def each(self, target):
self.results = dict()
try:
apk, vm, vm_analysis = AnalyzeAPK(target)
# First, get basic information about the APK
self.results['name'] = apk.get_app_name()
self.results['package'] = apk.get_package()
self.results['permissions'] = apk.get_permissions()
self.results['main_activity'] = apk.get_main_activity()
self.results['receivers'] = apk.get_receivers()
self.results['services'] = apk.get_services()
self.results['main_activity_content'] = vm.get_class("L{};".format(
self.results['main_activity']).replace('.', '/')).get_source()
except:
apk = None
vm, vm_analysis = AnalyzeDex(target)
self.results['dex'] = True
# Then, run all the APK Plugins in order to see if this is a known malware
for plugin in APKPlugin.__subclasses__():
plugin = plugin(target, apk, vm, vm_analysis)
plugin.apply(self)
return True
def each(self, target):
self.results = dict(name=None,
files=[],
package=None,
permissions=[],
declared_permissions=[],
main_activity=None,
activities=[],
receivers=[],
services=[],
manifest=None,
libraries=[],
main_activity_content=None,
internal_classes=[])
try:
apk, vm, vm_analysis = AnalyzeAPK(target)
# First, get basic information about the APK
self.results['name'] = apk.get_app_name()
self.results['files'] = apk.get_files_types()
self.results['package'] = apk.get_package()
self.results['permissions'] = apk.get_details_permissions()
self.results[
'declared_permissions'] = apk.get_declared_permissions_details(
)
self.results['main_activity'] = apk.get_main_activity()
self.results['activities'] = apk.get_activities()
self.results['receivers'] = apk.get_receivers()
self.results['services'] = apk.get_services()
self.results['manifest'] = apk.get_android_manifest_axml().get_xml(
)
self.results['libraries'] = list(apk.get_libraries())
self.results['main_activity_content'] = None
self.results['internal_classes'] = []
try:
self.results['main_activity_content'] = self.results[
'main_activity_content'] = vm[0].get_class(
"L{};".format(self.results['main_activity']).replace(
'.', '/')).get_source()
except:
self.log('error', traceback.print_exc())
try:
self.results['internal_classes'] = self._get_internal_classes(
vm_analysis)
self._store_internal_classes()
except:
self.log('error', traceback.print_exc())
# Then, run all the APK Plugins in order to see if this is a known malware
for plugin in APKPlugin.__subclasses__():
plugin = plugin(target, apk, vm, vm_analysis)
plugin.apply(self)
except:
self.log('error', traceback.print_exc())
return True
def analyze_app(apk_filename):
print("APK: %s" % apk_filename)
apk, d, dx = AnalyzeAPK(apk_filename)
app_name = apk.get_app_name()
components.goal1.main(apk, d[0], dx)
with open('goal2.csv', 'a') as csvfile:
writer = csv.writer(csvfile, quoting=csv.QUOTE_MINIMAL)
result = components.goal2.main(apk, d[0], dx)
result.insert(0, app_name)
writer.writerow(result)
with open('goal3.csv', 'a') as csvfile:
writer = csv.writer(csvfile, quoting=csv.QUOTE_MINIMAL)
result = components.goal3.main(apk, d[0], dx)
result.insert(0, app_name)
writer.writerow(result)
print("")
def get_prediction():
f_rep = [0] * 900
dat = flask.request.get_json()
name = dat['file_name']
with open(name, 'rb') as f:
b = f.read()
a, d, dx = AnalyzeAPK(b, raw = True)
perms = str(a.get_permissions())
perm_count = len(perms)
app_name = a.get_app_name()
perms = re.findall(r"(?=.)[A-Z|_]+(?=')", perms)
for p in perms:
if p in features:
f_rep[features.index(p)] = 1
xml = apk.APK(name).get_android_manifest_xml()
xml = tostring(xml, encoding = 'unicode')
intents = re.findall(r'(?<=<intent\-filter>)(.*?)(?=</intent\-filter>)',xml,re.DOTALL)
for intent in intents:
ints= (re.findall(r'(?<=\<action android:name=\")([^"]*)"',intent,re.DOTALL))
for a in ints:
if a in features:
f_rep[features.index(a)] = 1
classes = dx.get_external_classes()
class_count = len(classes)
for classObj in classes:
vmClass = str(classObj.get_vm_class())
if vmClass not in api_dang:
continue
vmMeth = classObj.get_methods()
for vmMethIter in vmMeth:
met = str(vmMethIter.method)
if met in features:
f_rep[features.index(met)] = 1
f_rep = np.array(f_rep)[np.newaxis, :]
pred = model.predict(f_rep)[0]
response = {"appName": app_name, "class": pred, "permCount": perm_count, "fileName": name, "classCount": class_count}
response = flask.jsonify(response)
return response
from androguard.misc import AnalyzeAPK
a, d, dx = AnalyzeAPK('Virus0e69af88dcbb469e30f16609b10c926c.apk')
app_name = a.get_app_name()
pkg = a.get_package()
aversion = a.get_androidversion_code()
print(app_name)
print(pkg)
print(aversion)
'''
Certificado
com.security.service
1
'''
args = parser.parse_args()
if not os.path.isfile(args.APK):
print("Invalid file path")
sys.exit(1)
ret_type = androconf.is_android(args.APK)
if ret_type != "APK":
print("Not an APK file")
sys.exit(1)
apk, dex, dexes = AnalyzeAPK(args.APK)
res = {
'app_name':
apk.get_app_name(),
'package_name':
apk.get_package(),
'providers':
apk.get_providers(),
'new_permissions':
extract_new_permissions(apk.get_permissions()),
'filters':
get_intent_filers(apk),
'certificate': {},
'wearable':
apk.is_wearable(),
'max_sdk_version': (apk.get_max_sdk_version()),
'min_sdk_version':
int(apk.get_min_sdk_version()),
'version_code':
def getname(path):
a, d, x = AnalyzeAPK(path)
return a.get_app_name()
print('The current folder is ' + folderName)
#打印第一层目录下所有文件和文件夹
for subfolder in subfolders:
print('SUBFOLDER OF ' + folderName + ': ' + subfolder)
#打印第二层目录下的所有文件和文件夹
for filename in filenames:
print('FILE INSIDE ' + folderName + ': ' + filename)
# cut_line=filename.find('_') #根据下划线截取病毒名称
# start_line_num=cut_line+1
#
# vir_name=filename[start_line_num:]
#通过androguard处理文件名,得到应用名称
try:
a, d, x = AnalyzeAPK(path + '\\' + filename)
deal_name = a.get_app_name()
print("文件名称为" + filename)
list_name.append(filename)
print("处理后的APK文件名为" + deal_name)
list_deal_APK_name.append(a.get_app_name())
except:
print("something wrong with this APK" + filename)
#获得文件的大小
# fsize = os.path.getsize('G:\\MutiSample\\'+list_muti+'\\'+filename)
# fsize = fsize / float(1024 * 1024)
# filesize=round(fsize, 2)
# print("文件大小为" + str(filesize)+'MB')
# list_size.append(filesize)
count = count + 1
list_file_tag.append(list_muti)
class AnalyseApkCrypto:
""" Analyse an APK.
Accessible attributes:
app_name: str
App name of the APK.
package_name: str
Package name of the APK.
classes_with_crypto: dict[str, dict[str, MethInfo]]
The keys are crypto names, the values are dictionaries,
whose keys are method names, values are MethInfo objects.
Only classes or methods that contains crypto names are included.
elf_analyse_result: list[ApkElfAnalyseResult]
A list of ApkElfAnalyseResult
"""
def __init__(self, filename):
self.a, self.d, self.dx = AnalyzeAPK(filename)
self.classes_with_crypto = {}
self.elf_analyse_result, self.pack_elf = analyse_apk_elf(self.a.zip)
self.package_name = self.a.get_package()
self.method_cnt = len(list(self.dx.get_methods()))
self.class_cnt = len(list(self.dx.get_classes()))
self.elf_cnt = len(self.elf_analyse_result)
try:
self.app_name = self.a.get_app_name()
except:
# If we can't get app name, use package name instead
logger.warning(
'Failed to get app name, using package name instead.')
self.app_name = self.package_name
self._get_classes_with_crypto()
self._get_classes_with_crypto_strings()
def _get_classes_methods(self):
results = {}
classes = self.dx.get_classes()
for c in classes:
results[c.name] = []
for meth in c.get_methods():
results[c.name].append(meth.name)
return results
def _get_classes_with_crypto(self):
classes = self.dx.get_classes()
for c in classes:
ana = ClassCryptoAnalysis(c)
if ana.matched:
self.classes_with_crypto[ana.name] = ana
def _get_classes_with_crypto_strings(self):
for s_ana in self.dx.get_strings():
s_value = s_ana.get_orig_value()
crypto_name = match_crypto_name(s_value, exclude_cert=True)
if crypto_name:
for c, meth in s_ana.get_xref_from():
# Type of c is androguard.core.analysis.analysis.ClassAnalysis
# Type of meth is androguard.core.bytecodes.dvm.EncodedMethod
if c.name in self.classes_with_crypto:
self.classes_with_crypto[c.name].add_string(
meth.name, s_value)
else:
class_ana = ClassCryptoAnalysis(c, from_str=True)
class_ana.add_string(meth.name, s_value)
self.classes_with_crypto[c.name] = class_ana
def __repr__(self) -> str:
ret = (
'App name: {}'.format(self.app_name),
'Package name: {}'.format(self.package_name),
'Class info:\n{}'.format(self.classes_with_crypto.values()),
)
return '\n'.join(ret)
