Ejemplo n.º 1
0
    def find_executables(self, dir):
        """Finds executables in a given directory. Does not parse recursively.
        Returns two lists:
        - ARM executables list (absolute filename)
        - APK executables list (absolute filename)
        """
        assert os.path.isdir(dir), "argument should be a directory"
        found_apk = []
        found_arm = []
        listing = os.listdir(dir)

        for file in listing:
            absolute_file = os.path.join(dir, file)
            if os.path.isfile(absolute_file):
                filetype = droidutil.get_filetype(absolute_file)
                if filetype == droidutil.ARM:
                    if self.verbose:
                        print("%s is an ARM executable" % (absolute_file))
                    found_arm.append(absolute_file)
                else:
                    if filetype == droidutil.ZIP:
                        innerzip = droidziprar.droidziprar(
                            absolute_file, True, self.verbose)
                        if innerzip.handle == None:
                            if self.verbose:
                                print("%s is not a valid zip" %
                                      (absolute_file))
                            return found_apk, found_arm
                        filetype = innerzip.get_type()
                        innerzip.close()
                        if filetype == droidutil.APK:
                            if self.verbose:
                                print("%s contains an APK" % (absolute_file))
                            found_apk.append(absolute_file)
                    else:
                        if filetype == droidutil.RAR:
                            innerzip = droidziprar.droidziprar(
                                absolute_file, False, self.verbose)
                            if innerzip.handle == None:
                                if self.verbose:
                                    print("%s is not a valid rar" %
                                          (absolute_file))
                                return found_apk, found_arm
                            filetype = innerzip.get_type()
                            innerzip.close()
                            if filetype == droidutil.APK:
                                if self.verbose:
                                    print("%s contains an APK" %
                                          (absolute_file))
                                found_apk.append(absolute_file)
        return found_arm, found_apk
Ejemplo n.º 2
0
    def unzip(self):
        """
        This method will unzip/unrar the sample, and recursively unzip/unrar inner zips/rars.
        If we are not removing the analysis directory (clearoutput option), then we also
        unzip the sample in outdir/unzipped subdirectory.
        If the sample is password protected, we try 'infected' as password.
        
        Returns the file type of the sample: droidutil.<FILE CONSTANT> (UNKNOWN, APK, DEX, ...)
        """
        if self.verbose:
            print("------------- Unzipping %s" % (self.absolute_filename))

        self.properties.filetype = droidutil.get_filetype(
            self.absolute_filename)

        if self.properties.filetype == droidutil.ARM or \
           self.properties.filetype == droidutil.UNKNOWN or \
           self.properties.filetype == droidutil.DEX:
            if self.verbose:
                print "This is a %s. Nothing to unzip for %s" % (
                    droidutil.str_filetype(
                        self.properties.filetype), self.absolute_filename)
            return self.properties.filetype

        if self.properties.filetype == droidutil.ZIP or \
                self.properties.filetype == droidutil.RAR:
            if self.properties.filetype == droidutil.ZIP:
                self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
                                                          zipmode=True, verbose=self.verbose)
            else:
                self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
                                                          zipmode=False, verbose=self.verbose)
            if self.ziprar.handle == None:
                self.properties.filetype = droidutil.UNKNOWN  # damaged zip/rar
                if self.verbose:
                    print "We are unable to unzip/unrar %s because of errors" % (
                        self.absolute_filename)
                return droidutil.UNKNOWN
            # Now, we know self.ziprar is valid and open.
            self.properties.filetype, innerzips = self.ziprar.get_type()
            if innerzips:
                self.properties.file_innerzips = True
                if self.verbose:
                    print "There are inner zips/rars in " + self.absolute_filename

                for element in innerzips:
                    # extract the inner zip/rar
                    if self.verbose:
                        print "Extracting " + element + " inside " + self.absolute_filename
                    try:
                        self.ziprar.extract_one_file(element, self.outdir)
                        if self.verbose:
                            print "Recursively processing " + os.path.join(
                                self.outdir, element)
                        droidlysis.process_file(
                            os.path.join(self.outdir, element), self.outdir,
                            self.verbose, self.clear, self.enable_procyon,
                            self.disable_description, self.disable_dump,
                            self.no_kit_exception)
                    except:
                        print "Cannot extract %s : %s" % (element,
                                                          sys.exc_info()[0])

        if self.properties.filetype == droidutil.APK:
            # our zip actually is an APK
            if not self.clear:
                # let's unzip
                if self.verbose:
                    print "Unzipping " + self.absolute_filename + " to " + os.path.join(
                        self.outdir, 'unzipped')
                try:
                    self.ziprar.extract_all(
                        outdir=os.path.join(self.outdir, 'unzipped'))
                except:
                    print "Unzipping failed (catching exception): %s" % (
                        sys.exc_info()[0])

        return self.properties.filetype