dex_file.close() #smali_jar = os.path.join(working_dir, "smali", "smali.jar") #baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar") smali_jar = os.path.join(working_dir, "smali", "smali-1.4.1.jar") baksmali_jar = os.path.join(working_dir, "smali", "baksmali-1.4.1.jar") cert_path = os.path.join(working_dir, "config", "cert", "apkil.cert") call(args=['java', '-jar', baksmali_jar, '-b', '-o', smalidir, dexpath]) s = smali.SmaliTree(level, smalidir) s = mo.inject(s, level) s.save(new_smalidir) print "\n[Create new dex file]" print "java -jar " + smali_jar + " -a %d" % level + " -o " + new_dexpath + " " + new_smalidir call(args=['java', '-jar', smali_jar, '-a', str(level), '-o', new_dexpath, new_smalidir]) new_dex = open(new_dexpath).read(); a.new_zip(filename=new_apk, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk(new_apk, cert_path, "apkil", "apkilapkil" ) print "\n[Instrumented apk]\n%s" % new_apk #print "\n[Install new apk]" #os.system("./install.script " + new_apk)
print "ORIG : " print hexdump(b1[j - 8: j + 8], off=j-8) + "\n" print "NEW : " print hexdump(b2[j - 8: j + 8], off=j-8) + "\n" j += 1 print "OK" #TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" TEST = "apks/malwares/smszombie/40F3F16742CD8AC8598BF859A23AC290.apk" FILENAME = "./toto.apk" androconf.set_debug() a = apk.APK( TEST ) j = dvm.DalvikVMFormat( a.get_dex() ) x = analysis.VMAnalysis( j ) m = MDalvikVMFormat(j, x) print j, x, m new_dex = m.test_save() a.new_zip( filename=FILENAME, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk( FILENAME, "./keystore/keystore1", "tototo" )
) == "Lre/androguard/android/invalid/MainActivity;": #if i.get_name() == "testStrings": # instructions = [ins for ins in i.get_instructions()] # instructions[0].BBBB = 10000 # i.set_instructions(instructions) if i.get_name() == "testInstances": instructions = [ins for ins in i.get_instructions()] instructions[0].BBBB = 0x4141 i.set_instructions(instructions) FILENAME_INPUT = "./examples/android/Invalid/Invalid.apk" FILENAME_OUTPUT = "./toto.apk" androconf.set_debug() a = apk.APK(FILENAME_INPUT) vm = dvm.DalvikVMFormat(a.get_dex()) vmx = analysis.VMAnalysis(vm) patch_dex(vm) new_dex = vm.save() a.new_zip(filename=FILENAME_OUTPUT, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) # Please configure your keystore !! :) follow the tutorial on android website apk.sign_apk(FILENAME_OUTPUT, "./keystore/keystore1", "tototo")
if (not args.level) or args.level[0] < min_version: level = min_version else: level = args.level[0] dex_file = open(dexpath, 'w') dex_file.write(a.get_dex()) dex_file.close() smali_jar = os.path.join(working_dir, "smali", "smali.jar") baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar") cert_path = os.path.join(working_dir, "config", "apkil.cert") call(args=['java', '-jar', baksmali_jar, '-b', '-o', smalidir, dexpath]) s = smali.SmaliTree(level, smalidir) s = mo.inject(s, level) s.save(new_smalidir) call(args=[ 'java', '-jar', smali_jar, '-a', str(level), '-o', new_dexpath, new_smalidir ]) new_dex = open(new_dexpath).read() a.new_zip(filename=new_apk, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) apk.sign_apk(new_apk, cert_path, "apkil", "apkilapkil") print "NEW APK: %s" % new_apk
print("BEGIN @ OFFSET 0x%x" % j) print("ORIG : ") print(hexdump(b1[j - 8:j + 8], off=j - 8) + "\n") print("NEW : ") print(hexdump(b2[j - 8:j + 8], off=j - 8) + "\n") j += 1 print("OK") #TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" TEST = "apks/malwares/smszombie/40F3F16742CD8AC8598BF859A23AC290.apk" FILENAME = "./toto.apk" androconf.set_debug() a = apk.APK(TEST) j = dvm.DalvikVMFormat(a.get_dex()) x = analysis.VMAnalysis(j) m = MDalvikVMFormat(j, x) print(j, x, m) new_dex = m.test_save() a.new_zip(filename=FILENAME, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) apk.sign_apk(FILENAME, "./keystore/keystore1", "tototo")
def instrument(filename, hooks): """ Instruments API calls with an "Injector" and repackages the modified App @param filename: str indicating the full path to the APK file to instrument @param hooks: annotation object from dftest, indicating code locations to instrument """ print "Instrumenting %s" % filename root_name, _ = os.path.splitext(filename) # APK gives access to the resources of an apk file a = apk.APK(filename) api_config = default_api db_path = os.path.join(working_dir, "androidlib") mo = injector.injection.Injector(db_path, config=api_config) new_apk = os.path.join(outdir, os.path.split(root_name)[1] + "_new.apk") if os.path.exists(outdir): shutil.rmtree(outdir) os.makedirs(outdir) dexpath = os.path.join(outdir, "origin.dex") smalidir = os.path.join(outdir, "origin_smali") new_dexpath = os.path.join(outdir, "new.dex") new_smalidir = os.path.join(outdir, "new_smali") level = 8 min_version = level target_version = level if a.get_min_sdk_version(): min_version = int(a.get_min_sdk_version()) print "min_sdk_version=%d" % min_version level = min_version if a.get_target_sdk_version(): target_version = int(a.get_target_sdk_version()) print "target_sdk_version=%d" % target_version # Configuration of smali and the certificate required for signing the repackaged APK smali_jar = os.path.join(working_dir, "smali", "smali.jar") baksmali_jar = os.path.join(working_dir, "smali", "baksmali.jar") cert_path = os.path.join(working_dir, "config", "apkil.cert") # Extract dex (bytecode) file from apk dex_file = open(dexpath, "w") dex_file.write(a.get_dex()) dex_file.close() # call smali and write result to outdir print "Applying baksmali, writing to %s" % outdir call(args=["java", "-jar", baksmali_jar, "-b", "-o", smalidir, dexpath]) s = injector.smali.SmaliTree(level, smalidir) # Instrument smali code print "Injecting code, writing to %s" % new_smalidir s = mo.inject(s, level, hooks) s.save(new_smalidir) # Compile smali code to bytecode again print "Applying smali, writing to %s" % new_dexpath call(args=["java", "-jar", smali_jar, "-a", str(level), "-o", new_dexpath, new_smalidir]) # Create new APK with modified classes.dex file print "Re-Package modified classes.dex into %s" % new_apk new_dex = open(new_dexpath).read() a.new_zip(filename=new_apk, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) # Finally sign the apk again print "Signing the new apk with cert from %s" % cert_path apk.sign_apk(new_apk, cert_path, "apkilapkil", "apkil") print "DONE. Have fun with %s" % new_apk
for i in m.get_methods(): if i.get_class_name() == "Lre/androguard/android/invalid/MainActivity;": #if i.get_name() == "testStrings": # instructions = [ins for ins in i.get_instructions()] # instructions[0].BBBB = 10000 # i.set_instructions(instructions) if i.get_name() == "testInstances": instructions = [ins for ins in i.get_instructions()] instructions[0].BBBB = 0x4141 i.set_instructions(instructions) FILENAME_INPUT = "./examples/android/Invalid/Invalid.apk" FILENAME_OUTPUT = "./toto.apk" androconf.set_debug() a = apk.APK(FILENAME_INPUT) vm = dvm.DalvikVMFormat(a.get_dex()) vmx = analysis.VMAnalysis(vm) patch_dex(vm) new_dex = vm.save() a.new_zip(filename=FILENAME_OUTPUT, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) # Please configure your keystore !! :) follow the tutorial on android website apk.sign_apk(FILENAME_OUTPUT, "./keystore/keystore1", "tototo")
call(args=["ant", "debug", "-buildfile", \ os.path.join(EXPORT_FOLDER, "build.xml")]) sys.exit(0) dex_file_path = os.path.join(EXPORT_FOLDER, "bin", "classes.dex") MONITOR_SMALI = "examples/APIMonitor/smali" call(args=['baksmali', '-b', '-o', MONITOR_SMALI, dex_file_path]) m_s = smali.SmaliTree(MONITOR_SMALI) for api in API_LIST: insns = s.get_insn35c("invoke-virtual", api) for i in insns: i.obj.replace("invoke-static", m.method_map[api]) for c in m.get_class_descs(): s.add_class(m_s.get_class(c)) s.save(NEW_OUT) call(args=['smali', '-a', '6', '-o', NEW_DEX, NEW_OUT]) new_dex = open(NEW_DEX).read(); a.new_zip(filename=NEW_APK, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk( NEW_APK, \ "/Users/kelwin/Dropbox/Backup/androguard", "apkil", "apkilapkil" )
"Landroid/net/Uri;->parse(Ljava/lang/String;)", \ "Landroid/content/Intent;-><init>(Ljava/lang/String;)", \ "Landroid/content/ContextWrapper;->openFileOutput(Ljava/lang/String;I)", \ "Ljava/io/OutputStreamWriter;->write(Ljava/lang/String;)", \ "Lapkil/tests/APKIL;->openFileInput(Ljava/lang/String;)", "Ljava/io/BufferedReader;->readLine()Ljava/lang/String;", \ "Landroid/telephony/SmsManager;->sendTextMessage(\ Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;\ Landroid/app/PendingIntent;Landroid/app/PendingIntent;)" , \ "Landroid/content/pm/PackageManager;->getInstalledApplications(I)", ] mo = monitor.APIMonitor(db_path, API_LIST) API_CONFIG = "config/default_api_collection" mo = monitor.APIMonitor(db_path, config=API_CONFIG) s = mo.inject(s, min_version) s.save(NEW_OUT) call(args=[ 'java', '-jar', 'smali/smali.jar', '-a', str(min_version), '-o', NEW_DEX, NEW_OUT ]) new_dex = open(NEW_DEX).read() a.new_zip(filename=NEW_APK, deleted_files="(META-INF/.)", new_files={"classes.dex": new_dex}) apk.sign_apk( NEW_APK, \ "config/apkil.cert", "apkil", "apkilapkil" )
a = apk.APK(APK) dex_file = open(DEX, 'w') dex_file.write(a.get_dex()) dex_file.close() call(args=['baksmali', '-b', '-o', SMALI_DIR, DEX]) s = smali.SmaliTree(SMALI_DIR) api_list = [] perms = a.get_permissions() for p in perms: print p if API_BY_PERMISSION.has_key(p): for ml in API_BY_PERMISSION[p].values(): api_list.extend(ml) mo = monitor.APIMonitor(api_list) s = mo.inject(s) s.save(NEW_OUT) call(args=['smali', '-a', '7', '-o', NEW_DEX, NEW_OUT]) new_dex = open(NEW_DEX).read(); a.new_zip(filename=NEW_APK, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk( NEW_APK, \ "/Users/kelwin/Dropbox/Backup/apkil", "apkil", "apkilapkil" )
API_LIST = [ \ "Landroid/net/Uri;->parse(Ljava/lang/String;)", \ "Landroid/content/Intent;-><init>(Ljava/lang/String;)", \ "Landroid/content/ContextWrapper;->openFileOutput(Ljava/lang/String;I)", \ "Ljava/io/OutputStreamWriter;->write(Ljava/lang/String;)", \ "Lapkil/tests/APKIL;->openFileInput(Ljava/lang/String;)", "Ljava/io/BufferedReader;->readLine()Ljava/lang/String;", \ "Landroid/telephony/SmsManager;->sendTextMessage(\ Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;\ Landroid/app/PendingIntent;Landroid/app/PendingIntent;)", \ "Landroid/content/pm/PackageManager;->getInstalledApplications(I)", ] mo = monitor.APIMonitor(db_path, API_LIST) API_CONFIG = "config/default_api_collection" mo = monitor.APIMonitor(db_path, config=API_CONFIG) s = mo.inject(s, min_version) s.save(NEW_OUT) call(args=['java', '-jar', 'smali/smali.jar', '-a', str(min_version), '-o', NEW_DEX, NEW_OUT]) new_dex = open(NEW_DEX).read(); a.new_zip(filename=NEW_APK, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk( NEW_APK, \ "config/apkil.cert", "apkil", "apkilapkil" )
call(args=["ant", "debug", "-buildfile", \ os.path.join(EXPORT_FOLDER, "build.xml")]) sys.exit(0) dex_file_path = os.path.join(EXPORT_FOLDER, "bin", "classes.dex") MONITOR_SMALI = "examples/APIMonitor/smali" call(args=['baksmali', '-b', '-o', MONITOR_SMALI, dex_file_path]) m_s = smali.SmaliTree(MONITOR_SMALI) for api in API_LIST: insns = s.get_insn35c("invoke-virtual", api) for i in insns: i.obj.replace("invoke-static", m.method_map[api]) for c in m.get_class_descs(): s.add_class(m_s.get_class(c)) s.save(NEW_OUT) call(args=['smali', '-a', '6', '-o', NEW_DEX, NEW_OUT]) new_dex = open(NEW_DEX).read(); a.new_zip(filename=NEW_APK, deleted_files="(META-INF/.)", new_files = { "classes.dex" : new_dex } ) apk.sign_apk( NEW_APK, \ "/Users/kelwin/Dropbox/Backup/androguard", "androguard", "haimen!!" )