Example #1
0
def create_entropies(vmx, m) :
    l = [ vmx.get_method_signature(m, predef_sign = DEFAULT_SIGNATURE).get_string(),
          libsign.entropy( vmx.get_method_signature(m, predef_sign = DEFAULT_SIGNATURE ).get_string() ),
          libsign.entropy( vmx.get_method_signature(m, "L4", { "L4" : { "arguments" : ["Landroid"] } } ).get_string() ),
          libsign.entropy( vmx.get_method_signature(m, "L4", { "L4" : { "arguments" : ["Ljava"] } } ).get_string() ),
          libsign.entropy( vmx.get_method_signature(m, "hex" ).get_string() ),
          libsign.entropy( vmx.get_method_signature(m, "L2" ).get_string() ),
        ]

    return l
Example #2
0
    def __init__(self, vmx, apk) :
        self.vmx = vmx
        self.vm = self.vmx.get_vm()

        self.__nodes = {}
        self.__nodes_id = {}
        self.G = DiGraph()

        for j in self.vmx.tainted_packages.get_internal_packages() :
            n1 = self._get_node( j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor() )
            n2 = self._get_node( j.get_class_name(), j.get_name(), j.get_descriptor() )


            m1 = self.vm.get_method_descriptor( j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor()  )
            m2 = j.get_method()

            n1.set_attributes( { "android_api" : libsign.entropy( self.vmx.get_method_signature(m1, "L4", { "L4" : { "arguments" : ["Landroid"] } } ).get_string() ) } )
            n2.set_attributes( { "android_api" : libsign.entropy( self.vmx.get_method_signature(m2, "L4", { "L4" : { "arguments" : ["Landroid"] } } ).get_string() ) } )

            n1.set_attributes( { "java_api" : libsign.entropy( self.vmx.get_method_signature(m1, "L4", { "L4" : { "arguments" : ["Ljava"] } } ).get_string() ) } )
            n2.set_attributes( { "java_api" : libsign.entropy( self.vmx.get_method_signature(m2, "L4", { "L4" : { "arguments" : ["Ljava"] } } ).get_string() ) } )

            self.G.add_edge( n1.id, n2.id )
            
        #    print "\t %s %s %s %x ---> %s %s %s" % (j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor(), \
        #                                            j.get_bb().start + j.get_idx(), \
        #                                            j.get_class_name(), j.get_name(), j.get_descriptor())

        if apk != None :
            for i in apk.get_activities() :
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node( j, "onCreate", "(Landroid/os/Bundle;)V" )
                if n1 != None : 
                    n1.set_attributes( { "type" : "activity" } )
                    n1.set_attributes( { "color" : ACTIVITY_COLOR } )
                    n2 = self._get_new_node_from( n1, "ACTIVITY" )
                    n2.set_attributes( { "color" : ACTIVITY_COLOR } )
                    self.G.add_edge( n2.id, n1.id )
            for i in apk.get_services() :
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node( j, "onCreate", "()V" )
                if n1 != None : 
                    n1.set_attributes( { "type" : "service" } )
                    n1.set_attributes( { "color" : SERVICE_COLOR } )
                    n2 = self._get_new_node_from( n1, "SERVICE" )
                    n2.set_attributes( { "color" : SERVICE_COLOR } )
                    self.G.add_edge( n2.id, n1.id )
            for i in apk.get_receivers() :
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node( j, "onReceive", "(Landroid/content/Context; Landroid/content/Intent;)V" )
                if n1 != None : 
                    n1.set_attributes( { "type" : "receiver" } )
                    n1.set_attributes( { "color" : RECEIVER_COLOR } )
                    n2 = self._get_new_node_from( n1, "RECEIVER" )
                    n2.set_attributes( { "color" : RECEIVER_COLOR } )
                    self.G.add_edge( n2.id, n1.id )

        for c in self.vm.get_classes() :
            #if c.get_superclassname() == "Landroid/app/Service;" :
            #    n1 = self._get_node( c.get_name(), "<init>", "()V" )
            #    n2 = self._get_node( c.get_name(), "onCreate", "()V" )

            #    self.G.add_edge( n1.id, n2.id )
            if c.get_superclassname() == "Ljava/lang/Thread;" :
                for i in self.vm.get_method("run") :
                    if i.get_class_name() == c.get_name() :
                        n1 = self._get_node( i.get_class_name(), i.get_name(), i.get_descriptor() )
                        n2 = self._get_node( i.get_class_name(), "start", i.get_descriptor() ) 
                        
                        self.G.add_edge( n1.id, n2.id )

       
        list_permissions = self.vmx.get_permissions( [] ) 
        for x in list_permissions :
            for j in list_permissions[ x ] :

                #print "\t %s %s %s %x ---> %s %s %s" % (j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor(), \
                #                                    j.get_bb().start + j.get_idx(), \
                #                                    j.get_class_name(), j.get_name(), j.get_descriptor())
                n1 = self._get_exist_node( j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor() )
                
                if n1 == None :
                    continue

                n1.set_attributes( { "permissions" : 1 } )
                n1.set_attributes( { "permissions_level" : DVM_PERMISSIONS[ "MANIFEST_PERMISSION" ][ x ][0] } )
                
                try :
                    for tmp_perm in PERMISSIONS_RISK[ x ] :
                        if tmp_perm in DEFAULT_RISKS :
                            n2 = self._get_new_node( j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor() + " " + DEFAULT_RISKS[ tmp_perm ][0],
                                                     DEFAULT_RISKS[ tmp_perm ][0] )
                            n2.set_attributes( { "color" : DEFAULT_RISKS[ tmp_perm ][1] } )
                            self.G.add_edge( n2.id, n1.id )
                except KeyError :
                    pass

        for m, _ in self.vmx.tainted_packages.get_packages() :
            if m.get_info() == "Ldalvik/system/DexClassLoader;" :
                for path in m.get_paths() :
                    if path.get_access_flag() == TAINTED_PACKAGE_CREATE :
                        n1 = self._get_exist_node( path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor() )    
                        n2 = self._get_new_node( path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor() + " " + "DEXCLASSLOADER",
                                                 "DEXCLASSLOADER" )

                        n1.set_attributes( { "dynamic_code" : "true" } )
                        n2.set_attributes( { "color" : DEXCLASSLOADER_COLOR } )
                        self.G.add_edge( n2.id, n1.id )
Example #3
0
 def entropy(self, s) :
     return libsign.entropy( s )
Example #4
0
    def __init__(self, vmx, apk):
        self.vmx = vmx
        self.vm = self.vmx.get_vm()

        self.__nodes = {}
        self.__nodes_id = {}
        self.G = DiGraph()

        for j in self.vmx.tainted_packages.get_internal_packages():
            n1 = self._get_node(j.get_method().get_class_name(),
                                j.get_method().get_name(),
                                j.get_method().get_descriptor())
            n2 = self._get_node(j.get_class_name(), j.get_name(),
                                j.get_descriptor())

            m1 = self.vm.get_method_descriptor(j.get_method().get_class_name(),
                                               j.get_method().get_name(),
                                               j.get_method().get_descriptor())
            m2 = j.get_method()

            n1.set_attributes({
                "android_api":
                libsign.entropy(
                    self.vmx.get_method_signature(m1, "L4", {
                        "L4": {
                            "arguments": ["Landroid"]
                        }
                    }).get_string())
            })
            n2.set_attributes({
                "android_api":
                libsign.entropy(
                    self.vmx.get_method_signature(m2, "L4", {
                        "L4": {
                            "arguments": ["Landroid"]
                        }
                    }).get_string())
            })

            n1.set_attributes({
                "java_api":
                libsign.entropy(
                    self.vmx.get_method_signature(m1, "L4", {
                        "L4": {
                            "arguments": ["Ljava"]
                        }
                    }).get_string())
            })
            n2.set_attributes({
                "java_api":
                libsign.entropy(
                    self.vmx.get_method_signature(m2, "L4", {
                        "L4": {
                            "arguments": ["Ljava"]
                        }
                    }).get_string())
            })

            self.G.add_edge(n1.id, n2.id)

        #    print "\t %s %s %s %x ---> %s %s %s" % (j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor(), \
        #                                            j.get_bb().start + j.get_idx(), \
        #                                            j.get_class_name(), j.get_name(), j.get_descriptor())

        if apk != None:
            for i in apk.get_activities():
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node(j, "onCreate",
                                          "(Landroid/os/Bundle;)V")
                if n1 != None:
                    n1.set_attributes({"type": "activity"})
                    n1.set_attributes({"color": ACTIVITY_COLOR})
                    n2 = self._get_new_node_from(n1, "ACTIVITY")
                    n2.set_attributes({"color": ACTIVITY_COLOR})
                    self.G.add_edge(n2.id, n1.id)
            for i in apk.get_services():
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node(j, "onCreate", "()V")
                if n1 != None:
                    n1.set_attributes({"type": "service"})
                    n1.set_attributes({"color": SERVICE_COLOR})
                    n2 = self._get_new_node_from(n1, "SERVICE")
                    n2.set_attributes({"color": SERVICE_COLOR})
                    self.G.add_edge(n2.id, n1.id)
            for i in apk.get_receivers():
                j = bytecode.FormatClassToJava(i)
                n1 = self._get_exist_node(
                    j, "onReceive",
                    "(Landroid/content/Context; Landroid/content/Intent;)V")
                if n1 != None:
                    n1.set_attributes({"type": "receiver"})
                    n1.set_attributes({"color": RECEIVER_COLOR})
                    n2 = self._get_new_node_from(n1, "RECEIVER")
                    n2.set_attributes({"color": RECEIVER_COLOR})
                    self.G.add_edge(n2.id, n1.id)

        for c in self.vm.get_classes():
            #if c.get_superclassname() == "Landroid/app/Service;" :
            #    n1 = self._get_node( c.get_name(), "<init>", "()V" )
            #    n2 = self._get_node( c.get_name(), "onCreate", "()V" )

            #    self.G.add_edge( n1.id, n2.id )
            if c.get_superclassname() == "Ljava/lang/Thread;":
                for i in self.vm.get_method("run"):
                    if i.get_class_name() == c.get_name():
                        n1 = self._get_node(i.get_class_name(), i.get_name(),
                                            i.get_descriptor())
                        n2 = self._get_node(i.get_class_name(), "start",
                                            i.get_descriptor())

                        self.G.add_edge(n1.id, n2.id)

        list_permissions = self.vmx.get_permissions([])
        for x in list_permissions:
            for j in list_permissions[x]:

                #print "\t %s %s %s %x ---> %s %s %s" % (j.get_method().get_class_name(), j.get_method().get_name(), j.get_method().get_descriptor(), \
                #                                    j.get_bb().start + j.get_idx(), \
                #                                    j.get_class_name(), j.get_name(), j.get_descriptor())
                n1 = self._get_exist_node(j.get_method().get_class_name(),
                                          j.get_method().get_name(),
                                          j.get_method().get_descriptor())

                if n1 == None:
                    continue

                n1.set_attributes({"permissions": 1})
                n1.set_attributes({
                    "permissions_level":
                    DVM_PERMISSIONS["MANIFEST_PERMISSION"][x][0]
                })

                try:
                    for tmp_perm in PERMISSIONS_RISK[x]:
                        if tmp_perm in DEFAULT_RISKS:
                            n2 = self._get_new_node(
                                j.get_method().get_class_name(),
                                j.get_method().get_name(),
                                j.get_method().get_descriptor() + " " +
                                DEFAULT_RISKS[tmp_perm][0],
                                DEFAULT_RISKS[tmp_perm][0])
                            n2.set_attributes(
                                {"color": DEFAULT_RISKS[tmp_perm][1]})
                            self.G.add_edge(n2.id, n1.id)
                except KeyError:
                    pass

        for m, _ in self.vmx.tainted_packages.get_packages():
            if m.get_info() == "Ldalvik/system/DexClassLoader;":
                for path in m.get_paths():
                    if path.get_access_flag() == TAINTED_PACKAGE_CREATE:
                        n1 = self._get_exist_node(
                            path.get_method().get_class_name(),
                            path.get_method().get_name(),
                            path.get_method().get_descriptor())
                        n2 = self._get_new_node(
                            path.get_method().get_class_name(),
                            path.get_method().get_name(),
                            path.get_method().get_descriptor() + " " +
                            "DEXCLASSLOADER", "DEXCLASSLOADER")

                        n1.set_attributes({"dynamic_code": "true"})
                        n2.set_attributes({"color": DEXCLASSLOADER_COLOR})
                        self.G.add_edge(n2.id, n1.id)