def static_code_analysis(apk_name): a, d, dx = AnalyzeAPK("C:/Users/KK/Desktop/Final Year Project/APK/" + apk_name) methods = [] methods1 = [] #All methods that an application uses- Internal and External for c in dx.get_classes(): methods1 = (list(map(lambda x: x.name, c.get_methods()))) methods += methods1 methods = set(methods) #Mapping: {API:List of Permissions} mapping = load_permission_mappings(a.get_min_sdk_version()) print(a.get_min_sdk_version()) #A dictionary : {External API: list of permissions} external_apis_permissions = {} for key, value in mapping.items(): for m in methods: if m == key.split('-')[1]: external_apis_permissions.update({key: value}) #If permission_dangerous not in external_apis_permissions permissions_from_mapping = [] for key, value in external_apis_permissions.items(): for x in value: permissions_from_mapping.append(x) permissions_from_mapping = list(set(permissions_from_mapping)) return permissions_from_mapping
'app_name': apk.get_app_name(), 'package_name': apk.get_package(), 'providers': apk.get_providers(), 'new_permissions': extract_new_permissions(apk.get_permissions()), 'filters': get_intent_filers(apk), 'certificate': {}, 'wearable': apk.is_wearable(), 'max_sdk_version': (apk.get_max_sdk_version()), 'min_sdk_version': int(apk.get_min_sdk_version()), 'version_code': apk.xml['AndroidManifest.xml'].get( '{http://schemas.android.com/apk/res/android}versionCode'), 'libraries': list(apk.get_libraries()), 'androidtv': apk.is_androidtv(), 'target_sdk_version': apk.get_target_sdk_version(), 'api_keys': {}, # TODO 'activities': apk.get_activities(), 'main_activity': apk.get_main_activity(), 'receivers':
outDexName = "EXTRACTED_DEX_FROM_" + tail print() print("======== KEY AND PACKAGE INFO ========") outDexContent, locationDEX = DEXDecrypt.decrypt(a, d, dx, sys.argv[1]) with open(outDexName, "wb") as file: file.write(outDexContent) file.close() #Search for the class with configuration parameters cfg_src = source.getStringsClassSource(a, d, dx, outDexName) #Decrypt the strings, currently returns C2 URL print() print("======== DECRYPTED STRINGS ========") decrypted_cfg_src = decryptConfig.all(cfg_src) #Collect and print other IoC's appName = a.get_app_name() mainActivity = a.get_main_activity() minSDK = a.get_min_sdk_version() sha1apk = FileHash('sha1').hash_file(sys.argv[1]) C2URL = decrypted_cfg_src fileSize = os.path.getsize(sys.argv[1]) * (10**-6) print() print("======== IOC INFORMATION ========") print("AppName, MainActivity, MINSDK, EncryptedDEX, SHA1Sum, C&C ,Size(MB)") print(appName, ",", mainActivity, ",", minSDK, ",", locationDEX, ",", sha1apk, ",", C2URL, ",", fileSize)