Beispiel #1
0
def doAllAppInstall(method):
    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    for apk in appsList:
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]
        if method is "INSTALL":  #install apps
            installapk(app)
        elif method is "UNINSTALL":  #uninstall apps
            uninstallapk(app)
Beispiel #2
0
def assemble_and_install(context):
    """
    reassemble the apk file and install it to the device
    :param context:
    :return:
    """
    app = Apps.getApp(context.package)
    logger.info("%s starting reassembling to apk", app.package)

    newapk = path + app.package + "/" + app.package + "-new.apk"
    newalignedapk = path + app.package + "/" + app.package + "-aligned.apk"

    logger.info("%s reassembling to apk", context.package)
    cmd = ["apktool", "b", path + app.package + "/smali/", "-o", newapk]
    logger.debug(" ".join(cmd))
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()
    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)

    logger.info("%s signing apk", context.package)
    cmd = ["jarsigner", "-verbose", "-sigalg", "SHA1withRSA", "-digestalg", "SHA1", "-keystore", "my-release-key.keystore", "--store-pass", "123456", "-keypass", "123456", newapk, "alias_name"]
    logger.debug(" ".join(cmd))
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()
    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)

    logger.info("%s aligning apk", context.package)
    cmd = [zipalign, "-f", "-v", "4", newapk, newalignedapk]
    logger.debug(" ".join(cmd))
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()
    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)

    app = Apps()
    app.package = context.package
    app.path_to_apk = newalignedapk
    deviceHelper.uninstallapk(app)
    deviceHelper.installapk(app)
Beispiel #3
0
def callMallodroid(appsList):
    existingRecords = Mallodroid.getPackages()

    for apk in appsList:
        if apk[0] in existingRecords:
            continue
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]

        res = runMallodroid(app)
        # result will be empty if app doesn't require internet permission
        if res:
            parseXML(res.strip(), app)
Beispiel #4
0
def evicheck(appslist):
    """
    runs the EviCheck tool on a list of apps and stores results
    as log files and database entries
    :param appslist:
    :return:
    """

    p_result = re.compile(".*Policy valid!.*")

    for apk in appslist:
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]
        certFile = path + app.package + "/EviCheck.cert"
        logFile = path + app.package + "/EviCheck.log"
        logger.info("%s running EviCheck", app.package)

        malware = Malware()
        malware.package = app.package
        malware.logfile = logFile
        malware.tool = "EviCheck"

        cmd = ["python", eviscript, "-f", app.path_to_apk, "-g", "-p", evipolicy, "-t", certFile,
               "-m"]  # there are RSA and DSA certificates; cater for both

        p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        out, err = p.communicate()

        if err:
            logger.error(err)
            continue
        else:
            lines = out.splitlines()
            log = open(logFile, 'w')
            log.writelines(lines)
            log.close()

            global a # init variable
            for line in lines:
                a = p_result.match(line)
                if a:
                    malware.result = "valid"
                    logger.info("%s is valid", app.package)
                    break
            if not a:
                malware.result = "invalid"
                logger.info("%s is not valid", app.package)
            malware.insert()
Beispiel #5
0
def allApksToJar():
    """
    extracts all apk files to jar
    :return:
    """
    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    for apk in appsList:
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]

        apkTorJar(app)
Beispiel #6
0
def explaindroid(appsList):
    """
    running Explain Droid on a list of apps
    :param appsList:
    :return:
    """
    p_result = re.compile(".*LABEL: BENIGN.*")

    for apk in appsList:
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]
        logFile = path + app.package + "/ExplainDroid.log"
        logger.info("%s running ExplainDroid", app.package)

        malware = Malware()
        malware.package = app.package
        malware.logfile = logFile
        malware.tool = "ExplainDroid"

        cmd = [expdroidscript, "-mod", "linux", "-apk", app.path_to_apk
               ]  # there are RSA and DSA certificates; cater for both
        p = subprocess.Popen(cmd,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE)
        out, err = p.communicate()

        if err:
            logger.error(err)
            continue
        else:
            lines = out.splitlines()
            log = open(logFile, 'w')
            log.writelines(lines)
            log.close()

            global a  # init variable
            for line in lines:
                a = p_result.match(line)
                if a:
                    malware.result = "benign"
                    logger.info("%s is benign", app.package)
                    break
            if not a:
                malware.result = "malicious"
                logger.info("%s is malicious", app.package)

            malware.insert()
Beispiel #7
0
def allApksToSmali():
    """
    extracting smali code for all apk files
    :return:
    """

    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    for apk in appsList:
        app = Apps()
        app.path_to_apk = apk[1]
        app.package = apk[0]

        allApksToSmali()
Beispiel #8
0
def downloadApp(pathToStore, package, install, writeToDb):

    # create app object
    app = Apps()
    pripol = Pripol()
    sreenshotplaystore(package.strip(),pathToStore)
    downloadapk(package.strip(), pathToStore, app, pripol, writeToDb)
    if install:
        deviceHelper.installapk(app)
Beispiel #9
0
def do():
    app = Apps()
    app.package = "com.denper.addonsdetector"
    # this will only work on a Nexus 5 with Android 6
    if deviceHelper.checkInstall(app):
        logger.debug("Addons detector found on device")
        deviceHelper.startApp(app, "com.denper.addonsdetector.ui.Dashboard")
        deviceHelper.tapScreem("540", "940")
        time.sleep(5)
        deviceHelper.tapScreem("360", "600")
        deviceHelper.tapScreem("330", "1700")
        deviceHelper.tapScreem("730", "1200")
        deviceHelper.tapScreem("550", "1200")

        deviceHelper.copyFile(data_dir, "/tmp/dummy")
        deviceHelper.deleteFile(data_dir + "*")
        parseJson()

    else:
        logger.warning("Addons Detector Application not found")
Beispiel #10
0
def downloadApps(pathToStore, appListFile, install, writeToDb):
    with open(appListFile) as f:
        for appId in f:
            print(appId.strip())
            if appId.startswith('#') <> True:
                # create app object
                app = Apps()
                pripol = Pripol()
                sreenshotplaystore(appId.strip(),pathToStore)
                downloadapk(appId.strip(), pathToStore, app, pripol, writeToDb)
                if install:
                    deviceHelper.installapk(app)
Beispiel #11
0
def do():
    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    threads = []
    for list in chunkify(appsList, 4):
        p = Process(target=callMallodroid, args=(list, ))
        logger.info("starting mallodroid thread %s", p)
        threads += [p]
        p.start()

    for t in threads:
        t.join()
Beispiel #12
0
def apkTorJar(context):
    """
    unpack apk file to jar; can be loaded with JD GUI
    :param context:
    :return:
    """
    app = Apps.getApp(context.package)
    logger.info("%s starting dex to jar", app.package)
    cmd = ["d2j-dex2jar", "-o", path + app.package + "/" + app.package + "-dex2jar.jar", app.path_to_apk, ]
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()
    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)
Beispiel #13
0
def openJarInJdGui(context):
    """
    opens Jar in JD GUI
    :param context:
    :return:
    """
    logger.info("%s opening jar in JD Gui", context.package)
    app = Apps.getApp(context.package)
    cmd = [jdgui, path + app.package + "/" + app.package + "-dex2jar.jar"]
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()

    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)
Beispiel #14
0
def do():
    """
    splitting the list of apps to analyze and start in multiple threads
    :return:
    """
    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    threads = []
    for list in chunkify(appsList, 4):
        p = Process(target=explaindroid, args=(list, ))
        logger.info("starting mallodroid thread %s", p)
        threads += [p]
        p.start()

    for t in threads:
        t.join()
Beispiel #15
0
def apkToSmali(context):
    """
    extracts smali code form apk file; smali code to be used for further analysis
    :param context:
    :return:
    """
    app = Apps.getApp(context.package)
    logger.info("%s starting dissambly to smali", app.package)

    cmd = ["apktool", "d", app.path_to_apk, "-o", path + app.package + "/smali/"]
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, err = p.communicate()

    if err:
        logger.error(err)
        return
    else:
        logger.debug(out)
Beispiel #16
0
def install():
    with open(app_list) as lines:
        packages = [line.rstrip('\n') for line in lines]
        packages.insert(0, "ALL")
        packages.append("quit")
        package, index = pick(packages, "choose package")
        if package == "ALL":
            apps = Apps.getAllApps()
            for a in apps:
                app = Apps()
                app.package = a[0]
                app.path_to_apk = a[1]
                deviceHelper.installapk(app)
        else:
            app = Apps.getApp(package)
            deviceHelper.installapk(app)
Beispiel #17
0
def parseJson():

    apps = Apps.getAllApps()
    appList = []
    for app in apps:
        appList.append(app[0])

    file = glob.glob('/tmp/dummy/*')
    docs = json.loads(open(file[0]).read())

    for i in range(0, len(docs)):
        ad = Addons()
        ad.package = docs[i]['appPackageName']
        if ad.package not in appList:
            continue
        logger.info("%s adding addins", ad.package)
        for addon in docs[i]['addons']:
            ad.addon_type = addon['addon_type']
            ad.name = addon['name']
            ad.insert()
            logger.debug("%s adding %s", ad.package, ad.name)

    os.remove(file[0])
Beispiel #18
0
def choosePackage():
    title = 'choose package: '
    packages = Apps.getPackages()
    packages.append("quit")
    package, index = pick(packages, title)
    return package
Beispiel #19
0
def apkInfo():

    # get all apks which are linked in the database
    # will come with [0] package [1] path_to_apk
    appsList = Apps().getAllApps()

    for apk in appsList:
        app = Apps()
        app.filesize = os.path.getsize(apk[1])
        app.package = apk[0]
        app.id = apk[2]
        logger.info("%s analyzing manifest", app.package)
        # run android build tool aapt and write into temp file
        f = open(RPDIR + "dummy", "w")
        cmd = ["aapt", "dump", "badging", apk[1]]
        p = subprocess.Popen(cmd,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE)
        out, err = p.communicate()
        logger.debug("%s, %s, %s", cmd, "", err)
        f.write(out)
        f.close()

        # read information from temp file
        f = open(RPDIR + "dummy", "r")
        for line in f:
            # print line
            p_versionname = re.compile(".*versionName='(.*?)'.*")
            p_versioncode = re.compile(".*versionCode='(.*?)'.*")
            p_icon = re.compile("application.*icon='(.*?)'.*")
            p_permission = re.compile("uses-permission.*'(.*?)'.*")

            ##        if "debuggable" in line:
            ##            print "DEBUG FLAG set for " + apk + "!!!"
            ##            r["debugging_flag_set_in_manifest"] = 1
            ##        else:
            ##            r["debugging_flag_set_in_manifest"] = 0
            ##        if "intent" in line:
            ##            print "INTENT FILTER used in " + apk + "!!!"

            a = p_versionname.match(line)
            if a:
                app.version = a.group(1)
                #break

            a = p_versioncode.match(line)
            if a:
                app.versioncode = a.group(1)
                #break

            a = p_icon.match(line)
            if a:
                app.path_to_icon = a.group(1)
                #break

            a = p_permission.match(line)
            if a:
                perm.id_app = app.id
                perm.id_perm = a.group(1)
                perm.insert()
                #break

        app.upsert()
Beispiel #20
0
def do():
    if checkInstall():
        forwardPort()
        #startApp()

        # get all apks which are linked in the database
        # will come with [0] package [1] path_to_apk
        appsList = Apps().getAllApps()

        for apk in appsList:
            app = Apps()
            app.path_to_apk = apk[1]
            app.package = apk[0]
            logger.info("%s running drozer", app.package)

            out, err = runDrozerCmd(app, "app.service.info -a")
            if err:
                logger.error(err.strip())
                logger.error(
                    "Probably client app is not running or app not installed ..."
                )
            else:
                if "No exported" in out:
                    pass
                else:
                    writeToDb("service", out, app)

            out, err = runDrozerCmd(app, "app.broadcast.info -a")
            if err:
                logger.error(err.strip())
                logger.error(
                    "Probably client app is not running or app not installed ..."
                )
            else:
                if "No matching" in out:
                    pass
                else:
                    writeToDb("broadcast", out, app)

            out, err = runDrozerCmd(app, "app.provider.info -a")
            if err:
                logger.error(err.strip())
                logger.error(
                    "Probably client app is not running or app not installed ..."
                )
            else:
                if "No matching" in out:
                    pass
                else:
                    writeToDb("provider", out, app)

            out, err = runDrozerCmd(app, "app.activity.info -a")
            if err:
                logger.error(err.strip())
                logger.error(
                    "Probably client app is not running or app not installed ..."
                )
            else:
                if "No exported" in out:
                    pass
                else:
                    writeToDb("activity", out, app)

            out, err = runDrozerCmd(app, "app.package.attacksurface")
            if err:
                logger.error(err.strip())
                logger.error(
                    "Probably client app is not running or app not installed ..."
                )
            else:
                cal = CodeAnalysis()
                cal.package = app.package
                if "is debuggable" in out:
                    cal.debuggable = 'y'
                else:
                    cal.debuggable = 'n'
                cal.insert()

    else:
        logger.warning("Install Drozer Client application first")