def get_context_from_db_entry(db_entry):
"""Return the context for APPX from DB."""
try:
logger.info('Analysis is already Done. Fetching data from the DB...')
context = {
'title': 'Static Analysis',
'version': settings.MOBSF_VER,
'file_name': db_entry[0].FILE_NAME,
'app_name': db_entry[0].APP_NAME,
'publisher_name': db_entry[0].PUBLISHER_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'app_version': db_entry[0].APP_VERSION,
'architecture': db_entry[0].ARCHITECTURE,
'compiler_version': db_entry[0].COMPILER_VERSION,
'visual_studio_version': db_entry[0].VISUAL_STUDIO_VERSION,
'visual_studio_edition': db_entry[0].VISUAL_STUDIO_EDITION,
'target_os': db_entry[0].TARGET_OS,
'appx_dll_version': db_entry[0].APPX_DLL_VERSION,
'proj_guid': db_entry[0].PROJ_GUID,
'opti_tool': db_entry[0].OPTI_TOOL,
'target_run': db_entry[0].TARGET_RUN,
'files': python_list(db_entry[0].FILES),
'strings': python_list(db_entry[0].STRINGS),
'binary_analysis': python_list(db_entry[0].BINARY_ANALYSIS),
'binary_warnings': python_list(db_entry[0].BINARY_WARNINGS),
}
return context
except Exception:
logger.exception('Fetching from DB')
def get_screenshots(md5_hash, download_dir):
"""Get Screenshots."""
# Only After Download Process is Done
result = {}
imgs = []
act_imgs = []
expact_imgs = []
act = {}
exp_act = {}
try:
screen_dir = os.path.join(download_dir, md5_hash + '-screenshots-apk/')
sadb = StaticAnalyzerAndroid.objects.get(MD5=md5_hash)
if os.path.exists(screen_dir):
for img in os.listdir(screen_dir):
if img.endswith('.png'):
if img.startswith('act'):
act_imgs.append(img)
elif img.startswith('expact'):
expact_imgs.append(img)
else:
imgs.append(img)
exported_act = python_list(sadb.EXPORTED_ACTIVITIES)
act_desc = python_list(sadb.ACTIVITIES)
if act_imgs:
if len(act_imgs) == len(act_desc):
act = dict(list(zip(act_imgs, act_desc)))
if expact_imgs:
if len(expact_imgs) == len(exported_act):
exp_act = dict(list(zip(expact_imgs, exported_act)))
except Exception:
logger.exception('Organising screenshots')
result['screenshots'] = imgs
result['activities'] = act
result['exported_activities'] = exp_act
return result
def activity_tester(request, api=False):
"""Exported & non exported activity Tester."""
data = {}
try:
env = Environment()
test = request.POST['test']
md5_hash = request.POST['hash']
if not is_md5(md5_hash):
return invalid_params(api)
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
static_android_db = StaticAnalyzerAndroid.objects.get(MD5=md5_hash)
package = static_android_db.PACKAGE_NAME
iden = ''
if test == 'exported':
iden = 'Exported '
logger.info('Exported activity tester')
activities = python_list(static_android_db.EXPORTED_ACTIVITIES)
else:
logger.info('Activity tester')
activities = python_list(static_android_db.ACTIVITIES)
logger.info('Fetching %sactivities for %s', iden, package)
if not activities:
msg = 'No {}Activites found'.format(iden)
logger.info(msg)
data = {'status': 'failed', 'message': msg}
return send_response(data, api)
act_no = 0
logger.info('Starting %sActivity Tester...', iden)
logger.info('%s %sActivities Identified', str(len(activities)), iden)
for activity in activities:
act_no += 1
logger.info('Launching %sActivity - %s. %s', iden, str(act_no),
activity)
if test == 'exported':
file_iden = 'expact'
else:
file_iden = 'act'
outfile = ('{}{}-{}.png'.format(screen_dir, file_iden, act_no))
env.launch_n_capture(package, activity, outfile)
data = {'status': 'ok'}
except Exception as exp:
logger.exception('%sActivity tester', iden)
data = {'status': 'failed', 'message': str(exp)}
return send_response(data, api)
def base64_decode(args):
"""Decode Base64 Automatically."""
decoded = ''
args_list = python_list(args)
if not is_base64(args_list[0]):
return decoded
try:
decoded = base64.b64decode(
args_list[0]).decode('ISO-8859-1')
except Exception:
pass
return decoded
def android_component(self, bin_hash, comp):
"""Get APK Components."""
anddb = StaticAnalyzerAndroid.objects.get(MD5=bin_hash)
resp = []
if comp == 'activities':
resp = python_list(anddb.ACTIVITIES)
elif comp == 'receivers':
resp = python_list(anddb.RECEIVERS)
elif comp == 'providers':
resp = python_list(anddb.PROVIDERS)
elif comp == 'services':
resp = python_list(anddb.SERVICES)
elif comp == 'libraries':
resp = python_list(anddb.LIBRARIES)
elif comp == 'exported_activities':
resp = python_list(anddb.EXPORTED_ACTIVITIES)
return '\n'.join(resp)
def get_context_from_db_entry(db_entry):
"""Return the context for IPA/ZIP from DB."""
try:
logger.info('Analysis is already Done. Fetching data from the DB...')
context = {
'version':
settings.MOBSF_VER,
'title':
'Static Analysis',
'file_name':
db_entry[0].FILE_NAME,
'app_name':
db_entry[0].APP_NAME,
'app_type':
db_entry[0].APP_TYPE,
'size':
db_entry[0].SIZE,
'md5':
db_entry[0].MD5,
'sha1':
db_entry[0].SHA1,
'sha256':
db_entry[0].SHA256,
'build':
db_entry[0].BUILD,
'app_version':
db_entry[0].APP_VERSION,
'sdk_name':
db_entry[0].SDK_NAME,
'platform':
db_entry[0].PLATFORM,
'min_os_version':
db_entry[0].MIN_OS_VERSION,
'bundle_id':
db_entry[0].BUNDLE_ID,
'bundle_url_types':
python_list(db_entry[0].BUNDLE_URL_TYPES),
'bundle_supported_platforms':
python_list(db_entry[0].BUNDLE_SUPPORTED_PLATFORMS),
'icon_found':
db_entry[0].ICON_FOUND,
'info_plist':
db_entry[0].INFO_PLIST,
'binary_info':
python_dict(db_entry[0].BINARY_INFO),
'permissions':
python_dict(db_entry[0].PERMISSIONS),
'ats_analysis':
python_list(db_entry[0].ATS_ANALYSIS),
'binary_analysis':
python_list(db_entry[0].BINARY_ANALYSIS),
'macho_analysis':
python_dict(db_entry[0].MACHO_ANALYSIS),
'ios_api':
python_dict(db_entry[0].IOS_API),
'code_analysis':
python_dict(db_entry[0].CODE_ANALYSIS),
'file_analysis':
python_list(db_entry[0].FILE_ANALYSIS),
'libraries':
python_list(db_entry[0].LIBRARIES),
'files':
python_list(db_entry[0].FILES),
'urls':
python_list(db_entry[0].URLS),
'domains':
python_dict(db_entry[0].DOMAINS),
'emails':
python_list(db_entry[0].EMAILS),
'strings':
python_list(db_entry[0].STRINGS),
'firebase_urls':
python_list(db_entry[0].FIREBASE_URLS),
'appstore_details':
python_dict(db_entry[0].APPSTORE_DETAILS),
'secrets':
python_list(db_entry[0].SECRETS),
}
return context
except Exception:
logger.exception('Fetching from DB')
def get_context_from_db_entry(db_entry: QuerySet) -> dict:
"""Return the context for APK/ZIP from DB."""
try:
logger.info('Analysis is already Done. Fetching data from the DB...')
context = {
'version': settings.MOBSF_VER,
'title': 'Static Analysis',
'file_name': db_entry[0].FILE_NAME,
'app_name': db_entry[0].APP_NAME,
'app_type': db_entry[0].APP_TYPE,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'package_name': db_entry[0].PACKAGE_NAME,
'main_activity': db_entry[0].MAIN_ACTIVITY,
'exported_activities': db_entry[0].EXPORTED_ACTIVITIES,
'browsable_activities':
python_dict(db_entry[0].BROWSABLE_ACTIVITIES),
'activities': python_list(db_entry[0].ACTIVITIES),
'receivers': python_list(db_entry[0].RECEIVERS),
'providers': python_list(db_entry[0].PROVIDERS),
'services': python_list(db_entry[0].SERVICES),
'libraries': python_list(db_entry[0].LIBRARIES),
'target_sdk': db_entry[0].TARGET_SDK,
'max_sdk': db_entry[0].MAX_SDK,
'min_sdk': db_entry[0].MIN_SDK,
'version_name': db_entry[0].VERSION_NAME,
'version_code': db_entry[0].VERSION_CODE,
'icon_hidden': db_entry[0].ICON_HIDDEN,
'icon_found': db_entry[0].ICON_FOUND,
'permissions': python_dict(db_entry[0].PERMISSIONS),
'certificate_analysis':
python_dict(db_entry[0].CERTIFICATE_ANALYSIS),
'manifest_analysis': python_list(db_entry[0].MANIFEST_ANALYSIS),
'network_security': python_list(db_entry[0].NETWORK_SECURITY),
'binary_analysis': python_list(db_entry[0].BINARY_ANALYSIS),
'file_analysis': python_list(db_entry[0].FILE_ANALYSIS),
'android_api': python_dict(db_entry[0].ANDROID_API),
'code_analysis': python_dict(db_entry[0].CODE_ANALYSIS),
'niap_analysis': python_dict(db_entry[0].NIAP_ANALYSIS),
'urls': python_list(db_entry[0].URLS),
'domains': python_dict(db_entry[0].DOMAINS),
'emails': python_list(db_entry[0].EMAILS),
'strings': python_list(db_entry[0].STRINGS),
'firebase_urls': python_list(db_entry[0].FIREBASE_URLS),
'files': python_list(db_entry[0].FILES),
'exported_count': python_dict(db_entry[0].EXPORTED_COUNT),
'apkid': python_dict(db_entry[0].APKID),
'quark': python_list(db_entry[0].QUARK),
'trackers': python_dict(db_entry[0].TRACKERS),
'playstore_details': python_dict(db_entry[0].PLAYSTORE_DETAILS),
'secrets': python_list(db_entry[0].SECRETS),
}
return context
except Exception:
logger.exception('Fetching from DB')
def dynamic_analyzer(request, checksum, api=False):
"""Android Dynamic Analyzer Environment."""
try:
identifier = None
activities = None
exported_activities = None
if api:
reinstall = request.POST.get('re_install', '1')
install = request.POST.get('install', '1')
else:
reinstall = request.GET.get('re_install', '1')
install = request.GET.get('install', '1')
if not is_md5(checksum):
# We need this check since checksum is not validated
# in REST API
return print_n_send_error_response(request, 'Invalid Parameters',
api)
package = get_package_name(checksum)
if not package:
return print_n_send_error_response(
request, 'Cannot get package name from checksum', api)
logger.info('Creating Dynamic Analysis Environment for %s', package)
try:
identifier = get_device()
except Exception:
pass
if not identifier:
msg = ('Is the android instance running? MobSF cannot'
' find android instance identifier. '
'Please run an android instance and refresh'
' this page. If this error persists,'
' set ANALYZER_IDENTIFIER in '
f'{get_config_loc()}')
return print_n_send_error_response(request, msg, api)
# Get activities from the static analyzer results
try:
static_android_db = StaticAnalyzerAndroid.objects.get(MD5=checksum)
exported_activities = python_list(
static_android_db.EXPORTED_ACTIVITIES)
activities = python_list(static_android_db.ACTIVITIES)
except ObjectDoesNotExist:
logger.warning('Failed to get Activities. '
'Static Analysis not completed for the app.')
env = Environment(identifier)
if not env.connect_n_mount():
msg = 'Cannot Connect to ' + identifier
return print_n_send_error_response(request, msg, api)
version = env.get_android_version()
logger.info('Android Version identified as %s', version)
xposed_first_run = False
if not env.is_mobsfyied(version):
msg = ('This Android instance is not MobSFyed/Outdated.\n'
'MobSFying the android runtime environment')
logger.warning(msg)
if not env.mobsfy_init():
return print_n_send_error_response(
request, 'Failed to MobSFy the instance', api)
if version < 5:
xposed_first_run = True
if xposed_first_run:
msg = ('Have you MobSFyed the instance before'
' attempting Dynamic Analysis?'
' Install Framework for Xposed.'
' Restart the device and enable'
' all Xposed modules. And finally'
' restart the device once again.')
return print_n_send_error_response(request, msg, api)
# Clean up previous analysis
env.dz_cleanup(checksum)
# Configure Web Proxy
env.configure_proxy(package, request)
# Supported in Android 5+
env.enable_adb_reverse_tcp(version)
# Apply Global Proxy to device
env.set_global_proxy(version)
# Start Clipboard monitor
env.start_clipmon()
# Get Screen Resolution
screen_width, screen_height = env.get_screen_res()
if install == '1':
# Install APK
apk_path = Path(settings.UPLD_DIR) / checksum / f'{checksum}.apk'
status, output = env.install_apk(apk_path.as_posix(), package,
reinstall)
if not status:
# Unset Proxy
env.unset_global_proxy()
msg = (f'This APK cannot be installed. Is this APK '
f'compatible the Android VM/Emulator?\n{output}')
return print_n_send_error_response(request, msg, api)
logger.info('Testing Environment is Ready!')
context = {
'screen_width': screen_width,
'screen_height': screen_height,
'package': package,
'hash': checksum,
'android_version': version,
'version': settings.MOBSF_VER,
'activities': activities,
'exported_activities': exported_activities,
'title': 'Dynamic Analyzer'
}
template = 'dynamic_analysis/android/dynamic_analyzer.html'
if api:
return context
return render(request, template, context)
except Exception:
logger.exception('Dynamic Analyzer')
return print_n_send_error_response(request, 'Dynamic Analysis Failed.',
api)
