class DalvikElsign(object): def __init__(self) : self.debug = False self.meth_elsign = Elsign() self.class_elsign = Elsign() def raz(self) : self.meth_elsign.raz() self.class_elsign.raz() def load_config(self, buff) : ################ METHOD ################ methsim = buff["METHSIM"] self.meth_elsign.set_distance( str( methsim["DISTANCE"] ) ) self.meth_elsign.set_method( str( methsim["METHOD"] ) ) self.meth_elsign.set_weight( methsim["WEIGHTS"] )#[ 2.0, 1.2, 0.5, 0.1, 0.6 ] ) #self.meth_elsign.set_cut_element( 1 ) # NCD self.meth_elsign.set_sim_method( 0 ) self.meth_elsign.set_threshold_low( methsim["THRESHOLD_LOW" ] ) self.meth_elsign.set_threshold_high( methsim["THRESHOLD_HIGH"] ) # SNAPPY self.meth_elsign.set_ncd_compression_algorithm( 5 ) ################ CLASS ################ classsim = buff["METHSIM"] self.class_elsign.set_distance( str( classsim["DISTANCE"] ) ) self.class_elsign.set_method( str( classsim["METHOD"] ) ) self.class_elsign.set_weight( classsim["WEIGHTS"] )#[ 2.0, 1.2, 0.5, 0.1, 0.6 ] ) #self.class_elsign.set_cut_element( 1 ) # NCD self.class_elsign.set_sim_method( 0 ) self.class_elsign.set_threshold_low( classsim["THRESHOLD_LOW" ] ) self.class_elsign.set_threshold_high( classsim["THRESHOLD_HIGH"] ) # SNAPPY self.class_elsign.set_ncd_compression_algorithm( 5 ) def add_signature(self, type_signature, x, y, z) : ret = None #print type_signature, x, y, z # FIX ENTROPIES (old version) for j in z : if len(j[0]) == 5 : j[0].pop(0) # FIX FORMULA (old version) y = FIX_FORMULA(y, len(z)) if type_signature == METHSIM : ret = self.meth_elsign.add_signature(x, y, z) elif type_signature == CLASSSIM : ret = self.class_elsign.add_signature(x, y, z) return ret def set_debug(self, debug) : self.debug = debug x = { True : 1, False : 0 } self.meth_elsign.set_debug_log(x[debug]) def load_meths(self, vm, vmx) : if self.debug : print "LM", sys.stdout.flush() # Add methods for METHSIM for method in vm.get_methods() : if method.get_length() < 15 : continue entropies = create_entropies(vmx, method) self.meth_elsign.add_element( entropies[0], entropies[1:] ) del entropies def load_classes(self, vm, vmx) : if self.debug : print "LC", sys.stdout.flush() # Add classes for CLASSSIM for c in vm.get_classes() : value = "" android_entropy = 0.0 java_entropy = 0.0 hex_entropy = 0.0 exception_entropy = 0.0 nb_methods = 0 class_data = c.get_class_data() if class_data == None : continue for m in c.get_methods() : z_tmp = create_entropies( vmx, m ) value += z_tmp[0] android_entropy += z_tmp[1] java_entropy += z_tmp[2] hex_entropy += z_tmp[3] exception_entropy += z_tmp[4] nb_methods += 1 if nb_methods != 0 : self.class_elsign.add_element( value, [ android_entropy/nb_methods, java_entropy/nb_methods, hex_entropy/nb_methods, exception_entropy/nb_methods ] ) del value, z_tmp def check(self, vm, vmx) : self.load_meths(vm, vmx) if self.debug : print "CM", sys.stdout.flush() ret = self.meth_elsign.check() if self.debug : dt = self.meth_elsign.get_debug() debug_nb_sign = dt[0] debug_nb_clusters = dt[1] debug_nb_cmp_clusters = dt[2] debug_nb_elements = dt[3] debug_nb_cmp_elements = dt[4] debug_nb_cmp_max = debug_nb_sign * debug_nb_elements print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements), try : percentage = debug_nb_cmp_elements/float(debug_nb_cmp_max) except : percentage = 0 finally : print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100), print ret[1:], if ret[0] == None : self.load_classes(vm, vmx) if self.debug : print "CC", sys.stdout.flush() ret = self.class_elsign.check() if self.debug : dt = self.class_elsign.get_debug() debug_nb_sign = dt[0] debug_nb_clusters = dt[1] debug_nb_cmp_clusters = dt[2] debug_nb_elements = dt[3] debug_nb_cmp_elements = dt[4] debug_nb_cmp_max = debug_nb_sign * debug_nb_elements print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements), try : percentage = debug_nb_cmp_elements/float(debug_nb_cmp_max) except : percentage = 0 finally : print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100), print ret[1:], return ret[0], ret[1:]
class DalvikElsign: def __init__(self): self.debug = False self.meth_elsign = Elsign() self.class_elsign = Elsign() def raz(self): self.meth_elsign.raz() self.class_elsign.raz() def load_config(self, buff): ################ METHOD ################ methsim = buff["METHSIM"] self.meth_elsign.set_distance(str(methsim["DISTANCE"])) self.meth_elsign.set_method(str(methsim["METHOD"])) self.meth_elsign.set_weight( methsim["WEIGHTS"]) #[ 2.0, 1.2, 0.5, 0.1, 0.6 ] ) #self.meth_elsign.set_cut_element( 1 ) # NCD self.meth_elsign.set_sim_method(0) self.meth_elsign.set_threshold_low(methsim["THRESHOLD_LOW"]) self.meth_elsign.set_threshold_high(methsim["THRESHOLD_HIGH"]) # SNAPPY self.meth_elsign.set_ncd_compression_algorithm(5) ################ CLASS ################ classsim = buff["METHSIM"] self.class_elsign.set_distance(str(classsim["DISTANCE"])) self.class_elsign.set_method(str(classsim["METHOD"])) self.class_elsign.set_weight( classsim["WEIGHTS"]) #[ 2.0, 1.2, 0.5, 0.1, 0.6 ] ) #self.class_elsign.set_cut_element( 1 ) # NCD self.class_elsign.set_sim_method(0) self.class_elsign.set_threshold_low(classsim["THRESHOLD_LOW"]) self.class_elsign.set_threshold_high(classsim["THRESHOLD_HIGH"]) # SNAPPY self.class_elsign.set_ncd_compression_algorithm(5) def add_signature(self, type_signature, x, y, z): ret = None #print type_signature, x, y, z # FIX ENTROPIES (old version) for j in z: if len(j[0]) == 5: j[0].pop(0) # FIX FORMULA (old version) y = FIX_FORMULA(y, len(z)) if type_signature == METHSIM: ret = self.meth_elsign.add_signature(x, y, z) elif type_signature == CLASSSIM: ret = self.class_elsign.add_signature(x, y, z) return ret def set_debug(self, debug): self.debug = debug x = {True: 1, False: 0} self.meth_elsign.set_debug_log(x[debug]) def load_meths(self, vm, vmx): if self.debug: print "LM", sys.stdout.flush() # Add methods for METHSIM for method in vm.get_methods(): if method.get_length() < 15: continue entropies = create_entropies(vmx, method) self.meth_elsign.add_element(entropies[0], entropies[1:]) del entropies def load_classes(self, vm, vmx): if self.debug: print "LC", sys.stdout.flush() # Add classes for CLASSSIM for c in vm.get_classes(): value = "" android_entropy = 0.0 java_entropy = 0.0 hex_entropy = 0.0 exception_entropy = 0.0 nb_methods = 0 class_data = c.get_class_data() if class_data == None: continue for m in c.get_methods(): z_tmp = create_entropies(vmx, m) value += z_tmp[0] android_entropy += z_tmp[1] java_entropy += z_tmp[2] hex_entropy += z_tmp[3] exception_entropy += z_tmp[4] nb_methods += 1 if nb_methods != 0: self.class_elsign.add_element(value, [ android_entropy / nb_methods, java_entropy / nb_methods, hex_entropy / nb_methods, exception_entropy / nb_methods ]) del value, z_tmp def check(self, vm, vmx): self.load_meths(vm, vmx) if self.debug: print "CM", sys.stdout.flush() ret = self.meth_elsign.check() if self.debug: dt = self.meth_elsign.get_debug() debug_nb_sign = dt[0] debug_nb_clusters = dt[1] debug_nb_cmp_clusters = dt[2] debug_nb_elements = dt[3] debug_nb_cmp_elements = dt[4] debug_nb_cmp_max = debug_nb_sign * debug_nb_elements print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % ( debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements), try: percentage = debug_nb_cmp_elements / float(debug_nb_cmp_max) except: percentage = 0 finally: print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100), print ret[1:], if ret[0] == None: self.load_classes(vm, vmx) if self.debug: print "CC", sys.stdout.flush() ret = self.class_elsign.check() if self.debug: dt = self.class_elsign.get_debug() debug_nb_sign = dt[0] debug_nb_clusters = dt[1] debug_nb_cmp_clusters = dt[2] debug_nb_elements = dt[3] debug_nb_cmp_elements = dt[4] debug_nb_cmp_max = debug_nb_sign * debug_nb_elements print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % ( debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements), try: percentage = debug_nb_cmp_elements / float( debug_nb_cmp_max) except: percentage = 0 finally: print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100), print ret[1:], return ret[0], ret[1:]