def create_graph(input, output): if input != None and output != None: ret_type = androconf.is_android(input) vm = None a = None if ret_type == "APK": a = apk.APK(input) if a.is_valid_APK(): vm = dvm.DalvikVMFormat(a.get_dex()) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat(open(input, "rb").read()) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, a) create_directories(vm, output) dd = data.Data(vm, vmx, gvmx, a) buff = dd.export_methodcalls_to_gml() androconf.save_to_disk(buff, output + "/" + "methodcalls.graphml")
def analyze(self): self.__a = analysis.uVMAnalysis( self.__bc ) self.__bc.set_vmanalysis( self.__a ) self.__g = ganalysis.GVMAnalysis( self.__a, None ) self.__bc.set_gvmanalysis( self.__g ) self.__bc.create_xref() self.__bc.create_dref()
def parse_input_file(self): """This function will analyze the file given as input""" extension = self.get_type(self.filename) if extension == ".apk": if not self.quiet: print "[*] Opening APK..." try: self.application = apk.APK(self.filename) self.dalvik_executable = dvm.DalvikVMFormat(self.application.get_dex()) except: return None elif extension == ".odex": if not self.quiet: print "[*] Opening .odex file..." self.dalvik_executable = dvm.DalvikOdexVMFormat(open(self.filename, "r").read()) elif extension == ".dex": if not self.quiet: print "[*] Opening .dex file" self.dalvik_executable = dvm.DalvikVMFormat(open(self.filename, "r").read()) else: if not self.quiet: print "[!] Invalid type for %s...skipping" % (self.filename) return None if not self.quiet: #print "[*] This application uses the following permissions :" #print self.application.get_permissions() print "[*] Analyzing dex file..." self.analyzed_dex = analysis.VMAnalysis(self.dalvik_executable) self.gx = ganalysis.GVMAnalysis(self.analyzed_dex, None) self.dalvik_executable.set_vmanalysis(self.analyzed_dex) self.dalvik_executable.set_gvmanalysis(self.gx) if not self.quiet: print "[*] Creating xrefs..." self.dalvik_executable.create_xref() self.dalvik_executable.create_python_export()
def getGexf(self, gexfOut): """ Use Androgexf in androguard to generate graph """ try: self.gexfOut = gexfOut vm = dvm.DalvikVMFormat(self.apkObj.get_dex()) vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, self.apkObj) b = gvmx.export_to_gexf() androconf.save_to_disk(b, self.gexfOut) except Exception: ex = traceback.format_exc() self.log.exce(ex)
def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android(options.input) vm = None a = None if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): vm = dvm.DalvikVMFormat(a.get_dex()) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat(open(options.input, "rb").read()) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, a) create_directories(vm, options.output) # dv.export_to_gml( options.output ) dd = data.Data(vm, vmx, gvmx, a) buff = dd.export_apk_to_gml() androconf.save_to_disk(buff, options.output + "/" + "apk.graphml") buff = dd.export_methodcalls_to_gml() androconf.save_to_disk(buff, options.output + "/" + "methodcalls.graphml") buff = dd.export_dex_to_gml() for i in buff: androconf.save_to_disk(buff[i], options.output + "/" + i + ".graphml")
def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android(options.input) vm = None a = None if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): vm = dvm.DalvikVMFormat(a.get_dex()) else: print("INVALID APK") elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat(read(options.input)) except Exception as e: print("INVALID DEX", e) vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, a) b = gvmx.export_to_gexf() androconf.save_to_disk(b, options.output)
PATH_INSTALL = "./" sys.path.append(PATH_INSTALL) from androguard.core.bytecodes import dvm from androguard.core.bytecodes import apk from androguard.core.androconf import CONF from androguard.core.analysis import analysis, ganalysis #CONF["LAZY_ANALYSIS"] = True TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" a = apk.APK(TEST) j = dvm.DalvikVMFormat(a.get_dex()) dx = analysis.uVMAnalysis(j) gx = ganalysis.GVMAnalysis(dx, None) j.set_vmanalysis(dx) j.set_gvmanalysis(gx) j.create_xref() j.create_dref() for m in dx.get_methods(): idx = 0 for i in m.basic_blocks.get(): print("\t %s %x %x" % (i.name, i.start, i.end), i.get_instructions()[-1].get_name()) print(m.method.XREFfrom, m.method.XREFto)
def run(self): if androconf.is_android_raw(self.raw) == "DEY": dex_object = dvm.DalvikOdexVMFormat(self.raw) else: dex_object = dvm.DalvikVMFormat(self.raw) ana_object = analysis.uVMAnalysis(dex_object) gvm_object = ganalysis.GVMAnalysis(ana_object, None) dex_object.set_vmanalysis(ana_object) dex_object.set_gvmanalysis(gvm_object) for i in androconf.CONF: if is_setting(i): androconf.CONF[i] = get_setting(i) decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad") if decompiler_option == "dex2jad": dex_object.set_decompiler( decompiler.DecompilerDex2Jad(dex_object, androconf.CONF["PATH_DEX2JAR"], androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"], androconf.CONF["BIN_JAD"], androconf.CONF["TMP_DIRECTORY"])) elif decompiler_option == "ded": dex_object.set_decompiler( decompiler.DecompilerDed(dex_object, androconf.CONF["PATH_DED"], androconf.CONF["BIN_DED"], androconf.CONF["TMP_DIRECTORY"])) else: dex_object.set_decompiler( decompiler.DecompilerDAD(dex_object, ana_object)) dex_object.create_xref() dex_object.create_dref() self.view.set_name("%s.ag" % (self.filename)) self.view.set_scratch(True) edit = self.view.begin_edit() self.view.sel().clear() self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage") by_package = {} for current_class in dex_object.get_classes(): name = current_class.get_name() try: by_package[os.path.dirname(name)].append(current_class) except KeyError: by_package[os.path.dirname(name)] = [] by_package[os.path.dirname(name)].append(current_class) b_buffer = "" line = 0 AG_METHODS_LINE[self.view.id()] = {} AG_CLASSES_LINE[self.view.id()] = {} AG_FIELDS_LINE[self.view.id()] = {} for key in sorted(by_package.iterkeys()): b_buffer += "%s\n" % key line += 1 for c_class in sorted(by_package[key], key=lambda k: k.get_name()): b_buffer += "\t%s extends %s\n" % (c_class.get_name( )[1:-1], c_class.get_superclassname()[1:-1]) AG_CLASSES_LINE[self.view.id()][line] = c_class line += 1 for j in c_class.get_methods(): b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % ( j.get_name(), j.get_descriptor(), j.get_access_flags_string(), j.get_length()) AG_METHODS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 for j in c_class.get_fields(): b_buffer += "\t\tfield: %s %s [%s %s]" % ( j.get_name(), j.get_descriptor(), j.get_access_flags_string(), dvm.get_type(j.get_descriptor())) init_value = j.get_init_value() if init_value != None: b_buffer += " (%s)" % repr(str(init_value.get_value())) b_buffer += "\n" AG_FIELDS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 l = dex_object.get_classes_hierarchy() h_buffer = "" for i in l: h_buffer += i + "\n" b_buffer += h_buffer self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer) self.view.end_edit(edit) self.view.set_read_only(True) AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object) FILENAMES[self.view.id()] = hashlib.sha1( dex_object.get_buff()).hexdigest()