def find_exec_in_resources(self): """Will detect embedded executables or zips in assets, raw resources and lib dir""" asset_dir = os.path.join(self.outdir, "assets") raw_dir = os.path.join(self.outdir, "res/raw") lib_dir = os.path.join(self.outdir, "lib/armeabi") lib2_dir = os.path.join(self.outdir, "lib/arm64-v8a") list_dir = [ asset_dir, raw_dir, lib_dir, lib2_dir ] for dir in list_dir: if os.access(dir, os.R_OK) and os.path.isdir(dir): if self.verbose: print( "Parsing %s for embedded executables or zips... " % (dir)) found_arm, found_apk = self.find_executables(dir) if found_arm or found_apk: self.properties.wide['embed_exec'] = True if self.verbose: print( "Embedded executables/zip found in " + dir) if found_arm: for arm in found_arm: if self.verbose: print( "Recursively processing " + arm) self.extract_arm_properties(arm) if found_apk: for apk in found_apk: if self.verbose: print( "Recursively processing " + apk) droidlysis3.process_file(apk, self.outdir, self.verbose, self.clear, self.enable_procyon, self.disable_description, self.disable_dump, self.no_kit_exception)
def unzip(self): """ This method will unzip/unrar the sample, and recursively unzip/unrar inner zips/rars. If we are not removing the analysis directory (clearoutput option), then we also unzip the sample in outdir/unzipped subdirectory. If the sample is password protected, we try 'infected' as password. Returns the file type of the sample: droidutil.<FILE CONSTANT> (UNKNOWN, APK, DEX, ...) """ if self.verbose: print("------------- Unzipping %s" % (self.absolute_filename)) self.properties.filetype = droidutil.get_filetype(self.absolute_filename) if self.properties.filetype == droidutil.ARM or \ self.properties.filetype == droidutil.UNKNOWN or \ self.properties.filetype == droidutil.DEX: if self.verbose: print( "This is a %s. Nothing to unzip for %s" % (droidutil.str_filetype(self.properties.filetype), self.absolute_filename) ) return self.properties.filetype if self.properties.filetype == droidutil.ZIP or \ self.properties.filetype == droidutil.RAR: if self.properties.filetype == droidutil.ZIP: self.ziprar = droidziprar.droidziprar(self.absolute_filename, \ zipmode=True, verbose=self.verbose) else: self.ziprar = droidziprar.droidziprar(self.absolute_filename, \ zipmode=False, verbose=self.verbose) if self.ziprar.handle == None: self.properties.filetype = droidutil.UNKNOWN # damaged zip/rar if self.verbose: print( "We are unable to unzip/unrar %s because of errors" % (self.absolute_filename) ) return droidutil.UNKNOWN # Now, we know self.ziprar is valid and open. self.properties.filetype, innerzips = self.ziprar.get_type() if innerzips: self.properties.file_innerzips = True if self.verbose: print( "There are inner zips/rars in " + self.absolute_filename ) for element in innerzips: # extract the inner zip/rar if self.verbose: print( "Extracting " + element + " inside " + self.absolute_filename ) try: self.ziprar.extract_one_file(element, self.outdir) if self.verbose: print( "Recursively processing " + os.path.join(self.outdir, element) ) droidlysis3.process_file(os.path.join(self.outdir, element), self.outdir, self.verbose, self.clear, self.enable_procyon, self.disable_description, self.no_kit_exception) except: print( "Cannot extract %s : %s" % (element, sys.exc_info()[0]) ) if self.properties.filetype == droidutil.APK: # our zip actually is an APK if not self.clear: # let's unzip if self.verbose: print( "Unzipping " + self.absolute_filename + " to " + os.path.join(self.outdir, 'unzipped')) try: self.ziprar.extract_all(outdir=os.path.join(self.outdir, 'unzipped')) except: print( "Unzipping failed (catching exception): %s" % (sys.exc_info()[0])) return self.properties.filetype