def execute(self, arguments):
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
appname = str(application.packageName)
opHlr = Output(appname)
node_backup = opHlr.insert("Backup")
if self.__write_manifest(package.packageName):
print "ok"
opHlr.insert("AllowBackup", "False", node_backup)
else:
opHlr.insert("AllowBackup", "True", node_backup)
print "allowBackup"
opHlr.write()
def execute(self, arguments):
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
appname = str(application.packageName)
opHlr = Output(appname)
uris = self.findAllContentUris(arguments.package)
node_FindUri = opHlr.insert("FindUri")
if len(uris) > 0:
for uri in uris:
self.stdout.write("%s\n" % uri[uri.upper().find("CONTENT"):])
opHlr.insert("item", uri[uri.upper().find("CONTENT"):], node_FindUri)
else:
self.stdout.write("No Content URIs found.\n")
opHlr.insert("item", "No Content URIs found", node_FindUri)
opHlr.write()
def execute(self, arguments):
appname = arguments.package_or_uri
opHlr = Output(appname)
node_SqlTables = opHlr.insert("SqlTables")
results = []
if arguments.package_or_uri != None and arguments.package_or_uri.startswith("content://"):
results.append(self.__test_uri(arguments.package_or_uri, opHlr, node_SqlTables))
else:
for uri in self.findAllContentUris(arguments.package_or_uri):
results.append(self.__test_uri(uri, opHlr, node_SqlTables))
if results:
self.stdout.write('\n'.join(filter(None, results)) + '\n')
else:
node_table = opHlr.insert("Table", None, node_SqlTables)
self.stdout.write("No results found.\n")
opHlr.insert("item", "No results found.", node_table)
opHlr.write()
def execute(self, arguments):
filename = "permission"
opHlr = Output(filename)
node_per = opHlr.insert("permission")
con = self.getContext()
pm = con.getPackageManager()
res = con.getResources()
if (arguments.permission):
prot = self.__getProtLevel(pm, arguments.permission)
if (prot != ""):
self.stdout.write(self.__getDescription(pm, res, arguments.permission) + "\n")
self.stdout.write(prot + "\n")
else:
self.stdout.write("No such permission defined\n")
else:
permissionList = []
# Iterate through each package and get unique permissions
for package in self.packageManager().getPackages(common.PackageManager.GET_PERMISSIONS):
if package.requestedPermissions != None:
for permission in package.requestedPermissions:
if permission not in permissionList:
permissionList.append(str(permission))
# Print sorted
for permission in sorted(permissionList):
prot = self.__getProtLevel(pm, permission)
display = False
if (arguments.protectionlevel):
if (arguments.protectionlevel.upper() in prot.upper()):
display = True
else:
display = True
if (display):
node_item = opHlr.insert("item")
self.stdout.write(permission + "\n")
opHlr.insert("Name", permission, node_item)
self.stdout.write(self.__getDescription(pm, res, permission) + "\n")
opHlr.insert("Desc", self.__getDescription(pm, res, permission), node_item)
self.stdout.write(prot + "\n\n")
opHlr.insert("Prot", prot, node_item)
opHlr.write()
def execute(self, arguments):
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
appname = str(application.packageName)
opHlr = Output(appname)
try:
if arguments.package != None:
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
activities = self.match_filter(package.activities, 'exported', True)
receivers = self.match_filter(package.receivers, 'exported', True)
providers = self.match_filter(package.providers, 'exported', True)
services = self.match_filter(package.services, 'exported', True)
self.stdout.write("Attack Surface:\n")
self.stdout.write(" %d activities exported\n" % len(activities))
self.stdout.write(" %d broadcast receivers exported\n" % len(receivers))
self.stdout.write(" %d content providers exported\n" % len(providers))
self.stdout.write(" %d services exported\n" % len(services))
node_Attack_Surface = opHlr.insert("Attack_Surface")
opHlr.insert("activities_exported", len(activities), node_Attack_Surface)
opHlr.insert("broadcast_receivers_exported", len(receivers), node_Attack_Surface)
opHlr.insert("content_providers_exported", len(providers), node_Attack_Surface)
opHlr.insert("services_exported", len(services), node_Attack_Surface)
if (application.flags & application.FLAG_DEBUGGABLE) != 0:
self.stdout.write(" is debuggable\n")
if package.sharedUserId != None:
self.stdout.write(" Shared UID (%s)\n" % package.sharedUserId)
opHlr.write()
else:
self.stdout.write("No package specified\n")
except IOError, e:
self.stdout.write("something wrong with file")
self.stdout.write(e)
return 0
def execute(self, arguments):
# print help(arguments)
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
appname = str(application.packageName)
opHlr = Output(appname)
node_browsable = opHlr.insert("Browsable")
#One or all packages
if arguments.package != None:
packages = [self.packageManager().getPackageInfo(arguments.package, 0)]
else:
packages = self.packageManager().getPackages()
for package in packages:
try:
returned = self.getBrowsable(package.packageName)
if (len(returned['uris']) > 0) or (len(returned['classNames']) > 0):
if arguments.filter:
# Make sure filter value is in returned schemes or package name
if arguments.filter in ''.join(returned['uris']) or arguments.filter in ''.join(returned['classNames']) or arguments.filter in package.packageName:
showResult = True
else:
showResult = False
else:
showResult = True
if showResult:
self.stdout.write("Package: %s\n" % str(package.packageName))
self.stdout.write(" Invocable URIs:\n")
node_URIs = opHlr.insert("Invocable_URIs", None, node_browsable)
for i in returned['uris']:
self.stdout.write(" %s\n" % str(i))
opHlr.insert("item", str(i), node_URIs)
self.stdout.write(" Classes:\n")
node_Classes = opHlr.insert("Classes", None, node_browsable)
for i in returned['classNames']:
self.stdout.write(" %s\n" % str(i))
opHlr.insert("item", str(i), node_Classes)
self.stdout.write("\n")
except Exception, e:
pass # amazing error checking
def execute(self, arguments):
# print arguments.package_or_uri
# package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
appname = arguments.package_or_uri
# application = package.applicationInfo
# appname = str(application.packageName)
opHlr = Output(appname)
node_injection = opHlr.insert("Injection")
vulnerable = { 'projection': set([]), 'selection': set([]), 'uris': set([]) }
if arguments.package_or_uri != None and arguments.package_or_uri.startswith("content://"):
self.__test_uri(arguments.package_or_uri, vulnerable)
else:
for uri in self.findAllContentUris(arguments.package_or_uri):
self.__test_uri(uri, vulnerable)
# remove the collection of vulnerable URIs from the set of all URIs
vulnerable['uris'] = vulnerable['uris'] - vulnerable['projection'] - vulnerable['selection']
# print out a report
self.stdout.write("Not Vulnerable:\n")
node_Not_Vulnerable = opHlr.insert("Not_Vulnerable", None, node_injection)
if len(vulnerable['uris']) > 0:
for uri in vulnerable['uris']:
self.stdout.write(" %s\n" % uri)
opHlr.insert("item", uri, node_Not_Vulnerable)
else:
self.stdout.write(" No non-vulnerable URIs found.\n")
opHlr.insert("item", "No non-vulnerable URIs found", node_Not_Vulnerable)
self.stdout.write("\nInjection in Projection:\n")
node_Injection_Projection = opHlr.insert("Injection_Projection", None, node_injection)
if len(vulnerable['projection']) > 0:
for uri in vulnerable['projection']:
self.stdout.write(" %s\n" % uri)
opHlr.insert("item", uri, node_Injection_Projection)
else:
self.stdout.write(" No vulnerabilities found.\n")
opHlr.insert("item", "No vulnerabilities found", node_Injection_Projection)
self.stdout.write("\nInjection in Selection:\n")
node_Injection_Selection = opHlr.insert("Injection_Selection", None, node_injection)
if len(vulnerable['selection']) > 0:
for uri in vulnerable['selection']:
self.stdout.write(" %s\n" % uri)
opHlr.insert("item", uri, node_Injection_Selection)
else:
self.stdout.write(" No vulnerabilities found.\n")
opHlr.insert("item", "No vulnerabilities found", node_Injection_Selection)
opHlr.write()
