def display_SEARCH_METHODS(a, x, classes, package_name, method_name,
descriptor):
print "Search method", package_name, method_name, descriptor
analysis.show_Paths(
a,
x.get_tainted_packages().search_methods(package_name, method_name,
descriptor))
def run_bowser(self):
"""
Run the bowser toolkit
"""
# Search for parseUri()
#
x = analysis.uVMAnalysis(self.apks.get_vm())
if x:
print(
t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for parseUri()")))
analysis.show_Paths(
self.apks,
x.get_tainted_packages().search_methods(".", "parseUri", "."))
print(
t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for loadUrl()")))
analysis.show_Paths(
self.apks,
x.get_tainted_packages().search_methods(".", "loadUrl", "."))
print(
t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for addJavascriptInterface()")))
analysis.show_Paths(
self.apks,
x.get_tainted_packages().search_methods(
".", "addJavascriptInterface", "."))
def display_PERMISSION(a, x, classes):
# get database connection from DBConnectionManager
db_connection = DBConnectManager().get_connection(analysis_init_default_value.APP_NAME)
if db_connection is not None:
cursor = db_connection.cursor()
# Show methods used by permission
perms_access = x.get_tainted_packages().get_permissions( [] )
for perm in perms_access:
#add perm to table PERMISSIONS
try:
# Execute the SQL command
cursor.execute("""INSERT INTO PERMISSIONS (permission_name, permission_des) VALUES (%s,%s)""",
(perm, ''))
# Commit your changes in the database
db_connection.commit()
except MySQLdb.Error, e:
# Rollback in call
print "MySQL Error [%d]: %s" % (e.args[0], e.args[1])
print "MySQL Roll back..."
db_connection.rollback()
print "PERM : ", perm
analysis.show_Paths( a, perms_access[ perm ], analysis_init_default_value.A_PERMISSION, perms_access.keys().index(perm) + 1)
def run_bowser(self):
"""
Run the bowser toolkit
"""
# Search for parseUri()
#
x = analysis.uVMAnalysis(self.apks.get_vm())
if x:
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for parseUri()")))
analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "parseUri", "."))
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for loadUrl()")))
analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "loadUrl", "."))
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Searching for addJavascriptInterface()")))
analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "addJavascriptInterface", "."))
def print_xref(d, obj):
for xref in obj.XREFfrom.items:
print show_Paths(d, xref[1])
def display_OBJECT_CREATED(a, x, class_name):
print "Search object", class_name
analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ), analysis_init_default_value.A_OBJECT_CREATED )
def display_SEARCH_METHODS(a, x, classes, package_name, method_name, descriptor):
print "Search method", package_name, method_name, descriptor
analysis.show_Paths( a, x.get_tainted_packages().search_methods( package_name, method_name, descriptor), analysis_init_default_value.A_SEARCH_METHODS )
def display_SEARCH_PACKAGES(a, x, classes, package_name):
print "Search package", package_name
analysis.show_Paths( a, x.get_tainted_packages().search_packages( package_name ), analysis_init_default_value.A_PACKAGES )
#more info about a method
for x in d.get_methods():
break
x.pretty_show()
"""search for a specific method
@param class_name : a regexp for the class name of the method (the package)
@param name : a regexp for the name of the method
@param descriptor : a regexp for the descriptor of the method
@rtype : a list of called methods' paths
"""
#analysis.show_Paths(d, dx.tainted_packages.search_methods(".", "getInstance", "."))
#show usage of specific package (for example:crypto usage)
analysis.show_Paths(d, dx.get_tainted_packages().search_crypto_packages() )
analysis.show_Paths(d, dx.get_tainted_packages().search_packages("Ljava/security/") )
#this method does the same as one above
#for m, _ in dx.get_tainted_packages().search_packages("Ljavax/crypto/") :
# m.show()
#for m, _ in dx.get_tainted_packages().search_packages("Ljava/security/") :
# m.show()
f = open(PATH_OUTPUT, 'w')
#way to get source code
vmx = analysis.VMAnalysis(d)
for method in d.get_methods():
mx = vmx.get_method(method)
if method.get_code() == None:
continue
def run_search_method(apks, x, clz, method):
analysis.show_Paths(apks, x.get_tainted_packages().search_methods(clz, method, "."))
def display_OBJECT_CREATED(a, x, class_name):
print("Search object", class_name)
analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ) )
def display_PERMISSION(a, x, classes):
# Show methods used by permission
perms_access = x.get_tainted_packages().get_permissions( [] )
for perm in perms_access:
print("PERM : ", perm)
analysis.show_Paths( a, perms_access[ perm ] )
def display_SEARCH_METHODS(a, x, classes, package_name, method_name, descriptor):
print("Search method", package_name, method_name, descriptor)
analysis.show_Paths( a, x.get_tainted_packages().search_methods( package_name, method_name, descriptor) )
def display_SEARCH_PACKAGES(a, x, classes, package_name):
print("Search package", package_name)
analysis.show_Paths( a, x.get_tainted_packages().search_packages( package_name ) )
def run_search_method(apks, x, clz, method):
analysis.show_Paths(
apks,
x.get_tainted_packages().search_methods(clz, method, "."))
