Python GVMAnalysis Examples

Example #1

File: apkviewer.py Project: alireza-87/AndroidByteCodeSeq

def create_graph(input, output):
    if input != None and output != None:

        ret_type = androconf.is_android(input)
        vm = None
        a = None
        if ret_type == "APK":
            a = apk.APK(input)
            if a.is_valid_APK():
                vm = dvm.DalvikVMFormat(a.get_dex())
            else:
                print "INVALID APK"
        elif ret_type == "DEX":
            try:
                vm = dvm.DalvikVMFormat(open(input, "rb").read())
            except Exception, e:
                print "INVALID DEX", e

        vmx = analysis.VMAnalysis(vm)
        gvmx = ganalysis.GVMAnalysis(vmx, a)

        create_directories(vm, output)

        dd = data.Data(vm, vmx, gvmx, a)

        buff = dd.export_methodcalls_to_gml()
        androconf.save_to_disk(buff, output + "/" + "methodcalls.graphml")

Example #2

    def analyze(self):
        self.__a = analysis.uVMAnalysis( self.__bc )
        self.__bc.set_vmanalysis( self.__a )

        self.__g = ganalysis.GVMAnalysis( self.__a, None )

        self.__bc.set_gvmanalysis( self.__g )

        self.__bc.create_xref()
        self.__bc.create_dref()

Example #3

File: vulfinder.py Project: plowsec/REAL

    def parse_input_file(self):
        """This function will analyze the file given as input"""

        extension = self.get_type(self.filename)

        if extension == ".apk":
            if not self.quiet:
                print "[*] Opening APK..."

            try:
                self.application = apk.APK(self.filename)
                self.dalvik_executable = dvm.DalvikVMFormat(self.application.get_dex())
            except:
                return None
        
        elif extension == ".odex":
            if not self.quiet:
                print "[*] Opening .odex file..."
                
            self.dalvik_executable = dvm.DalvikOdexVMFormat(open(self.filename, "r").read())
        
        elif extension == ".dex":
            if not self.quiet:
                print "[*] Opening .dex file"

            self.dalvik_executable = dvm.DalvikVMFormat(open(self.filename, "r").read())
        
        else:

            if not self.quiet:
                print "[!] Invalid type for %s...skipping" % (self.filename)

            return None
        
        if not self.quiet:
            #print "[*] This application uses the following permissions :"
            #print self.application.get_permissions()

            print "[*] Analyzing dex file..."

        self.analyzed_dex = analysis.VMAnalysis(self.dalvik_executable)
        self.gx = ganalysis.GVMAnalysis(self.analyzed_dex, None)

        self.dalvik_executable.set_vmanalysis(self.analyzed_dex)
        self.dalvik_executable.set_gvmanalysis(self.gx)

        if not self.quiet:
            print "[*] Creating xrefs..."

        self.dalvik_executable.create_xref()
        self.dalvik_executable.create_python_export()

Example #4

File: static_analyzer.py Project: pinkblackpig/SandDroidIIE

    def getGexf(self, gexfOut):
        """
        Use Androgexf in androguard to generate graph
        """
        try:
            self.gexfOut = gexfOut
            vm = dvm.DalvikVMFormat(self.apkObj.get_dex())

            vmx = analysis.VMAnalysis(vm)
            gvmx = ganalysis.GVMAnalysis(vmx, self.apkObj)

            b = gvmx.export_to_gexf()
            androconf.save_to_disk(b, self.gexfOut)
        except Exception:
            ex = traceback.format_exc()
            self.log.exce(ex)

Example #5

File: apkviewer.py Project: zhengyuqin/lobotomy

def main(options, arguments):
    if options.input != None and options.output != None:

        ret_type = androconf.is_android(options.input)
        vm = None
        a = None
        if ret_type == "APK":
            a = apk.APK(options.input)
            if a.is_valid_APK():
                vm = dvm.DalvikVMFormat(a.get_dex())
            else:
                print "INVALID APK"
        elif ret_type == "DEX":
            try:
                vm = dvm.DalvikVMFormat(open(options.input, "rb").read())
            except Exception, e:
                print "INVALID DEX", e

        vmx = analysis.VMAnalysis(vm)
        gvmx = ganalysis.GVMAnalysis(vmx, a)

        create_directories(vm, options.output)

        #        dv.export_to_gml( options.output )

        dd = data.Data(vm, vmx, gvmx, a)

        buff = dd.export_apk_to_gml()
        androconf.save_to_disk(buff, options.output + "/" + "apk.graphml")

        buff = dd.export_methodcalls_to_gml()
        androconf.save_to_disk(buff,
                               options.output + "/" + "methodcalls.graphml")

        buff = dd.export_dex_to_gml()
        for i in buff:
            androconf.save_to_disk(buff[i],
                                   options.output + "/" + i + ".graphml")

Example #6

File: androgexf.py Project: appknox/androguard-old

def main(options, arguments):
    if options.input != None and options.output != None:
        ret_type = androconf.is_android(options.input)

        vm = None
        a = None
        if ret_type == "APK":
            a = apk.APK(options.input)
            if a.is_valid_APK():
                vm = dvm.DalvikVMFormat(a.get_dex())
            else:
                print("INVALID APK")
        elif ret_type == "DEX":
            try:
                vm = dvm.DalvikVMFormat(read(options.input))
            except Exception as e:
                print("INVALID DEX", e)

        vmx = analysis.VMAnalysis(vm)
        gvmx = ganalysis.GVMAnalysis(vmx, a)

        b = gvmx.export_to_gexf()
        androconf.save_to_disk(b, options.output)

Example #7

File: dalvikvm_format_8.py Project: gomesrocha/MobiSec

PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.bytecodes import dvm
from androguard.core.bytecodes import apk
from androguard.core.androconf import CONF
from androguard.core.analysis import analysis, ganalysis

#CONF["LAZY_ANALYSIS"] = True

TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk"

a = apk.APK(TEST)
j = dvm.DalvikVMFormat(a.get_dex())
dx = analysis.uVMAnalysis(j)
gx = ganalysis.GVMAnalysis(dx, None)

j.set_vmanalysis(dx)
j.set_gvmanalysis(gx)

j.create_xref()
j.create_dref()

for m in dx.get_methods():
    idx = 0
    for i in m.basic_blocks.get():
        print("\t %s %x %x" % (i.name, i.start, i.end),
              i.get_instructions()[-1].get_name())

    print(m.method.XREFfrom, m.method.XREFto)

Example #8

    def run(self):
        if androconf.is_android_raw(self.raw) == "DEY":
            dex_object = dvm.DalvikOdexVMFormat(self.raw)
        else:
            dex_object = dvm.DalvikVMFormat(self.raw)

        ana_object = analysis.uVMAnalysis(dex_object)
        gvm_object = ganalysis.GVMAnalysis(ana_object, None)

        dex_object.set_vmanalysis(ana_object)
        dex_object.set_gvmanalysis(gvm_object)

        for i in androconf.CONF:
            if is_setting(i):
                androconf.CONF[i] = get_setting(i)

        decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad")

        if decompiler_option == "dex2jad":
            dex_object.set_decompiler(
                decompiler.DecompilerDex2Jad(dex_object,
                                             androconf.CONF["PATH_DEX2JAR"],
                                             androconf.CONF["BIN_DEX2JAR"],
                                             androconf.CONF["PATH_JAD"],
                                             androconf.CONF["BIN_JAD"],
                                             androconf.CONF["TMP_DIRECTORY"]))
        elif decompiler_option == "ded":
            dex_object.set_decompiler(
                decompiler.DecompilerDed(dex_object,
                                         androconf.CONF["PATH_DED"],
                                         androconf.CONF["BIN_DED"],
                                         androconf.CONF["TMP_DIRECTORY"]))
        else:
            dex_object.set_decompiler(
                decompiler.DecompilerDAD(dex_object, ana_object))

        dex_object.create_xref()
        dex_object.create_dref()

        self.view.set_name("%s.ag" % (self.filename))

        self.view.set_scratch(True)
        edit = self.view.begin_edit()
        self.view.sel().clear()
        self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage")

        by_package = {}
        for current_class in dex_object.get_classes():
            name = current_class.get_name()

            try:
                by_package[os.path.dirname(name)].append(current_class)
            except KeyError:
                by_package[os.path.dirname(name)] = []
                by_package[os.path.dirname(name)].append(current_class)

        b_buffer = ""
        line = 0

        AG_METHODS_LINE[self.view.id()] = {}
        AG_CLASSES_LINE[self.view.id()] = {}
        AG_FIELDS_LINE[self.view.id()] = {}
        for key in sorted(by_package.iterkeys()):
            b_buffer += "%s\n" % key
            line += 1

            for c_class in sorted(by_package[key], key=lambda k: k.get_name()):
                b_buffer += "\t%s extends %s\n" % (c_class.get_name(
                )[1:-1], c_class.get_superclassname()[1:-1])
                AG_CLASSES_LINE[self.view.id()][line] = c_class
                line += 1

                for j in c_class.get_methods():
                    b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (
                        j.get_name(), j.get_descriptor(),
                        j.get_access_flags_string(), j.get_length())
                    AG_METHODS_LINE[self.view.id()][line] = j
                    line += 1

                b_buffer += "\n"
                line += 1

                for j in c_class.get_fields():
                    b_buffer += "\t\tfield: %s %s [%s %s]" % (
                        j.get_name(), j.get_descriptor(),
                        j.get_access_flags_string(),
                        dvm.get_type(j.get_descriptor()))

                    init_value = j.get_init_value()
                    if init_value != None:
                        b_buffer += " (%s)" % repr(str(init_value.get_value()))
                    b_buffer += "\n"

                    AG_FIELDS_LINE[self.view.id()][line] = j
                    line += 1

                b_buffer += "\n"
                line += 1

        l = dex_object.get_classes_hierarchy()
        h_buffer = ""
        for i in l:
            h_buffer += i + "\n"

        b_buffer += h_buffer

        self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer)
        self.view.end_edit(edit)
        self.view.set_read_only(True)
        AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object)
        FILENAMES[self.view.id()] = hashlib.sha1(
            dex_object.get_buff()).hexdigest()