def main():
#TODO - I need to figure out a way to silence this. It is outputting where I don't want it too
common.logger.info("Checking for exported PreferenceActivity classes")
act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data=common.check_export('activity',False)
#Do I need to add a minSdkVersion check here?
if ((len(act_exp_list)>0) or (len(act_exp_perm_list>1)) or (len(act_prot_broad_list>0))):
find_preference_activity()
if len(act_exp_list)>0:
if look_for_file(act_exp_list):
common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
if len(act_exp_perm_list)>1:
if look_for_file(act_exp_perm_list):
common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
if len(act_prot_broad_list)>0:
if look_for_file(act_prot_broad_list):
common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
return
common.logger.info("You only had 2 options and you still messed up. Let me choose option 2 for you")
#Only application and manifest elements are required: http://developer.android.com/guide/topics/manifest/manifest-intro.html
try:
determine_min_sdk()
common.print_terminal_header("APP COMPONENT ATTACK SURFACE")
app = common.xmldoc.getElementsByTagName("application")
common.compare(app.length,1,common.config.get('qarkhelper', 'APP_ELEM_ISSUE'), 'true')
GeneralIssues.verify_allow_backup(app)
GeneralIssues.verify_custom_permissions()
GeneralIssues.verify_debuggable(app)
common.logger.info("Checking provider")
prov_priv_list, prov_exp_list, prov_exp_perm_list, prov_prot_broad_list, report_data, results =common.check_export('provider',True)
report_badger("appcomponents", results)
common.print_terminal(report_data)
common.logger.info("Checking activity")
act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list=[],[],[],[]
act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data, results=common.check_export('activity',True)
#Normalizing activity names for use in exploit APK, so all will be absolute
act_priv_list=common.normalizeActivityNames(act_priv_list,package_name)
act_exp_list=common.normalizeActivityNames(act_exp_list,package_name)
act_exp_perm_list=common.normalizeActivityNames(act_exp_perm_list,package_name)
act_prot_broad_list=common.normalizeActivityNames(act_prot_broad_list,package_name)
report_badger("appcomponents", results)
common.print_terminal(report_data)
common.logger.info("You only had 2 options and you still messed up. Let me choose option 2 for you")
#Only application and manifest elements are required: http://developer.android.com/guide/topics/manifest/manifest-intro.html
try:
determine_min_sdk()
common.print_terminal_header("APP COMPONENT ATTACK SURFACE")
app = common.xmldoc.getElementsByTagName("application")
common.compare(app.length,1,common.config.get('qarkhelper', 'APP_ELEM_ISSUE'), 'true')
GeneralIssues.verify_allow_backup(app)
GeneralIssues.verify_custom_permissions()
GeneralIssues.verify_debuggable(app)
common.logger.info("Checking provider")
prov_priv_list, prov_exp_list, prov_exp_perm_list, prov_prot_broad_list, report_data, results =common.check_export('provider',True)
report_badger("appcomponents", results)
common.print_terminal(report_data)
common.logger.info("Checking activity")
act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list=[],[],[],[]
act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data, results=common.check_export('activity',True)
#Normalizing activity names for use in exploit APK, so all will be absolute
act_priv_list=common.normalizeActivityNames(act_priv_list,package_name)
act_exp_list=common.normalizeActivityNames(act_exp_list,package_name)
act_exp_perm_list=common.normalizeActivityNames(act_exp_perm_list,package_name)
act_prot_broad_list=common.normalizeActivityNames(act_prot_broad_list,package_name)
report_badger("appcomponents", results)
common.print_terminal(report_data)
