def find_exec_in_resources(self):
"""Will detect embedded executables or zips in assets, raw resources and lib dir"""
asset_dir = os.path.join(self.outdir, "assets")
raw_dir = os.path.join(self.outdir, "res/raw")
lib_dir = os.path.join(self.outdir, "lib/armeabi")
lib2_dir = os.path.join(self.outdir, "lib/arm64-v8a")
list_dir = [ asset_dir, raw_dir, lib_dir, lib2_dir ]
for dir in list_dir:
if os.access(dir, os.R_OK) and os.path.isdir(dir):
if self.verbose:
print( "Parsing %s for embedded executables or zips... " % (dir))
found_arm, found_apk = self.find_executables(dir)
if found_arm or found_apk:
self.properties.wide['embed_exec'] = True
if self.verbose:
print( "Embedded executables/zip found in " + dir)
if found_arm:
for arm in found_arm:
if self.verbose:
print( "Recursively processing " + arm)
self.extract_arm_properties(arm)
if found_apk:
for apk in found_apk:
if self.verbose:
print( "Recursively processing " + apk)
droidlysis3.process_file(apk, self.outdir, self.verbose, self.clear, self.enable_procyon, self.disable_description, self.disable_dump, self.no_kit_exception)
def unzip(self):
"""
This method will unzip/unrar the sample, and recursively unzip/unrar inner zips/rars.
If we are not removing the analysis directory (clearoutput option), then we also
unzip the sample in outdir/unzipped subdirectory.
If the sample is password protected, we try 'infected' as password.
Returns the file type of the sample: droidutil.<FILE CONSTANT> (UNKNOWN, APK, DEX, ...)
"""
if self.verbose:
print("------------- Unzipping %s" % (self.absolute_filename))
self.properties.filetype = droidutil.get_filetype(self.absolute_filename)
if self.properties.filetype == droidutil.ARM or \
self.properties.filetype == droidutil.UNKNOWN or \
self.properties.filetype == droidutil.DEX:
if self.verbose:
print( "This is a %s. Nothing to unzip for %s" % (droidutil.str_filetype(self.properties.filetype), self.absolute_filename) )
return self.properties.filetype
if self.properties.filetype == droidutil.ZIP or \
self.properties.filetype == droidutil.RAR:
if self.properties.filetype == droidutil.ZIP:
self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
zipmode=True, verbose=self.verbose)
else:
self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
zipmode=False, verbose=self.verbose)
if self.ziprar.handle == None:
self.properties.filetype = droidutil.UNKNOWN # damaged zip/rar
if self.verbose:
print( "We are unable to unzip/unrar %s because of errors" % (self.absolute_filename) )
return droidutil.UNKNOWN
# Now, we know self.ziprar is valid and open.
self.properties.filetype, innerzips = self.ziprar.get_type()
if innerzips:
self.properties.file_innerzips = True
if self.verbose:
print( "There are inner zips/rars in " + self.absolute_filename )
for element in innerzips:
# extract the inner zip/rar
if self.verbose:
print( "Extracting " + element + " inside " + self.absolute_filename )
try:
self.ziprar.extract_one_file(element, self.outdir)
if self.verbose:
print( "Recursively processing " + os.path.join(self.outdir, element) )
droidlysis3.process_file(os.path.join(self.outdir, element), self.outdir, self.verbose, self.clear, self.enable_procyon, self.disable_description, self.no_kit_exception)
except:
print( "Cannot extract %s : %s" % (element, sys.exc_info()[0]) )
if self.properties.filetype == droidutil.APK:
# our zip actually is an APK
if not self.clear:
# let's unzip
if self.verbose:
print( "Unzipping " + self.absolute_filename + " to " + os.path.join(self.outdir, 'unzipped'))
try:
self.ziprar.extract_all(outdir=os.path.join(self.outdir, 'unzipped'))
except:
print( "Unzipping failed (catching exception): %s" % (sys.exc_info()[0]))
return self.properties.filetype