def test(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
for k in d.get_classes():
print(dp.get_source_class(k))
def Get_APK_Words(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
class_code_dic, is_amd_class_code_dic = Build_APK_Corpus(apkfile)
for k in d.get_classes(): # 用于遍历每一个class
all_orig_methods = [] # 用于统计一个class里面的所有的method
# print(type(k))
print('class_name+super_name::' + k.get_name() + ':' +
k.get_superclassname())
for m in dx.find_methods(
classname=k.get_name()): # 用于将一个class里面所有的原始方法提取到
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
if not isinstance(orig_method, ExternalMethod):
all_orig_methods.append(orig_method) # 用于得到所有的原始方法
for m in dx.find_methods(
classname=k.get_name()): # 用于遍历一个class里面的所有的方法
orig_method = m.get_method()
if not isinstance(orig_method, ExternalMethod):
if (orig_method.get_name() in all_callback) or (
orig_method.get_name()
in APK_Method_Key_Words.key_registers):
print('method_name+method_descriptor::' +
orig_method.get_name() +
orig_method.get_descriptor())
print(class_code_dic[k.get_name()][
orig_method.get_name() + orig_method.get_descriptor()])
def Deal_one_apk_new(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
apk_word = []
for k in d.get_classes():
print('class_name:' + k.get_name())
# print(dp.get_source_class(k))
for m in dx.find_methods(classname=k.get_name()):
orig_method = m.get_method()
# print(type(orig_method))
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
if is_this_external == False: # 用于获取一个class里面的所有方法
print('orig::' + orig_method.get_name())
else:
print('orig+externalmethod::' + orig_method.get_name())
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node:
CFG.add_node(callee, external=is_external)
if is_external == False:
print('external+callee::' + callee.get_name())
else:
print('callee:' + callee.get_name())
def write_one_apk_source(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
with open(
'F:\\2018年第一学年科研\\APK科研\\数据集\\Word2vec_ao_yuliaoku\\test\\successed_1.txt',
'w') as txtData:
for k in d.get_classes():
print('class_name:' + k.get_name())
txtData.writelines(dp.get_source_class(k))
for m in dx.find_methods(classname=k.get_name()):
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
if is_this_external == False: # 用于获取一个class里面的所有方法
print('orig::' + orig_method.get_name())
else:
print('orig+external::' + orig_method.get_name())
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node:
CFG.add_node(callee, external=is_external)
if is_external == False:
print('external+callee::' + callee.get_name())
else:
print('callee:' + callee.get_name())
def Deal_one_apk(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
apk_word = []
class_code_dic, is_amd_class_code_dic = Update_one_apk_dictory(apkfile)
for k in d.get_classes():
amd_p1 = 'Lmy/app/client/Client;'
if k.get_name() == amd_p1:
# print(dp.get_source_class(k))
all_orig_methods = []
for m in dx.find_methods(
classname=amd_p1): #用于将一个class里面所有的原始方法提取到
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
if not isinstance(orig_method, ExternalMethod):
all_orig_methods.append(orig_method)
for m in dx.find_methods(classname=amd_p1): #用于遍历一个class里面的所有的方法
orig_method = m.get_method()
if not isinstance(orig_method, ExternalMethod):
if (orig_method.get_name() in all_callback) or (
orig_method.get_name()
in APK_Method_Key_Words.key_registers):
callees = [] # 用于将所有的不在这个class里面的函数保存下来
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node:
CFG.add_node(callee, external=is_external)
callees.append(callee)
for callee in callees:
if callee in all_orig_methods:
class_code_dic[k.get_name()][
orig_method.get_name() + orig_method.
get_descriptor()] += class_code_dic[
k.get_name()][callee.get_name() +
callee.get_descriptor()]
print(class_code_dic[k.get_name()]
[orig_method.get_name() +
orig_method.get_descriptor()])
print(is_amd_class_code_dic[k.get_name()]
[orig_method.get_name() +
orig_method.get_descriptor()])
return apk_word
def Get_Apk_Source_Code(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
#用于获取源码
with open('F:\\2018年第一学年科研\\APK科研\\数据集\\Word2vec_ao_yuliaoku\\source.txt',
'w') as txtfile:
for k in d.get_classes(): # 对于每一个class
# print(dp.get_source_class(k))
txtfile.writelines(dp.get_source_class(k))
def decompileMethod(className, methodName, sess):
print("Decompiling whole method...")
className = className.replace("_", "/")
dalv = next(sess.get_objects_dex())[1]
dx = next(sess.get_objects_dex())[2]
dad = decompiler.DecompilerDAD(dalv, dx)
classes = dalv.get_classes_names()
for c in classes:
if className in c:
for m in dalv.get_methods_class(c):
if methodName in str(m):
dad.display_source(m)
def decompileClass(className, sess):
print("Class name is: " + className)
print("Decompiling whole class...")
className = className.replace("_", "/")
dalv = next(sess.get_objects_dex())[1]
dx = next(sess.get_objects_dex())[2]
dad = decompiler.DecompilerDAD(dalv, dx)
classes = dalv.get_classes()
for c in classes:
if className in str(c):
dad.display_all(c)
def AnalyzeAPK(_file, session=None, raw=False):
"""
Analyze an android application and setup all stuff for a more quickly
analysis!
If session is None, no session is used at all. This is the default
behaviour.
If you like to continue your work later, it might be a good idea to use a
session.
A default session can be created by using :meth:`~get_default_session`.
:param _file: the filename of the android application or a buffer which represents the application
:type _file: string (for filename) or bytes (for raw)
:param session: A session (default: None)
:param raw: boolean if raw bytes are supplied instead of a filename
:rtype: return the :class:`~androguard.core.bytecodes.apk.APK`, list of :class:`~androguard.core.bytecodes.dvm.DalvikVMFormat`, and :class:`~androguard.core.analysis.analysis.Analysis` objects
"""
log.debug("AnalyzeAPK")
if session:
log.debug("Using existing session {}".format(session))
if raw:
data = _file
filename = hashlib.md5(_file).hexdigest()
else:
with open(_file, "rb") as fd:
data = fd.read()
filename = _file
digest = session.add(filename, data)
return session.get_objects_apk(filename, digest)
else:
log.debug("Analysing without session")
a = APK(_file, raw=raw)
# FIXME: probably it is not necessary to keep all DalvikVMFormats, as
# they are already part of Analysis. But when using sessions, it works
# this way...
d = []
dx = Analysis()
for dex in a.get_all_dex():
df = DalvikVMFormat(dex, using_api=a.get_target_sdk_version())
dx.add(df)
d.append(df)
df.set_decompiler(decompiler.DecompilerDAD(d, dx))
dx.create_xref()
return a, d, dx
def RunDecompiler(d, dx, decompiler_name):
"""
Run the decompiler on a specific analysis
:param d: the DalvikVMFormat object
:type d: :class:`DalvikVMFormat` object
:param dx: the analysis of the format
:type dx: :class:`VMAnalysis` object
:param decompiler: the type of decompiler to use ("dad", "dex2jad", "ded")
:type decompiler: string
"""
if decompiler_name is not None:
log.debug("Decompiler ...")
decompiler_name = decompiler_name.lower()
# TODO put this into the configuration object and make it more dynamic
# e.g. detect new decompilers and so on...
if decompiler_name == "dex2jad":
d.set_decompiler(
decompiler.DecompilerDex2Jad(d, androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "dex2fernflower":
d.set_decompiler(
decompiler.DecompilerDex2Fernflower(
d, androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["BIN_FERNFLOWER"],
androconf.CONF["OPTIONS_FERNFLOWER"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "ded":
d.set_decompiler(
decompiler.DecompilerDed(d, androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_name == "jadx":
d.set_decompiler(
decompiler.DecompilerJADX(d,
dx,
jadx=androconf.CONF["BIN_JADX"]))
else:
d.set_decompiler(decompiler.DecompilerDAD(d, dx))
def Deal_one_apk(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
apk_word = []
for k in d.get_classes():
# print('class_name:'+k.get_name())
amd_p1 = 'Lcom/mix_four/dd/LockReceiver;'
amd_p2 = 'Lcom/mix_four/dd/CoreService$MyOrderRunnable;'
amd_p3 = 'Landroid/support/v4/content/IntentCompat$IntentCompatImplBase;'
amd_p4 = 'Lcom/mix_four/dd/CoreService$MyOrderRunnable;'
if k.get_name() == amd_p1:
print('class_name:' + k.get_name())
print(dp.get_source_class(k))
for m in dx.find_methods(classname=amd_p1):
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
if is_this_external == False: # 用于获取一个class里面的所有方法
print('orig::' + orig_method.get_name())
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node:
CFG.add_node(callee, external=is_external)
if is_external == False:
print('external+callee::' + callee.get_name())
else:
print('callee:' + callee.get_name())
return apk_word
def Update_one_apk_dictory(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
class_code_dic, is_amd_class_code_dic = Get_one_apk_dictory(apkfile)
for k in d.get_classes():
if k.get_name() == k.get_name():
for m in dx.find_methods(
classname=k.get_name()): # 用于遍历一个class里面的所有的方法
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod):
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method,
external=is_this_external) #将原始结点保存在CFG中
callees = [] # 用于将所有的不在这个class里面的函数保存下来
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node:
CFG.add_node(
callee,
external=is_external) #将不在此method的所有的函数保存在CFG中
callees.append(callee)
'----------提出一个问题-----对于一个class里面的函数调用另外一个class里面的函数'
orig_method_key_words = []
if not isinstance(orig_method,
ExternalMethod): # 用于将属于这个class的所有method提取出来
b = 'false'
orig_method_key_words += (class_code_dic[k.get_name()][
orig_method.get_name() + orig_method.get_descriptor()])
for callee in callees: # 用于统计非该class里面的函数,并且更新origin函数的所有关键字
if callee.get_class_name() in class_code_dic.keys():
# 如果函数在字典里面,则将其关键字提取出来
if (callee.get_name() +
callee.get_descriptor()) in class_code_dic[
callee.get_class_name()].keys():
orig_method_key_words += class_code_dic[
callee.get_class_name()][
callee.get_name() +
callee.get_descriptor()]
if is_amd_class_code_dic[callee.get_class_name(
)][callee.get_name() +
callee.get_descriptor()] == 'true':
b = 'true'
else:
pass
else:
orig_method_key_words += (
Get_Word(callee.get_name() +
callee.get_descriptor()))
# -------用于更新一下原始函数的key值
class_code_dic[k.get_name()][
orig_method.get_name() +
orig_method.get_descriptor()] = orig_method_key_words
if b == 'true':
is_amd_class_code_dic[k.get_name()][
orig_method.get_name() +
orig_method.get_descriptor()] = 'true'
return class_code_dic, is_amd_class_code_dic
def Get_one_apk_dictory(apkfile):
a = apk.APK(apkfile, False, 'r', None, 2)
d = dvm.DalvikVMFormat(a.get_dex())
vmx = analysis.Analysis(d)
dp = decompiler.DecompilerDAD(d, vmx) # DAD是androguard内部的decompiler
a1, d1, dx = AnalyzeAPK(apkfile)
CFG = nx.DiGraph()
class_code_dic = {} # 用于将class里面的所有关键的代码保存下来
# 其格式为 class_code_dic={'class1':'key_class1','class2':'key_class2'}
is_amd_class_code_dic = {} #用于将class里面的所有method里面是否含有amd数据保存下来
for k in d.get_classes():
method_dic = {
} # 用于将一个方法里面的所有关键代码保存下来,其形式是method_dic={'method1':'key_word1','method2':'....}
is_amd_method_dic = {}
# print('class_name:' + k.get_name())
# print(dp.get_source_class(k))
for m in dx.find_methods(classname=k.get_name()):
orig_method = m.get_method()
if isinstance(orig_method, ExternalMethod): #将原始结点保存在CFG中
is_this_external = True
else:
is_this_external = False
CFG.add_node(orig_method, external=is_this_external)
callees = [] # 用于将所有的不在这个class里面的函数保存下来
for other_class, callee, offset in m.get_xref_to():
if isinstance(callee, ExternalMethod):
is_external = True
else:
is_external = False
if callee not in CFG.node: #将非原始结点,即外部的结点保存在CFG中
CFG.add_node(callee, external=is_external)
callees.append(callee)
orig_method_code = []
orig_method_key_words = []
if not isinstance(orig_method,
ExternalMethod): # 用于将这个class创建的所有函数获取到
orig_method_code = orig_method.get_source().split('\n')
orig_method_code = [i.strip() for i in orig_method_code]
orig_method_key_words += Get_Word(orig_method.get_name() +
'==' +
orig_method.get_descriptor())
for callee in callees:
if not isinstance(callee, ExternalMethod):
if callee.get_name() != orig_method.get_name():
callee_code = callee.get_source().split('\n')
callee_code = [i.strip() for i in callee_code]
orig_method_code += callee_code # 得到一个method的内部的所有的源代码
orig_method_key_words += Get_Word(
callee.get_name() + '==' +
callee.get_descriptor())
if not isinstance(
orig_method,
ExternalMethod): # 如果在一个class里面的method是非外部方法,则提取其内部代码
amd_num = 0 # 用于统计这个method是否是包含amd的method
# --------------用于判断amd数据---------------
for key in APK_Method_Key_Words.amd_key_words:
for code in orig_method_code: # 得到一个method内部的所有的源码
if key in code:
amd_num += 1
orig_method_key_words += Get_Word(key)
# ----------用于判断intent代理机制-------------
for key in APK_Method_Key_Words.key_Intent:
for code in orig_method_code: # 得到一个method内部的所有的源码
if key in code:
key_word = Get_Word(key)
key_word.append('Rbracket')
orig_method_key_words += key_word
if amd_num > 0:
# 用于判断此函数里面是否含有恶意代码
is_amd_method_dic[orig_method.get_name() +
orig_method.get_descriptor()] = 'true'
else:
is_amd_method_dic[orig_method.get_name() +
orig_method.get_descriptor()] = 'false'
method_dic[
orig_method.get_name() +
orig_method.get_descriptor()] = orig_method_key_words
class_code_dic[k.get_name()] = method_dic # 用于将一个class里面的所有关键代码保存下来
is_amd_class_code_dic[k.get_name()] = is_amd_method_dic
# print(is_amd_class_code_dic)
# print(class_code_dic)
#用于将俩个字典返回,目的是为了进行后面的工作
return class_code_dic, is_amd_class_code_dic
def main(projectName, className, methodName):
if methodName and (not className):
print('Must provide class name "-c" in order to decompile specific method "-m"')
exit()
#Increase recursion limit to save session file
sys.setrecursionlimit(100000)
r2 = r2pipe.open()
fileName = r2.cmd("i~file[1]")
fileName = fileName.split("/")[2]
if fileName.split("."):
sessionName = fileName.split(".")[0]
sessionName = sessionName+".session"
sessionFile = Path(sessionName)
currentClassMethod = r2.cmd("afi.")
if "_" in currentClassMethod:
currentClassMethod = str(currentClassMethod).replace("_", "/")
currentClass = str(currentClassMethod).split(".")[1]
print("Current class: " + currentClass)
currentMethod = str(currentClassMethod).split(".")[3]
apkMethod = currentMethod.split("/")[0]
if apkMethod == "method":
currentMethod = str(currentClassMethod).split(".")[4]
apkMethod = currentMethod.split("(")[0]
print(" Current Method: " + apkMethod + "\n")
sess = misc.get_default_session()
#Check if project name is passed
if projectName != None:
projectSession = r2ProjectName(projectName, sessionName, fileName, sess)
if className and methodName:
decompileMethod(className, methodName, projectSession)
exit()
if className:
decompileClass(className, projectSession)
exit()
dalv = next(projectSession.get_objects_dex())[1]
dx = next(projectSession.get_objects_dex())[2]
print("Decompiling method " + apkMethod + " in the class" + currentClass)
dad = decompiler.DecompilerDAD(dalv, dx)
classNames = dalv.get_classes_names()
autoDecompile(dalv, dx, dad, classNames, currentClass, apkMethod)
exit()
# Check if session file exists
if sessionFile.is_file():
print("Loading session file, please wait... \n")
sess = session.Load(sessionName)
if className and methodName:
decompileMethod(className, methodName, sess)
exit()
if className:
decompileClass(className, sess)
exit()
dalv = next(sess.get_objects_dex())[1]
dx = next(sess.get_objects_dex())[2]
dad = decompiler.DecompilerDAD(dalv, dx)
classNames = dalv.get_classes_names()
autoDecompile(dalv,dx,dad,classNames, currentClass, apkMethod)
# Create sesssion file
else:
print("No session file found, creating one! Please wait...")
fileName = fileName.replace("\\n\\x00","")
fileName = fileName.split("\'")[0]
apk, d, dx = misc.AnalyzeAPK(fileName, session=sess)
session.Save(sess, sessionName)
print("Session file created: " + sessionName)
print(" Will load session file for future calls... \n")
if className and methodName:
decompileMethod(className, methodName, sess)
exit()
if className:
decompileClass(className, sess)
exit()
dalv = next(sess.get_objects_dex())[1]
dx = next(sess.get_objects_dex())[2]
dad = decompiler.DecompilerDAD(dalv, dx)
classNames = dalv.get_classes_names()
autoDecompile(dalv,dx,dad,classNames,currentClass, apkMethod)
#!/usr/bin/env python
import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.bytecodes import dvm
from androguard.core.analysis import analysis
from androguard.decompiler import decompiler
TEST = "examples/android/TestsAndroguard/bin/classes.dex"
j = dvm.DalvikVMFormat(open(TEST).read())
jx = analysis.VMAnalysis(j)
#d = decompiler.DecompilerDex2Jad( j )
#d = decompiler.DecompilerDed( j )
d = decompiler.DecompilerDAD(j, jx)
j.set_decompiler(d)
# SHOW METHODS
for i in j.get_methods():
if i.get_name() == "onCreate":
print i.get_class_name(), i.get_name()
i.source()
# if i.get_name() == "testWhileTrue" :
# i.source()
def run(self):
if androconf.is_android_raw(self.raw) == "DEY":
dex_object = dvm.DalvikOdexVMFormat(self.raw)
else:
dex_object = dvm.DalvikVMFormat(self.raw)
ana_object = analysis.uVMAnalysis(dex_object)
gvm_object = ganalysis.GVMAnalysis(ana_object, None)
dex_object.set_vmanalysis(ana_object)
dex_object.set_gvmanalysis(gvm_object)
for i in androconf.CONF:
if is_setting(i):
androconf.CONF[i] = get_setting(i)
decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad")
if decompiler_option == "dex2jad":
dex_object.set_decompiler(
decompiler.DecompilerDex2Jad(dex_object,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_option == "ded":
dex_object.set_decompiler(
decompiler.DecompilerDed(dex_object,
androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
else:
dex_object.set_decompiler(
decompiler.DecompilerDAD(dex_object, ana_object))
dex_object.create_xref()
dex_object.create_dref()
self.view.set_name("%s.ag" % (self.filename))
self.view.set_scratch(True)
edit = self.view.begin_edit()
self.view.sel().clear()
self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage")
by_package = {}
for current_class in dex_object.get_classes():
name = current_class.get_name()
try:
by_package[os.path.dirname(name)].append(current_class)
except KeyError:
by_package[os.path.dirname(name)] = []
by_package[os.path.dirname(name)].append(current_class)
b_buffer = ""
line = 0
AG_METHODS_LINE[self.view.id()] = {}
AG_CLASSES_LINE[self.view.id()] = {}
AG_FIELDS_LINE[self.view.id()] = {}
for key in sorted(by_package.iterkeys()):
b_buffer += "%s\n" % key
line += 1
for c_class in sorted(by_package[key], key=lambda k: k.get_name()):
b_buffer += "\t%s extends %s\n" % (c_class.get_name(
)[1:-1], c_class.get_superclassname()[1:-1])
AG_CLASSES_LINE[self.view.id()][line] = c_class
line += 1
for j in c_class.get_methods():
b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(), j.get_length())
AG_METHODS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
for j in c_class.get_fields():
b_buffer += "\t\tfield: %s %s [%s %s]" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(),
dvm.get_type(j.get_descriptor()))
init_value = j.get_init_value()
if init_value != None:
b_buffer += " (%s)" % repr(str(init_value.get_value()))
b_buffer += "\n"
AG_FIELDS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
l = dex_object.get_classes_hierarchy()
h_buffer = ""
for i in l:
h_buffer += i + "\n"
b_buffer += h_buffer
self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer)
self.view.end_edit(edit)
self.view.set_read_only(True)
AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object)
FILENAMES[self.view.id()] = hashlib.sha1(
dex_object.get_buff()).hexdigest()
apk_path = "./app-debug.apk"
print("[*] Begin")
a = apk.APK(apk_path)
f_path = apk_path+"-JavascriptInterface"+".java"
f2_path = apk_path+"-JavascriptInterface-list"+".txt"
f3_path = apk_path+"-method-list"+".txt"
dvm = DalvikVMFormat(a.get_dex())
print("[*] DalvikVMFormat Finish!")
dx = Analysis()
dx.add(dvm)
dvm.set_decompiler(decompiler.DecompilerDAD(dvm, dx))
print("[*] Analysis Finish!")
savedStdout = sys.stdout
with open(f_path, 'w+') as file:
sys.stdout = file
f2 = open(f2_path, 'w+')
f3 = open(f3_path, 'w+')
for adi in dvm.map_list.get_item_type("TYPE_ANNOTATIONS_DIRECTORY_ITEM"):
if adi.get_method_annotations() == []:
continue
# Each annotations_directory_item contains many method_annotation
def export_apps_to_format(filename,
a,
output,
methods_filter=None,
jar=None,
decompiler_type=None,
format=None):
print "Dump information %s in %s" % (filename, output)
if not os.path.exists(output):
print "Create directory %s" % output
os.makedirs(output)
else:
print "Clean directory %s" % output
androconf.rrmdir(output)
os.makedirs(output)
methods_filter_expr = None
if methods_filter:
methods_filter_expr = re.compile(methods_filter)
output_name = output
if output_name[-1] != "/":
output_name = output_name + "/"
dump_classes = []
for vm in a.get_vms():
print "Analysis ...",
sys.stdout.flush()
vmx = analysis.VMAnalysis(vm)
print "End"
print "Decompilation ...",
sys.stdout.flush()
if not decompiler_type:
vm.set_decompiler(decompiler.DecompilerDAD(vm, vmx))
elif decompiler_type == "dex2jad":
vm.set_decompiler(
decompiler.DecompilerDex2Jad(vm,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "dex2winejad":
vm.set_decompiler(
decompiler.DecompilerDex2WineJad(
vm, androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_WINEJAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "ded":
vm.set_decompiler(
decompiler.DecompilerDed(vm, androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "dex2fernflower":
vm.set_decompiler(
decompiler.DecompilerDex2Fernflower(
vm, androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_FERNFLOWER"],
androconf.CONF["BIN_FERNFLOWER"],
androconf.CONF["OPTIONS_FERNFLOWER"],
androconf.CONF["TMP_DIRECTORY"]))
else:
raise ("invalid decompiler !")
print "End"
if options.jar:
print "jar ...",
filenamejar = decompiler.Dex2Jar(
vm, androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["TMP_DIRECTORY"]).get_jar()
shutil.move(filenamejar, output + "classes.jar")
print "End"
for method in vm.get_methods():
if methods_filter_expr:
msig = "%s%s%s" % (method.get_class_name(), method.get_name(),
method.get_descriptor())
if not methods_filter_expr.search(msig):
continue
filename_class = valid_class_name(method.get_class_name())
create_directory(filename_class, output)
print "Dump %s %s %s ..." % (method.get_class_name(),
method.get_name(),
method.get_descriptor()),
filename_class = output_name + filename_class
if filename_class[-1] != "/":
filename_class = filename_class + "/"
descriptor = method.get_descriptor()
descriptor = descriptor.replace(";", "")
descriptor = descriptor.replace(" ", "")
descriptor = descriptor.replace("(", "-")
descriptor = descriptor.replace(")", "-")
descriptor = descriptor.replace("/", "_")
filename = filename_class + method.get_name() + descriptor
if len(method.get_name() + descriptor) > 250:
all_identical_name_methods = vm.get_methods_descriptor(
method.get_class_name(), method.get_name())
pos = 0
for i in all_identical_name_methods:
if i.get_descriptor() == method.get_descriptor():
break
pos += 1
filename = filename_class + method.get_name() + "_%d" % pos
buff = method2dot(vmx.get_method(method))
if format:
print "%s ..." % format,
method2format(filename + "." + format, format, None, buff)
if method.get_class_name() not in dump_classes:
print "source codes ...",
current_class = vm.get_class(method.get_class_name())
current_filename_class = valid_class_name(
current_class.get_name())
create_directory(filename_class, output)
current_filename_class = output_name + current_filename_class + ".java"
fd = open(current_filename_class, "w")
fd.write(current_class.get_source())
fd.close()
dump_classes.append(method.get_class_name())
print "bytecodes ...",
bytecode_buff = dvm.get_bytecodes_method(vm, vmx, method)
fd = open(filename + ".ag", "w")
fd.write(bytecode_buff)
fd.close()
print
def decompile(apkname, output):
print "Dump information %s in %s" % (apkname, output)
apk_vm_serial = []
a = Androguard([apkname])
decompiler_type = None
if not os.path.exists(output):
print "Create directory %s" % output
os.makedirs(output)
else:
print "Clean directory %s" % output
androconf.rrmdir(output)
os.makedirs(output)
output_dir = output
if output_dir[-1] != "/":
output_name = output_dir + "/"
print "Output dir: %s" % output_dir
for vm in a.get_vms():
vm_list = [] #vm_list = [vm, vmx]
print "Analysis ...",
sys.stdout.flush()
vmx = analysis.VMAnalysis(vm)
vm_list.append(vm)
vm_list.append(vmx)
print "End"
print "Decompilation ...",
sys.stdout.flush()
if not decompiler_type:
vm.set_decompiler(decompiler.DecompilerDAD(vm, vmx))
elif decompiler_type == "dex2jad":
vm.set_decompiler(
decompiler.DecompilerDex2Jad(vm,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "dex2winejad":
vm.set_decompiler(
decompiler.DecompilerDex2WineJad(
vm, androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_WINEJAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "ded":
vm.set_decompiler(
decompiler.DecompilerDed(vm, androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_type == "dex2fernflower":
vm.set_decompiler(
decompiler.DecompilerDex2Fernflower(
vm, androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_FERNFLOWER"],
androconf.CONF["BIN_FERNFLOWER"],
androconf.CONF["OPTIONS_FERNFLOWER"],
androconf.CONF["TMP_DIRECTORY"]))
else:
raise ("invalid decompiler !")
apk_vm_serial.append(vm_list)
print "End"
return apk_vm_serial
