def write(obj): if not PackageNameInStrings(): modifyStrings("packageName", filters.find_package()) if hasattr(obj, "getType"): intentType = obj.getType() if intentType==exploitService.type: newId = modifyIntentID(exploitService.id) modifyStrings(newId, obj.getIntent()) elif intentType in [exploitBroadcast.type]: newId = modifyIntentID(exploitBroadcast.id) keys = exploitBroadcast(obj).getExtra() for key in keys: modifyExtraKeys(newId, key) modifyStrings(newId, obj.getIntent()) elif intentType in [exploitActivity.type]: newId = modifyIntentID(exploitActivity.id) keys = exploitActivity(obj).getExtra() for key in keys: modifyExtraKeys(newId, key) modifyStrings(newId, obj.getExportedActivity()) elif intentType in [exploitContentProvider.type]: newId = modifyIntentID(exploitContentProvider.id) keys = exploitContentProvider(obj).getExtra() for key in keys: modifyExtraKeys(newId, key) modifyStrings(newId, obj.getIntent()) elif intentType in [exploitReceiver.type]: newId = modifyIntentID(exploitReceiver.id) keys = exploitReceiver(obj).getExtra() for key in keys: modifyExtraKeys(newId, key) modifyStrings(newId, obj.getIntent())
if not common.interactive_mode: common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION')) exit() common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION_INTERACTIVE')) if exploit_choice==1: # Exploit all vulnerabilities print "Generating exploit payloads for all vulnerabilities" type_list=['String','StringArray','StringArrayList','Boolean','BooleanArray','Int','Float','Long','LongArray','[]','','IntArray','IntegerArrayList','FloatArray','Double','Char','CharArray','CharSequence','CharSequenceArray','CharSequenceArrayList','Byte','ByteArray', 'Bundle','Short','ShortArray','Serializable','Parcelable','ParcelableArrayList','ParcelableArray','unknownType'] shutil.rmtree(common.getConfig("rootDir") +'/build') if str(createSploit.copy_template(common.getConfig("rootDir") + '/exploitAPKs/qark/',common.getConfig("rootDir") + '/build/qark')) is not 'ERROR': common.exploitLocation = common.getConfig("rootDir") + '/build/qark' if len(prov_exp_list)>0: common.logger.info("Sorry, we're still working on the providers") if len(act_exp_list)>0: common.normalizeActivityNames(act_exp_list,filters.find_package()) for i in act_exp_list: common.logger.debug(str(i)) exploit = createExploit.exploitActivity() print str(i) extras_list=[] entries=common.get_entry_for_component('activity') for n in entries: tmp_extra=findExtras.find_extras(str(i),n) if tmp_extra not in type_list: if tmp_extra not in extras_list: extras_list+=tmp_extra common.dedup(extras_list) if re.match(r'^\..*',str(i)): i=str(package_name)+str(i) exploit.setExportedActivity(str(i))