def finish_dynamic_check(self):
self.t_socket.join()
data.dynamic_json = self.app_dynamic_info
Utils.printy_result("Dynamic Check .", 1)
self.analyse()
IOS.storage_check()
data.status ^= 0b0001
return True
def check(self):
log_file = ['/var/log/syslog']
# start check log sensitive data
check = Checker(log_file, 'LOG')
check.start()
data.log_file_results = check.results
Utils.printy_result('Log Check.', 1)
def connect(connector):
if connector == "u":
thread.start_new_thread(tcprelay.main, (['-t', '22:2222'], ))
time.sleep(5)
while True:
try:
Utils.printy('Conneting..', 0)
data.client = ssh.set_ssh_conn(config.mobile_ip, config.ssh_port, config.mobile_user, config.mobile_password)
break
except socket.error:
time.sleep(5)
Utils.printy_result('Operation timed out.', 0)
def fuzz(self):
total_count = len(self.fuzz_inputs)
count = 0
for url in self.fuzz_inputs:
count += 1
# print '[{}/{}]fuzzing...[{}]'.format(count, total_count, url)
time.sleep(1)
self.delete_old_reports()
Utils.openurl(url)
time.sleep(2)
Utils.kill_by_name(self.app)
self.results[url] = self.crashed()
Utils.printy_result('Fuzz', True)
data.fuzz_result = self.results
def sql_check():
try:
files = get_files()
if not files:
Utils.printy("No SQL files found ", 2)
return
retrieved_files = Utils.get_dataprotection(files)
data.local_file_protection.extend(retrieved_files)
check = Checker(files, 'SQL')
check.start()
Utils.printy_result('Database Check.', 1)
return check.results
except Exception, e:
data.logger.warn(e)
def check_status(self):
process_time = 0
while True:
time.sleep(10)
process_time += 10
status = data.status & 0b11
if status == 0b11:
break
# dynamic not finished
elif status == 0b10:
if process_time >= 180:
self.t_socket.stop()
# self.t_socket.join()
Utils.printy_result("Stop Dynamic Analysis, Timeout", 0)
break
else:
continue
def start_server(self):
HOST = config.socket_ip
PORT = config.socket_port
self.dynamic_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.dynamic_socket.bind((HOST, int(PORT)))
self.dynamic_socket.listen(1)
Utils.printy('Start server to receive data from application.', 0)
while not self.stopped():
conn, addr = self.dynamic_socket.accept()
input_data = conn.recv(2048)
input_data = input_data[0:-1]
if input_data == ('DONE:' + data.app_bundleID):
Utils.printy_result("Dynamic Check .", 1)
self.dynamic_socket.close()
break
elif input_data == 'Timeout':
self.dynamic_socket.close()
break
self.parse_json(self.app_info, input_data)
data.status ^= 0b0001
def do_analyse(self):
data.static_process_id = os.getpid()
exec "from staticAnalyzer import StaticAnalyze"
exec "from staticAnalyzer.ttypes import *"
Utils.printy('Start static analysis', 0)
time.sleep(1)
try:
transport = TSocket.TSocket(config.thrift_ip, config.thrift_port)
transport = TTransport.TBufferedTransport(transport)
protocol = TBinaryProtocol.TBinaryProtocol(transport)
client = StaticAnalyze.Client(protocol)
transport.open()
while True:
if client.connect() == "Connected":
Utils.printy_result("Connect to IDA Server", 1)
break
report_dir = "{}/temp/{}/report".format(data.root, data.start_time)
msg = client.analyze(data.static_file_path,
report_dir,
report_type='pdf')
if msg == "Fail":
Utils.printy_result("Static Analyse", 0)
else:
Utils.printy_result('Static Analyse.', 1)
data.static_report = msg
transport.close()
data.status ^= 0b0010
except Thrift.TException, ex:
print "%s" % ex.message
def install_ipa_from_local(ipa_path):
if ipa_path: # 从平台下发的任务,经由这个方法,ipa_path有值
ipa = zipfile.ZipFile(ipa_path)
pat = re.compile("Payload[/\\\][\w.]+[/\\\]Info.plist")
for name in ipa.namelist():
if pat.search(name):
plist_path = name
break
# plist_path = ipa.extract(name)
# plist = plistlib.readPlist(plist_path)
# data.app_bundleID = plistlib.readPlist(plist_path)["CFBundleIdentifier"]
# print data.app_bundleID
else: # 从单机版入口,ipa_path为空,需要实时要求用户输入
while True:
ipa_path = raw_input(clint.textui.colored.yellow("> >> >>> Input the Path: > ")).strip()
if not os.path.exists(ipa_path):
Utils.printy_result('No such file ', 0)
elif not ipa_path.endswith("ipa"):
Utils.printy_result('Not ipa file ', 0)
else:
break
# sftp to iPhone
Utils.sftp_put(config.mobile_ip, config.ssh_port, config.mobile_user, config.mobile_password,
'/tmp/detect/temp.ipa', ipa_path)
if ipa_path:
ipa = zipfile.ZipFile(ipa_path)
pat = re.compile("Payload[/\\\][\w.]+[/\\\]Info.plist")
for name in ipa.namelist():
if pat.search(name):
break
plist_path = ipa.extract(name)
tmp = plist_path + '.tmp'
data.app_bundleID = commands.getstatusoutput(
'plutil -extract CFBundleIdentifier xml1 {} -o {}; plutil -p {}'.
format(plist_path, tmp, tmp))[1].strip('"')
Utils.cmd_block(data.client, 'ipainstaller {}'.format('/tmp/detect/temp.ipa'))
return True
def send_tool(self):
Utils.sftp_put(ip=config.mobile_ip, port=config.ssh_port,
username=config.mobile_user, password=config.mobile_password,
local_file="./tools/keychain_dumper", remote_path='./keychain_dumper')
def dump(self):
try:
cmd = './keychain_dumper'
out = Utils.cmd_block(self.client, cmd)
lines = out.split('\n')
for line in lines:
if line.startswith('Keychain Data:') and not '(null)' in line:
content = line[15:]
if content:
self.all_keychain_values.append(content)
self.filter()
except Exception, e:
data.logger.warn(e)
finally:
Utils.printy_result('Keychain Dump', 1)
return self.results
def filter(self):
for value in self.all_keychain_values:
if value in data.input_list:
self.results.append(value)
def binary_check():
SharedLibrary().get()
get_seg_info()
protect_check().check()
String().get_strings()
Utils.printy_result('Binary Check', 1)
def finish_server_scan(self):
self.server.join()
Utils.printy_result('Server Scan.', 1)
def finish_static_analyse(self):
self.t_static.join()
Utils.printy_result('Static Analyse.', 1)
data.status ^= 0b0010
return True
files = self.get_files()
if not files:
Utils.printy("No Plist files found ", 2)
return
# Add data protection class
retrieved_files = Utils.get_dataprotection(files)
data.local_file_protection.extend(retrieved_files)
# start check plist sensitive data
check = Checker(files, 'PLIST')
check.start()
data.plist_file_results = check.results
except Exception, e:
data.logger.warn(e)
finally:
Utils.printy_result('Plist Check.', 1)
def get_files(self):
files = []
dirs = [
data.metadata['bundle_directory'], data.metadata['data_directory']
]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*.plist"'.format(
bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
temp = Utils.cmd_block(self.client, cmd).split("\n")
for f in temp:
if f != '':
files.append(f)
return files