def androsign_main(args_apk, args_hash, args_all, show):
from androguard.core.bytecodes.apk import APK
from androguard.util import get_certificate_name_string
import hashlib
import traceback
from colorama import Fore, Style
from asn1crypto import x509
# Keep the list of hash functions in sync with cli/entry_points.py:sign
hashfunctions = dict(md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512,
)
if args_hash.lower() not in hashfunctions:
print("Hash function {} not supported!"
.format(args_hash.lower()), file=sys.stderr)
print("Use one of {}"
.format(", ".join(hashfunctions.keys())), file=sys.stderr)
sys.exit(1)
for path in args_apk:
try:
a = APK(path)
print("{}, package: '{}'".format(os.path.basename(path), a.get_package()))
print("Is signed v1: {}".format(a.is_signed_v1()))
print("Is signed v2: {}".format(a.is_signed_v2()))
certs = set(a.get_certificates_der_v2() + [a.get_certificate_der(x) for x in a.get_signature_names()])
if len(certs) > 0:
print("Found {} unique certificates".format(len(certs)))
for cert in certs:
if show:
x509_cert = x509.Certificate.load(cert)
print("Issuer:", get_certificate_name_string(x509_cert.issuer, short=True))
print("Subject:", get_certificate_name_string(x509_cert.subject, short=True))
print("Serial Number:", hex(x509_cert.serial_number))
print("Hash Algorithm:", x509_cert.hash_algo)
print("Signature Algorithm:", x509_cert.signature_algo)
print("Valid not before:", x509_cert['tbs_certificate']['validity']['not_before'].native)
print("Valid not after:", x509_cert['tbs_certificate']['validity']['not_after'].native)
if not args_all:
print("{} {}".format(args_hash.lower(), hashfunctions[args_hash.lower()](cert).hexdigest()))
else:
for k, v in hashfunctions.items():
print("{} {}".format(k, v(cert).hexdigest()))
print()
except:
print(Fore.RED + "Error in {}".format(os.path.basename(path)) + Style.RESET_ALL, file=sys.stderr)
traceback.print_exc(file=sys.stderr)
if len(args_apk) > 1:
print()
def main():
parser = get_parser()
args = parser.parse_args()
hashfunctions = dict(md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512,
)
if args.hash.lower() not in hashfunctions:
print("Hash function {} not supported!".format(args.hash.lower()), file=sys.stderr)
print("Use one of {}".format(", ".join(hashfunctions.keys())), file=sys.stderr)
sys.exit(1)
for path in args.apk:
try:
a = APK(path)
print("{}, package: '{}'".format(os.path.basename(path), a.get_package()))
print("Is signed v1: {}".format(a.is_signed_v1()))
print("Is signed v2: {}".format(a.is_signed_v2()))
certs = set(a.get_certificates_der_v2() + [a.get_certificate_der(x) for x in a.get_signature_names()])
if len(certs) > 0:
print("Found {} unique certificates".format(len(certs)))
for cert in certs:
if args.show:
x509_cert = x509.Certificate.load(cert)
print("Issuer:", get_certificate_name_string(x509_cert.issuer, short=True))
print("Subject:", get_certificate_name_string(x509_cert.subject, short=True))
print("Serial Number:", hex(x509_cert.serial_number))
print("Hash Algorithm:", x509_cert.hash_algo)
print("Signature Algorithm:", x509_cert.signature_algo)
print("Valid not before:", x509_cert['tbs_certificate']['validity']['not_before'].native)
print("Valid not after:", x509_cert['tbs_certificate']['validity']['not_after'].native)
if not args.all:
print("{} {}".format(args.hash.lower(), hashfunctions[args.hash.lower()](cert).hexdigest()))
else:
for k, v in hashfunctions.items():
print("{} {}".format(k, v(cert).hexdigest()))
print()
except:
print(Fore.RED + "Error in {}".format(os.path.basename(path)) + Style.RESET_ALL, file=sys.stderr)
traceback.print_exc(file=sys.stderr)
if len(args.apk) > 1:
print()
def __init__(self, cert):
x509_cert = x509.Certificate.load(cert)
self.issuer = get_certificate_name_string(x509_cert.issuer, short=True)
self.subject = get_certificate_name_string(x509_cert.subject,
short=True)
self.serial_num = hex(x509_cert.serial_number)
self.hash_algo = x509_cert.hash_algo
self.sign_algo = x509_cert.signature_algo
self.valid_not_before = x509_cert['tbs_certificate']['validity'][
'not_before'].native
self.valid_not_after = x509_cert['tbs_certificate']['validity'][
'not_after'].native
self.hashes = self.__compute_hashes__(cert)
def androguard_certinfo(app_dir, app_file):
"""Return certificate information."""
certlist = []
apk_file = os.path.join(app_dir, app_file)
hashfunctions = dict(
md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512,
)
a = APK(apk_file)
certlist.append("v1: {}".format(a.is_signed_v1()))
certlist.append("v2: {}".format(a.is_signed_v2()))
certlist.append("v3: {}".format(a.is_signed_v3()))
certs = set(a.get_certificates_der_v3() + a.get_certificates_der_v2() +
[a.get_certificate_der(x) for x in a.get_signature_names()])
pkeys = set(a.get_public_keys_der_v3() + a.get_public_keys_der_v2())
for cert in certs:
x509_cert = x509.Certificate.load(cert)
certlist.append("Subject: {}".format(
get_certificate_name_string(x509_cert.subject, short=True)))
certlist.append("Signature Algorithm: {}".format(
x509_cert.signature_algo))
certlist.append("Valid From: {}".format(
x509_cert['tbs_certificate']['validity']['not_before'].native))
certlist.append("Valid To: {}".format(
x509_cert['tbs_certificate']['validity']['not_after'].native))
certlist.append("Issuer: {}".format(
get_certificate_name_string(x509_cert.issuer, short=True)))
certlist.append("Serial Number: {}".format(hex(
x509_cert.serial_number)))
certlist.append("Hash Algorithm: {}".format(x509_cert.hash_algo))
for k, v in hashfunctions.items():
certlist.append("{} {}".format(k, v(cert).hexdigest()))
for public_key in pkeys:
x509_public_key = keys.PublicKeyInfo.load(public_key)
certlist.append("PublicKey Algorithm: {}".format(
x509_public_key.algorithm))
certlist.append("Bit Size: {}".format(x509_public_key.bit_size))
certlist.append("Fingerprint: {}".format(
binascii.hexlify(x509_public_key.fingerprint).decode("utf-8")))
try:
certlist.append("Hash Algorithm: {}".format(
x509_public_key.hash_algo))
except ValueError as ve:
# RSA pkey does not have an hash algorithm
pass
return '\n'.join(certlist)
def show_Certificate(cert, short=False):
"""
Print Fingerprints, Issuer and Subject of an X509 Certificate.
:param cert: X509 Certificate to print
:param short: Print in shortform for DN (Default: False)
:type cert: :class:`cryptography.x509.Certificate`
:type short: Boolean
"""
for h in [hashes.MD5, hashes.SHA1, hashes.SHA256, hashes.SHA512]:
print("{}: {}".format(h.name, binascii.hexlify(cert.fingerprint(h())).decode("ascii")))
print("Issuer: {}".format(get_certificate_name_string(cert.issuer, short=short)))
print("Subject: {}".format(get_certificate_name_string(cert.subject, short=short)))
def show_Certificate(cert, short=False):
"""
Print Fingerprints, Issuer and Subject of an X509 Certificate.
:param cert: X509 Certificate to print
:param short: Print in shortform for DN (Default: False)
:type cert: :class:`asn1crypto.x509.Certificate`
:type short: Boolean
"""
print("SHA1 Fingerprint: {}".format(cert.sha1_fingerprint))
print("SHA256 Fingerprint: {}".format(cert.sha256_fingerprint))
print("Issuer: {}".format(get_certificate_name_string(cert.issuer.native, short=short)))
print("Subject: {}".format(get_certificate_name_string(cert.subject.native, short=short)))
def show_Certificate(cert, short=False):
"""
Print Fingerprints, Issuer and Subject of an X509 Certificate.
:param cert: X509 Certificate to print
:param short: Print in shortform for DN (Default: False)
:type cert: :class:`asn1crypto.x509.Certificate`
:type short: Boolean
"""
print("SHA1 Fingerprint: {}".format(cert.sha1_fingerprint))
print("SHA256 Fingerprint: {}".format(cert.sha256_fingerprint))
print("Issuer: {}".format(get_certificate_name_string(cert.issuer.native, short=short)))
print("Subject: {}".format(get_certificate_name_string(cert.issuer.native, short=short)))
def getSign():
certs = set(targeApk.get_certificates_der_v2() + [
targeApk.get_certificate_der(x)
for x in targeApk.get_signature_names()
])
for cert in certs:
x509_cert = x509.Certificate.load(cert)
Issuer = get_certificate_name_string(x509_cert.issuer.native,
short=True)
SerialNumber = hex(x509_cert.serial_number).upper().strip("0X")
signMd5 = hashlib.md5(cert).hexdigest().upper()
signSha1 = hashlib.sha1(cert).hexdigest().upper()
return {
"Issuer": Issuer,
"SerialNumber": SerialNumber,
"signMd5": signMd5,
"signSha1": signSha1
}
def getSign():
certs = set(targeApk.get_certificates_der_v2() + [
targeApk.get_certificate_der(x)
for x in targeApk.get_signature_names()
])
for cert in certs:
x509_cert = x509.Certificate.load(cert)
#print(x509_cert.issuer.human_friendly)
#print("Issuer:", get_certificate_name_string(x509_cert.issuer, short=True))
#rawIssuer = x509_cert['tbs_certificate']['issuer'].native
#Issuer="CN="+ rawIssuer['country_name'] +", OU="+rawIssuer["organizational_unit_name"]+", O="+rawIssuer["organization_name"]\
# +", L="+rawIssuer["locality_name"]+", ST="+rawIssuer["state_or_province_name"]+", C="+rawIssuer["country_name"]
Issuer = get_certificate_name_string(x509_cert.issuer.native,
short=True)
SerialNumber = hex(x509_cert.serial_number).upper().strip("0X")
signMd5 = hashlib.md5(cert).hexdigest().upper()
signSha1 = hashlib.sha1(cert).hexdigest().upper()
return {
"Issuer": Issuer,
"SerialNumber": SerialNumber,
"signMd5": signMd5,
"signSha1": signSha1
}
def cert_info(app_dir, app_file):
"""Return certificate information."""
try:
logger.info('Reading Code Signing Certificate')
manifestfile = None
manidat = ''
cert_info = ''
certlist = []
cert_path = os.path.join(app_dir, 'META-INF/')
apk_file = os.path.join(app_dir, app_file)
hashfunctions = {
'md5': hashlib.md5,
'sha1': hashlib.sha1,
'sha256': hashlib.sha256,
'sha512': hashlib.sha512,
}
files = [
f for f in os.listdir(cert_path)
if os.path.isfile(os.path.join(cert_path, f))
]
a = APK(apk_file)
if a.is_signed():
certlist.append('APK is signed')
else:
certlist.append('Missing certificate')
certlist.append('v1 signature: {}'.format(a.is_signed_v1()))
certlist.append('v2 signature: {}'.format(a.is_signed_v2()))
certlist.append('v3 signature: {}'.format(a.is_signed_v3()))
certs = set(
a.get_certificates_der_v3() + a.get_certificates_der_v2() +
[a.get_certificate_der(x) for x in a.get_signature_names()])
pkeys = set(a.get_public_keys_der_v3() + a.get_public_keys_der_v2())
if len(certs) > 0:
certlist.append('Found {} unique certificates'.format(len(certs)))
for cert in certs:
x509_cert = x509.Certificate.load(cert)
certlist.append('Subject: {}'.format(
get_certificate_name_string(x509_cert.subject, short=True)))
certlist.append('Signature Algorithm: {}'.format(
x509_cert.signature_algo))
certlist.append('Valid From: {}'.format(
x509_cert['tbs_certificate']['validity']['not_before'].native))
certlist.append('Valid To: {}'.format(
x509_cert['tbs_certificate']['validity']['not_after'].native))
certlist.append('Issuer: {}'.format(
get_certificate_name_string(x509_cert.issuer, short=True)))
certlist.append('Serial Number: {}'.format(
hex(x509_cert.serial_number)))
certlist.append('Hash Algorithm: {}'.format(x509_cert.hash_algo))
for k, v in hashfunctions.items():
certlist.append('{}: {}'.format(k, v(cert).hexdigest()))
for public_key in pkeys:
x509_public_key = asymmetric.load_public_key(public_key)
certlist.append('PublicKey Algorithm: {}'.format(
x509_public_key.algorithm))
certlist.append('Bit Size: {}'.format(x509_public_key.bit_size))
certlist.append('Fingerprint: {}'.format(
binascii.hexlify(x509_public_key.fingerprint).decode('utf-8')))
cert_info = '\n'.join(certlist)
if 'MANIFEST.MF' in files:
manifestfile = os.path.join(cert_path, 'MANIFEST.MF')
if manifestfile:
with open(manifestfile, 'r', encoding='utf-8') as manifile:
manidat = manifile.read()
sha256_digest = bool(re.findall(r'SHA-256-Digest', manidat))
findings = []
if a.is_signed():
findings.append(('good', 'Application is signed with a code '
'signing certificate'))
else:
findings.append(('bad', 'Code signing certificate not found'))
if a.is_signed_v1():
status = 'bad'
if a.is_signed_v2() or a.is_signed_v3():
status = 'warning'
findings.append(
(status, 'Application is signed with v1 signature scheme, '
'making it vulnerable to Janus vulnerability on '
'Android <7.0'))
if re.findall(r'CN=Android Debug', cert_info):
findings.append(
('bad', 'Application signed with a debug certificate. '
'Production application must not be shipped '
'with a debug certificate.'))
if re.findall(r'Hash Algorithm: sha1', cert_info):
status = 'bad'
desc = ('Application is signed with SHA1withRSA. '
'SHA1 hash algorithm is known to have '
'collision issues.')
if sha256_digest:
status = 'warning'
desc += (' The manifest file indicates SHA256withRSA'
' is in use.')
findings.append((status, desc))
cert_dic = {
'certificate_info': cert_info,
'certificate_findings': findings,
}
return cert_dic
except Exception:
logger.exception('Reading Code Signing Certificate')
return {}
def androsign_main(args_apk, args_hash, args_all, show):
from androguard.core.bytecodes.apk import APK
from androguard.util import get_certificate_name_string
import hashlib
import binascii
import traceback
from colorama import Fore, Style
from asn1crypto import x509, keys
from oscrypto import asymmetric
# Keep the list of hash functions in sync with cli/entry_points.py:sign
hashfunctions = dict(md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512,
)
if args_hash.lower() not in hashfunctions:
print("Hash function {} not supported!"
.format(args_hash.lower()), file=sys.stderr)
print("Use one of {}"
.format(", ".join(hashfunctions.keys())), file=sys.stderr)
sys.exit(1)
for path in args_apk:
try:
a = APK(path)
print("{}, package: '{}'".format(os.path.basename(path), a.get_package()))
print("Is signed v1: {}".format(a.is_signed_v1()))
print("Is signed v2: {}".format(a.is_signed_v2()))
print("Is signed v3: {}".format(a.is_signed_v3()))
certs = set(a.get_certificates_der_v3() + a.get_certificates_der_v2() + [a.get_certificate_der(x) for x in a.get_signature_names()])
pkeys = set(a.get_public_keys_der_v3() + a.get_public_keys_der_v2())
if len(certs) > 0:
print("Found {} unique certificates".format(len(certs)))
for cert in certs:
if show:
x509_cert = x509.Certificate.load(cert)
print("Issuer:", get_certificate_name_string(x509_cert.issuer, short=True))
print("Subject:", get_certificate_name_string(x509_cert.subject, short=True))
print("Serial Number:", hex(x509_cert.serial_number))
print("Hash Algorithm:", x509_cert.hash_algo)
print("Signature Algorithm:", x509_cert.signature_algo)
print("Valid not before:", x509_cert['tbs_certificate']['validity']['not_before'].native)
print("Valid not after:", x509_cert['tbs_certificate']['validity']['not_after'].native)
if not args_all:
print("{} {}".format(args_hash.lower(), hashfunctions[args_hash.lower()](cert).hexdigest()))
else:
for k, v in hashfunctions.items():
print("{} {}".format(k, v(cert).hexdigest()))
print()
if len(certs) > 0:
print("Found {} unique public keys associated with the certs".format(len(pkeys)))
for public_key in pkeys:
if show:
x509_public_key = asymmetric.load_public_key(public_key)
print("PublicKey Algorithm:", x509_public_key.algorithm)
print("Bit Size:", x509_public_key.bit_size)
print("Fingerprint:", binascii.hexlify(x509_public_key.fingerprint))
try:
print("Hash Algorithm:", hash_algo(x509_public_key))
except ValueError as ve:
# RSA pkey does not have an hash algorithm
pass
print()
except:
print(Fore.RED + "Error in {}".format(os.path.basename(path)) + Style.RESET_ALL, file=sys.stderr)
traceback.print_exc(file=sys.stderr)
if len(args_apk) > 1:
print()
def main():
parser = get_parser()
args = parser.parse_args()
hashfunctions = dict(
md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512,
)
if args.hash.lower() not in hashfunctions:
print("Hash function {} not supported!".format(args.hash.lower()),
file=sys.stderr)
print("Use one of {}".format(", ".join(hashfunctions.keys())),
file=sys.stderr)
sys.exit(1)
for path in args.apk:
try:
a = APK(path)
print("{}, package: '{}'".format(os.path.basename(path),
a.get_package()))
print("Is signed v1: {}".format(a.is_signed_v1()))
print("Is signed v2: {}".format(a.is_signed_v2()))
certs = set(
a.get_certificates_der_v2() +
[a.get_certificate_der(x) for x in a.get_signature_names()])
if len(certs) > 0:
print("Found {} unique certificates".format(len(certs)))
for cert in certs:
if args.show:
x509_cert = x509.Certificate.load(cert)
print(
"Issuer:",
get_certificate_name_string(x509_cert.issuer,
short=True))
print(
"Subject:",
get_certificate_name_string(x509_cert.subject,
short=True))
print("Serial Number:", hex(x509_cert.serial_number))
print("Hash Algorithm:", x509_cert.hash_algo)
print("Signature Algorithm:", x509_cert.signature_algo)
print(
"Valid not before:", x509_cert['tbs_certificate']
['validity']['not_before'].native)
print(
"Valid not after:", x509_cert['tbs_certificate']
['validity']['not_after'].native)
if not args.all:
print("{} {}".format(
args.hash.lower(),
hashfunctions[args.hash.lower()](cert).hexdigest()))
else:
for k, v in hashfunctions.items():
print("{} {}".format(k, v(cert).hexdigest()))
print()
except:
print(Fore.RED + "Error in {}".format(os.path.basename(path)) +
Style.RESET_ALL,
file=sys.stderr)
traceback.print_exc(file=sys.stderr)
if len(args.apk) > 1:
print()
async def main():
all_info = get_all_info("副本.docx")
await asyncio.sleep(2)
browser = await launch(headless=False) # headless=False,devtools=True
shoppage = await browser.newPage()
await shoppage.setViewport({'width': 1000, 'height': 1200})
##### 登记发布页面是否存在
print("选择题开始,请谨慎选择!!\n")
for i, info in enumerate(all_info):
worksheet.write(i + 1, 0, time.strftime('%Y-%m-%d'))
worksheet.write(i + 1, 1, XXbank)
try:
await shoppage.goto(info[1], waitUntil='documentloaded')
except:
worksheet.write(i+1, 11, "无")
continue
await asyncio.sleep(0.5)
await shoppage.addScriptTag(path="inject.js")
isAvailable = await shoppage.evaluate("() => window.__shi")
isAvailable = info[1] if isAvailable else "无"
print(isAvailable)
worksheet.write(i + 1, 11, isAvailable)
await shoppage.close()
await browser.close()
print("选择题结束,开始逐个下载\n")
if os.path.exists("out"):
shutil.rmtree("out", ignore_errors=True)
else:
os.mkdir("out")
await asyncio.sleep(1)
for i, info in enumerate(all_info):
print("开始下载:"+ info[2])
canDown = True
try:
urlretrieve(info[2], "./out/cur.apk")
except:
canDown = False
print("!!!该链接无法下载!!!\n")
worksheet.write(i + 1, 5, info[2])
worksheet.write(i + 1, 6, "!!!待定")
worksheet.write(i + 1, 9, "下载链接待人工确定")
if canDown:
with open("./out/cur.apk", "rb") as f:
file = f.read()
curapk = apk.APK(file, True)
appname = curapk.get_app_name()
certs = set(curapk.get_certificates_der_v2() + [curapk.get_certificate_der(x) for x in
curapk.get_signature_names()])
Issuer, signMd5 = "", ""
for cert in certs:
x509_cert = x509.Certificate.load(cert)
Issuer = get_certificate_name_string(x509_cert.issuer.native, short=True)
signMd5 = hashlib.md5(cert).hexdigest().upper()
apkmd5 = hashlib.md5(file).hexdigest().upper()
###文件命名方式: 第几行_应用商店_MD5.apk,方便检索、对比
newname= "./out/" + str(i+2) + "_" + info[0] + "_" + apkmd5 + ".apk"
print("###### 当前apk信息 #######")
print("\t应用名:" + appname)
print("\tMD5:" + apkmd5)
print("\t签名:" + Issuer)
print("\t签名MD5:" + signMd5)
print()
os.rename("./out/cur.apk", newname)
await asyncio.sleep(0.3)
worksheet.write(i + 1, 2, appname)
worksheet.write(i + 1, 3, apkmd5)
worksheet.write(i + 1, 4, info[0])
worksheet.write(i + 1, 5, info[2])
worksheet.write(i + 1, 6, "是")
worksheet.write(i + 1, 10, "是")
worksheet.write(i + 1, 12, Issuer)
worksheet.write(i + 1, 13, signMd5)
workbook.save("最终结果.xls")
def cert_info(app_dir, app_file):
"""Return certificate information."""
try:
logger.info('Reading Code Signing Certificate')
issued = ''
manidat = ''
certlist = []
cert_path = os.path.join(app_dir, 'META-INF/')
apk_file = os.path.join(app_dir, app_file)
hashfunctions = {
'md5': hashlib.md5,
'sha1': hashlib.sha1,
'sha256': hashlib.sha256,
'sha512': hashlib.sha512,
}
files = [
f for f in os.listdir(cert_path)
if os.path.isfile(os.path.join(cert_path, f))
]
a = APK(apk_file)
if a.is_signed():
certlist.append('APK is signed')
else:
certlist.append('Missing certificate')
certlist.append('v1 signature: {}'.format(a.is_signed_v1()))
certlist.append('v2 signature: {}'.format(a.is_signed_v2()))
certlist.append('v3 signature: {}'.format(a.is_signed_v3()))
certs = set(
a.get_certificates_der_v3() + a.get_certificates_der_v2() +
[a.get_certificate_der(x) for x in a.get_signature_names()])
pkeys = set(a.get_public_keys_der_v3() + a.get_public_keys_der_v2())
if len(certs) > 0:
certlist.append('Found {} unique certificates'.format(len(certs)))
for cert in certs:
x509_cert = x509.Certificate.load(cert)
certlist.append('Subject: {}'.format(
get_certificate_name_string(x509_cert.subject, short=True)))
certlist.append('Signature Algorithm: {}'.format(
x509_cert.signature_algo))
certlist.append('Valid From: {}'.format(
x509_cert['tbs_certificate']['validity']['not_before'].native))
certlist.append('Valid To: {}'.format(
x509_cert['tbs_certificate']['validity']['not_after'].native))
certlist.append('Issuer: {}'.format(
get_certificate_name_string(x509_cert.issuer, short=True)))
certlist.append('Serial Number: {}'.format(
hex(x509_cert.serial_number)))
certlist.append('Hash Algorithm: {}'.format(x509_cert.hash_algo))
for k, v in hashfunctions.items():
certlist.append('{}: {}'.format(k, v(cert).hexdigest()))
for public_key in pkeys:
x509_public_key = keys.PublicKeyInfo.load(public_key)
certlist.append('PublicKey Algorithm: {}'.format(
x509_public_key.algorithm))
certlist.append('Bit Size: {}'.format(x509_public_key.bit_size))
certlist.append('Fingerprint: {}'.format(
binascii.hexlify(x509_public_key.fingerprint).decode('utf-8')))
try:
certlist.append('Hash Algorithm: {}'.format(
x509_public_key.hash_algo))
except ValueError:
pass
certlist = '\n'.join(certlist)
if a.is_signed():
issued = 'good'
else:
issued = 'missing'
if re.findall(r'CN=Android Debug', certlist):
issued = 'bad'
if re.findall(r'Hash Algorithm: sha1', certlist):
issued = 'bad hash'
if 'MANIFEST.MF' in files:
manifestfile = os.path.join(cert_path, 'MANIFEST.MF')
if manifestfile:
with open(manifestfile, 'r', encoding='utf-8') as manifile:
manidat = manifile.read()
sha256_digest = bool(re.findall(r'SHA-256-Digest', manidat))
cert_dic = {
'cert_info': certlist,
'issued': issued,
'sha256Digest': sha256_digest,
}
return cert_dic
except Exception:
logger.exception('Reading Code Signing Certificate')
def analyze(path):
try:
start = process_time()
hashfunctions = dict(md5=hashlib.md5,
sha1=hashlib.sha1,
sha256=hashlib.sha256,
sha512=hashlib.sha512)
a = APK(path)
certs = set(
a.get_certificates_der_v3() + a.get_certificates_der_v2() +
[a.get_certificate_der(x) for x in a.get_signature_names()])
for cert in certs:
x509_cert = x509.Certificate.load(cert)
issuer = {
'commonName': None,
'organizationName': None,
'organizationalUnitName': None,
'countryName': None,
'stateOrProvinceName': None,
'localityName': None
}
subject = {
'commonName': None,
'organizationName': None,
'organizationalUnitName': None,
'countryName': None,
'stateOrProvinceName': None,
'localityName': None
}
strIssuer = get_certificate_name_string(x509_cert.issuer,
short=False)
strSubject = get_certificate_name_string(x509_cert.subject,
short=False)
arrIssuer = strIssuer.split(',')
for i in arrIssuer:
if i.lstrip().split('=')[0] == 'commonName':
issuer['commonName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'organizationName':
issuer['organizationName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'organizationalUnitName':
issuer['organizationalUnitName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'countryName':
issuer['countryName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'stateOrProvinceName':
issuer['stateOrProvinceName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'localityName':
issuer['localityName'] = i.lstrip().split('=')[1]
arrSubject = strSubject.split(',')
for i in arrSubject:
if i.lstrip().split('=')[0] == 'commonName':
subject['commonName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'organizationName':
subject['organizationName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'organizationalUnitName':
subject['organizationalUnitName'] = i.lstrip().split(
'=')[1]
elif i.lstrip().split('=')[0] == 'countryName':
subject['countryName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'stateOrProvinceName':
subject['stateOrProvinceName'] = i.lstrip().split('=')[1]
elif i.lstrip().split('=')[0] == 'localityName':
subject['localityName'] = i.lstrip().split('=')[1]
for k, v in hashfunctions.items():
if k == 'md5':
md5 = v(cert).hexdigest()
elif k == 'sha1':
sha1 = v(cert).hexdigest()
elif k == 'sha256':
sha256 = v(cert).hexdigest()
elif k == 'sha512':
sha512 = v(cert).hexdigest()
md5 = md5
appName = a.get_app_name()
fileSize = os.stat(a.get_filename()).st_size
sha1 = sha1
sha256 = sha256
sha512 = sha512
timestamp = time.time()
dateTime = datetime.fromtimestamp(timestamp)
timeOfSubmit = dateTime.strftime("%Y-%m-%d %H:%M:%S")
package = a.get_package()
androidversionCode = a.get_androidversion_code()
androidversionName = a.get_androidversion_name()
minSDKVersion = a.get_min_sdk_version()
maxSDKVersion = a.get_max_sdk_version()
targetSDKVersion = a.get_target_sdk_version()
mainActivity = a.get_main_activity()
attributes = {
'validFrom':
x509_cert['tbs_certificate']['validity']
['not_before'].native.strftime("%Y-%m-%d %H:%M:%S"),
'validTo':
x509_cert['tbs_certificate']['validity']
['not_after'].native.strftime("%Y-%m-%d %H:%M:%S"),
'serialNumber':
hex(x509_cert.serial_number),
'hashAlgorithm':
x509_cert.hash_algo,
'signatureAlgorithm':
x509_cert.signature_algo
}
certificateAttributes = json.dumps(attributes)
certificateIssuer = json.dumps(issuer)
certificateSubject = json.dumps(subject)
declaredPermissions = json.dumps(a.get_declared_permissions())
requestedPermissions = json.dumps(a.get_permissions())
activities = json.dumps(a.get_activities())
services = json.dumps(a.get_services())
receivers = json.dumps(a.get_receivers())
providers = json.dumps(a.get_providers())
stop = process_time()
analysisTime = stop - start
connect = mysql.connect()
cursor = connect.cursor()
sql = "INSERT INTO tbl_apkinfo (md5, appName, fileSize, analysisTime, sha1, sha256, sha512, firstSubmission, lastSubmission, package, androidversionCode, androidversionName, minSDKVersion, maxSDKVersion, targetSDKVersion, mainActivity, certificateAttributes, certificateIssuer, certificateSubject, declaredPermissions, requestedPermissions, activities, services, providers, receivers) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"
param = (md5, appName, fileSize, analysisTime, sha1, sha256, sha512,
timeOfSubmit, timeOfSubmit, package, androidversionCode,
androidversionName, minSDKVersion, maxSDKVersion,
targetSDKVersion, mainActivity, certificateAttributes,
certificateIssuer, certificateSubject, declaredPermissions,
requestedPermissions, activities, services, providers,
receivers)
cursor.execute(sql, param)
connect.commit()
connect.close()
androaxml_main(path,
os.path.join(app.config['OUTPUT_PATH'], md5 + '.xml'))
return True
except:
return False
