def each(self, target): self.results = dict() try: apk, vm, vm_analysis = AnalyzeAPK(target) # First, get basic information about the APK self.results['name'] = apk.get_app_name() self.results['package'] = apk.get_package() self.results['permissions'] = apk.get_permissions() self.results['main_activity'] = apk.get_main_activity() self.results['receivers'] = apk.get_receivers() self.results['services'] = apk.get_services() self.results['main_activity_content'] = vm.get_class("L{};".format( self.results['main_activity']).replace('.', '/')).get_source() except: apk = None vm, vm_analysis = AnalyzeDex(target) self.results['dex'] = True # Then, run all the APK Plugins in order to see if this is a known malware for plugin in APKPlugin.__subclasses__(): plugin = plugin(target, apk, vm, vm_analysis) plugin.apply(self) return True
def each(self, target): self.results = dict(name=None, files=[], package=None, permissions=[], declared_permissions=[], main_activity=None, activities=[], receivers=[], services=[], manifest=None, libraries=[], main_activity_content=None, internal_classes=[]) try: apk, vm, vm_analysis = AnalyzeAPK(target) # First, get basic information about the APK self.results['name'] = apk.get_app_name() self.results['files'] = apk.get_files_types() self.results['package'] = apk.get_package() self.results['permissions'] = apk.get_details_permissions() self.results[ 'declared_permissions'] = apk.get_declared_permissions_details( ) self.results['main_activity'] = apk.get_main_activity() self.results['activities'] = apk.get_activities() self.results['receivers'] = apk.get_receivers() self.results['services'] = apk.get_services() self.results['manifest'] = apk.get_android_manifest_axml().get_xml( ) self.results['libraries'] = list(apk.get_libraries()) self.results['main_activity_content'] = None self.results['internal_classes'] = [] try: self.results['main_activity_content'] = self.results[ 'main_activity_content'] = vm[0].get_class( "L{};".format(self.results['main_activity']).replace( '.', '/')).get_source() except: self.log('error', traceback.print_exc()) try: self.results['internal_classes'] = self._get_internal_classes( vm_analysis) self._store_internal_classes() except: self.log('error', traceback.print_exc()) # Then, run all the APK Plugins in order to see if this is a known malware for plugin in APKPlugin.__subclasses__(): plugin = plugin(target, apk, vm, vm_analysis) plugin.apply(self) except: self.log('error', traceback.print_exc()) return True
def analyze_app(apk_filename): print("APK: %s" % apk_filename) apk, d, dx = AnalyzeAPK(apk_filename) app_name = apk.get_app_name() components.goal1.main(apk, d[0], dx) with open('goal2.csv', 'a') as csvfile: writer = csv.writer(csvfile, quoting=csv.QUOTE_MINIMAL) result = components.goal2.main(apk, d[0], dx) result.insert(0, app_name) writer.writerow(result) with open('goal3.csv', 'a') as csvfile: writer = csv.writer(csvfile, quoting=csv.QUOTE_MINIMAL) result = components.goal3.main(apk, d[0], dx) result.insert(0, app_name) writer.writerow(result) print("")
def get_prediction(): f_rep = [0] * 900 dat = flask.request.get_json() name = dat['file_name'] with open(name, 'rb') as f: b = f.read() a, d, dx = AnalyzeAPK(b, raw = True) perms = str(a.get_permissions()) perm_count = len(perms) app_name = a.get_app_name() perms = re.findall(r"(?=.)[A-Z|_]+(?=')", perms) for p in perms: if p in features: f_rep[features.index(p)] = 1 xml = apk.APK(name).get_android_manifest_xml() xml = tostring(xml, encoding = 'unicode') intents = re.findall(r'(?<=<intent\-filter>)(.*?)(?=</intent\-filter>)',xml,re.DOTALL) for intent in intents: ints= (re.findall(r'(?<=\<action android:name=\")([^"]*)"',intent,re.DOTALL)) for a in ints: if a in features: f_rep[features.index(a)] = 1 classes = dx.get_external_classes() class_count = len(classes) for classObj in classes: vmClass = str(classObj.get_vm_class()) if vmClass not in api_dang: continue vmMeth = classObj.get_methods() for vmMethIter in vmMeth: met = str(vmMethIter.method) if met in features: f_rep[features.index(met)] = 1 f_rep = np.array(f_rep)[np.newaxis, :] pred = model.predict(f_rep)[0] response = {"appName": app_name, "class": pred, "permCount": perm_count, "fileName": name, "classCount": class_count} response = flask.jsonify(response) return response
from androguard.misc import AnalyzeAPK a, d, dx = AnalyzeAPK('Virus0e69af88dcbb469e30f16609b10c926c.apk') app_name = a.get_app_name() pkg = a.get_package() aversion = a.get_androidversion_code() print(app_name) print(pkg) print(aversion) ''' Certificado com.security.service 1 '''
args = parser.parse_args() if not os.path.isfile(args.APK): print("Invalid file path") sys.exit(1) ret_type = androconf.is_android(args.APK) if ret_type != "APK": print("Not an APK file") sys.exit(1) apk, dex, dexes = AnalyzeAPK(args.APK) res = { 'app_name': apk.get_app_name(), 'package_name': apk.get_package(), 'providers': apk.get_providers(), 'new_permissions': extract_new_permissions(apk.get_permissions()), 'filters': get_intent_filers(apk), 'certificate': {}, 'wearable': apk.is_wearable(), 'max_sdk_version': (apk.get_max_sdk_version()), 'min_sdk_version': int(apk.get_min_sdk_version()), 'version_code':
def getname(path): a, d, x = AnalyzeAPK(path) return a.get_app_name()
print('The current folder is ' + folderName) #打印第一层目录下所有文件和文件夹 for subfolder in subfolders: print('SUBFOLDER OF ' + folderName + ': ' + subfolder) #打印第二层目录下的所有文件和文件夹 for filename in filenames: print('FILE INSIDE ' + folderName + ': ' + filename) # cut_line=filename.find('_') #根据下划线截取病毒名称 # start_line_num=cut_line+1 # # vir_name=filename[start_line_num:] #通过androguard处理文件名,得到应用名称 try: a, d, x = AnalyzeAPK(path + '\\' + filename) deal_name = a.get_app_name() print("文件名称为" + filename) list_name.append(filename) print("处理后的APK文件名为" + deal_name) list_deal_APK_name.append(a.get_app_name()) except: print("something wrong with this APK" + filename) #获得文件的大小 # fsize = os.path.getsize('G:\\MutiSample\\'+list_muti+'\\'+filename) # fsize = fsize / float(1024 * 1024) # filesize=round(fsize, 2) # print("文件大小为" + str(filesize)+'MB') # list_size.append(filesize) count = count + 1 list_file_tag.append(list_muti)
class AnalyseApkCrypto: """ Analyse an APK. Accessible attributes: app_name: str App name of the APK. package_name: str Package name of the APK. classes_with_crypto: dict[str, dict[str, MethInfo]] The keys are crypto names, the values are dictionaries, whose keys are method names, values are MethInfo objects. Only classes or methods that contains crypto names are included. elf_analyse_result: list[ApkElfAnalyseResult] A list of ApkElfAnalyseResult """ def __init__(self, filename): self.a, self.d, self.dx = AnalyzeAPK(filename) self.classes_with_crypto = {} self.elf_analyse_result, self.pack_elf = analyse_apk_elf(self.a.zip) self.package_name = self.a.get_package() self.method_cnt = len(list(self.dx.get_methods())) self.class_cnt = len(list(self.dx.get_classes())) self.elf_cnt = len(self.elf_analyse_result) try: self.app_name = self.a.get_app_name() except: # If we can't get app name, use package name instead logger.warning( 'Failed to get app name, using package name instead.') self.app_name = self.package_name self._get_classes_with_crypto() self._get_classes_with_crypto_strings() def _get_classes_methods(self): results = {} classes = self.dx.get_classes() for c in classes: results[c.name] = [] for meth in c.get_methods(): results[c.name].append(meth.name) return results def _get_classes_with_crypto(self): classes = self.dx.get_classes() for c in classes: ana = ClassCryptoAnalysis(c) if ana.matched: self.classes_with_crypto[ana.name] = ana def _get_classes_with_crypto_strings(self): for s_ana in self.dx.get_strings(): s_value = s_ana.get_orig_value() crypto_name = match_crypto_name(s_value, exclude_cert=True) if crypto_name: for c, meth in s_ana.get_xref_from(): # Type of c is androguard.core.analysis.analysis.ClassAnalysis # Type of meth is androguard.core.bytecodes.dvm.EncodedMethod if c.name in self.classes_with_crypto: self.classes_with_crypto[c.name].add_string( meth.name, s_value) else: class_ana = ClassCryptoAnalysis(c, from_str=True) class_ana.add_string(meth.name, s_value) self.classes_with_crypto[c.name] = class_ana def __repr__(self) -> str: ret = ( 'App name: {}'.format(self.app_name), 'Package name: {}'.format(self.package_name), 'Class info:\n{}'.format(self.classes_with_crypto.values()), ) return '\n'.join(ret)