def get_shared_preferences_writes(apk,d,dx,include_support=None): shared_preferences = [] sharedprefs_instruction_paths = dx.tainted_packages.search_methods("", "getSharedPreferences", "\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;") context_instruction_paths = dx.tainted_packages.search_methods(".", "createPackageContext", ".") for path in sharedprefs_instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager()) if should_analyze(src_class_name,include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0,path.idx) index = get_instruction_offset(i,method) if is_edit_present_later(method,index): new_var = "" if i.get_op_value() == 0x6E:#invoke-virtual { parameters }, methodtocall new_var = i.get_output().split(",")[1].strip() file_mode_var = i.get_output().split(",")[2].strip() elif i.get_op_value() == 0x74:#invoke-virtual/range {vx..vy},methodtocall new_var = i.get_output().split(",")[0].split(".")[-1].strip()[1:] num = int(new_var)-1 new_var = "v"+`num` file_mode_var = "v"+new_var file_mode = track_int_value(method,index-1,file_mode_var) if file_mode != 0:#if word readable or writable pref_file = track_string_value(method,index-1,new_var) context_path = get_path_of_method(src_class_name,src_method_name, context_instruction_paths,d) if context_path: context_method = d.get_method_by_idx(context_path.src_idx) c_i = context_method.get_instruction(0,context_path.idx) c_index = get_instruction_offset(c_i,context_method) c_name_var = c_i.get_output().split(",")[1].strip() package = track_string_value(context_method, c_index-1, c_name_var) else: package = apk.get_package() sharedprefs = SharedPreferencesAnalysis(package, pref_file,"write") shared_preferences.append(sharedprefs) return shared_preferences
def get_dynamic_receivers(apk,d,dx,include_support=None): """ Returns a list of all the Receivers registered inside a method :rtype: Receiver """ receivers = [] instruction_paths = dx.tainted_packages.search_methods(".", "registerReceiver", "\(Landroid\/content\/BroadcastReceiver") for path in instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager()) if should_analyze(src_class_name,include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0,path.idx) index = method.code.get_bc().off_to_pos(path.idx) if i.get_op_value() in [0x6E,0x6F,0x72]:#invoke-virtual { parameters }, methodtocall or invoke-super var = i.get_output().split(",")[2].strip() #The second argument holds the IntentFilter with the action elif i.get_op_value() == 0x74:#invoke-virtual/range {vx..vy},methodtocall var = i.get_output().split(",")[0].split(".")[-1] else: print "Error" action = track_intent_filter_direct(method,index-1,var) intentfilter = IntentFilterAnalysis(action) filters = [] filters.append(intentfilter) receiver = ReceiverAnalysis(filters) receivers.append(receiver) return receivers
def get_implicit_intents(apk,d,dx,include_support=None): """ Returns a list of Broadcast Intents that which action is set inside this method. They might not be declared in this method. The best moment to detect an intent is when its action is set. :rtype: Intent """ intents = [] instruction_paths = dx.tainted_packages.search_methods("Landroid/content/Intent;", "setAction", ".") instruction_paths.extend(dx.tainted_packages.search_methods("Landroid/content/Intent;", "<init>", "\(Ljava\/lang\/String")) for path in instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager()) if should_analyze(src_class_name,include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0,path.idx) index = method.code.get_bc().off_to_pos(path.idx) intent = i.get_output().split(",")[1].strip() back_index = index while back_index > 0: back_index -= 1 i2 = method.get_instruction(back_index) if intent in i2.get_output() and i2.get_op_value() in [0xC] :#12 is move-result-object action = track_method_call_action(method,back_index,intent) intent = IntentAnalysis(action.strip()) intents.append(intent) back_index = -1 if i2.get_op_value() == 0x1A and intent in i2.get_output(): #const-string action = i2.get_output().split(",")[1].strip() intent = IntentAnalysis(action[1:-1].strip()) intents.append(intent) back_index = -1 return intents
def get_shared_preferences_reads(apk, d, dx, include_support=None): shared_preferences = [] sharedprefs_instruction_paths = dx.tainted_packages.search_methods( ".", "getSharedPreferences", "\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;") context_instruction_paths = dx.tainted_packages.search_methods( ".", "createPackageContext", ".") for path in sharedprefs_instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src( d.get_class_manager()) if should_analyze(src_class_name, include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0, path.idx) index = get_instruction_offset(i, method) new_var = "" if i.get_op_value() in [ 0x6E, 0x6F, 0x72 ]: #invoke-virtual { parameters }, methodtocall new_var = i.get_output().split(",")[1].strip() file_mode_var = i.get_output().split(",")[2].strip() elif i.get_op_value( ) == 0x74: #invoke-virtual/range {vx..vy},methodtocall new_var = i.get_output().split(",")[0].split( ".")[-1].strip()[1:] num = int(new_var) - 1 new_var = "v" + ` num ` file_mode_var = "v" + new_var else: print "Not Controlled" # we look the position of the method in file_mode = track_int_value(method, index - 1, file_mode_var) if file_mode != 0: pref_file = track_string_value(method, index - 1, new_var) context_path = get_path_of_method(src_class_name, src_method_name, context_instruction_paths, d) if context_path: context_method = d.get_method_by_idx(context_path.src_idx) c_i = context_method.get_instruction(0, context_path.idx) c_index = get_instruction_offset(c_i, context_method) c_name_var = c_i.get_output().split(",")[1].strip() package = track_string_value(context_method, c_index - 1, c_name_var) else: package = apk.get_package() sharedprefs = SharedPreferencesAnalysis( package, pref_file, "read") shared_preferences.append(sharedprefs) return shared_preferences