forked from arm13/bowser
-
Notifications
You must be signed in to change notification settings - Fork 1
/
wrapper.py
101 lines (75 loc) · 3.33 KB
/
wrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import datetime as datetime
import zipfile
# Configure path
import sys
sys.path.append("/Users/rotlogix/Tools/mobile/android/androguard")
# Configure terminal colors
from blessings import Terminal
t = Terminal()
# Attempt Androguard import
try:
from androguard.core.analysis import analysis
from androguard.core.bytecodes.apk import APK as APK
from androguard.core.bytecodes import dvm as DVM
from androguard.core.androgen import AndroguardS
except ImportError as e:
print(t.yellow("[{0}] Unable to import Androguard!".format(datetime.datetime.now())))
else:
print(t.yellow("[{0}] Androguard imported successfully!".format(datetime.datetime.now())))
def search(apks, dx):
"""
Search for implementations
"""
# Important methods for searching
methods = {'parse': 'parseUri', 'load': 'loadUrl', 'js': 'addJavascriptInterface'}
print(t.yellow("[{0}] Searching for parseUri implementation ...".format(datetime.datetime.now())))
parse_uri = dx.get_tainted_packages().search_methods("Landroid/content/Intent", methods["parse"], ".")
# Check to see if the list is populated
if parse_uri:
print(t.yellow("[{0}] Found parseUri() implementation! ...".format(datetime.datetime.now())))
for location in parse_uri:
analysis.show_Path(apks, location)
print(t.yellow("[{0}] Searching for loadUrl...".format(datetime.datetime.now())))
load_url = dx.get_tainted_packages().search_methods("Landroid/webkit/WebView", methods["load"], ".")
# Check to see if the list is populated
if load_url:
print(t.yellow("[{0}] Found loadUrl() implementation! ...".format(datetime.datetime.now())))
for location in load_url:
analysis.show_Path(apks, location)
print(t.yellow("[{0}] Searching for addJavascriptInterface() ...".format(datetime.datetime.now())))
add_js = dx.get_tainted_packages().search_methods(".", methods["js"], ".")
# Check to see if the list is populated
if add_js:
print(t.yellow("[{0}] Found addJavascriptInterface() implementation! ...".format(datetime.datetime.now())))
for location in load_url:
analysis.show_Path(apks, location)
def main(apk):
"""
Handle APK analysis
"""
try:
# Perform analysis on target APK
print(t.yellow("[{0}] Performing analysis ...".format(datetime.datetime.now())))
a, apks, dx = APK(apk), AndroguardS(apk), analysis.uVMAnalysis(DVM.DalvikVMFormat(APK(apk).get_dex()))
# Validate the returned objects
if a and apks and dx:
print(t.yellow("[{0}] Analysis successful!".format(datetime.datetime.now())))
# Call search function
search(apks, dx)
else:
print(t.yellow("[{0}] Analysis failed!".format(datetime.datetime.now())))
except zipfile.BadZipfile:
print(t.yellow("[{0}] Bad APK file!".format(datetime.datetime.now())))
if __name__ == '__main__':
# import argparse
import argparse
# Create argument parser
parser = argparse.ArgumentParser()
parser.add_argument('--apk', dest='apk', help='Target APK')
args = parser.parse_args()
if args.apk:
try:
# Call main function
main(args.apk)
except KeyboardInterrupt:
print(t.yellow("[{0}] Shutting down ...".format(datetime.datetime.now())))