",
new_files={"classes.dex": new_dex})
apk.sign_apk( NEW_APK, \
"config/apkil.cert", "apkil", "apkilapkil" )
a = apk.APK(APK)
dex_file = open(DEX, 'w')
dex_file.write(a.get_dex())
dex_file.close()
call(args=['baksmali', '-b', '-o', SMALI_DIR, DEX])
s = smali.SmaliTree(SMALI_DIR)
api_list = []
perms = a.get_permissions()
for p in perms:
print p
if API_BY_PERMISSION.has_key(p):
for ml in API_BY_PERMISSION[p].values():
api_list.extend(ml)
mo = monitor.APIMonitor(api_list)
s = mo.inject(s)
s.save(NEW_OUT)
call(args=['smali', '-a', '7', '-o', NEW_DEX, NEW_OUT])
new_dex = open(NEW_DEX).read();
a.new_zip(filename=NEW_APK,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk( NEW_APK, \
"/Users/kelwin/Dropbox/Backup/apkil", "apkil", "apkilapkil" )
API_LIST = [ \
"Landroid/net/Uri;->parse(Ljava/lang/String;)", \
"Landroid/content/Intent;-><init>(Ljava/lang/String;)", \
"Landroid/content/ContextWrapper;->openFileOutput(Ljava/lang/String;I)", \
"Ljava/io/OutputStreamWriter;->write(Ljava/lang/String;)", \
"Lapkil/tests/APKIL;->openFileInput(Ljava/lang/String;)",
"Ljava/io/BufferedReader;->readLine()Ljava/lang/String;", \
"Landroid/telephony/SmsManager;->sendTextMessage(\
Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;\
Landroid/app/PendingIntent;Landroid/app/PendingIntent;)", \
"Landroid/content/pm/PackageManager;->getInstalledApplications(I)",
]
mo = monitor.APIMonitor(db_path, API_LIST)
API_CONFIG = "config/default_api_collection"
mo = monitor.APIMonitor(db_path, config=API_CONFIG)
s = mo.inject(s, min_version)
s.save(NEW_OUT)
call(args=['java', '-jar', 'smali/smali.jar', '-a', str(min_version), '-o', NEW_DEX, NEW_OUT])
new_dex = open(NEW_DEX).read();
a.new_zip(filename=NEW_APK,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk( NEW_APK, \
"config/apkil.cert", "apkil", "apkilapkil" )
call(args=["ant", "debug", "-buildfile", \
os.path.join(EXPORT_FOLDER, "build.xml")])
sys.exit(0)
dex_file_path = os.path.join(EXPORT_FOLDER, "bin", "classes.dex")
MONITOR_SMALI = "examples/APIMonitor/smali"
call(args=['baksmali', '-b', '-o', MONITOR_SMALI, dex_file_path])
m_s = smali.SmaliTree(MONITOR_SMALI)
for api in API_LIST:
insns = s.get_insn35c("invoke-virtual", api)
for i in insns:
i.obj.replace("invoke-static", m.method_map[api])
for c in m.get_class_descs():
s.add_class(m_s.get_class(c))
s.save(NEW_OUT)
call(args=['smali', '-a', '6', '-o', NEW_DEX, NEW_OUT])
new_dex = open(NEW_DEX).read();
a.new_zip(filename=NEW_APK,
deleted_files="(META-INF/.)", new_files = {
"classes.dex" : new_dex } )
apk.sign_apk( NEW_APK, \
"/Users/kelwin/Dropbox/Backup/androguard", "androguard", "haimen!!" )
