def run(self): """Runs the process""" c = 0 for d in self.dirs: log.info("%s %d/%d Parsing %s ... " % (self.name, c, len(self.dirs), d)) # Parse directory parser = SmaliParser(d, self.suffix) parser.run() # Get and save results res = parser.get_results() self.result_queue.put(res) c += 1
def make_parser(app_home): app = SmaliscaApp() app.setup() location = app_home + '/smali_code' suffix = 'smali' parser = SmaliParser(location, suffix) parser.run() results = parser.get_results() results_json = json.dumps(results, sort_keys=True, indent=4) with open(app_home + "/smali_parser.json", "w") as f: f.write(results_json) f.close() return results
def parser(): printflag = 0 print(Fore.YELLOW + "\n\n--------------------------------------------------") print(Fore.GREEN + "[INFO] " + Fore.BLUE + "SCANNING FOR VULNERABILITIES\n") filename = None app = SmaliscaApp() app.setup() location = '.' suffix = 'smali' parser = SmaliParser(location, suffix) parser.run() results = parser.get_results() for i in results: for key, values in i.items(): if key == "path": filename = values if key == "const-strings": search_ecb(filename, values) elif key == "methods": for j in values: for mkey, mvalue in j.items(): if mkey == "calls": pattern_receiver(filename, mvalue) else: pass print( Fore.BLUE + "\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'" )
def parser(): receiver_set = set() printflag = 0 print(Fore.YELLOW + "\n\n--------------------------------------------------") print(Fore.GREEN + "[INFO] " + Fore.BLUE + "SCANNING FOR VULNERABILITIES\n") filename = None app = SmaliscaApp() app.setup() location = './Bytecode' suffix = 'smali' parser = SmaliParser(location, suffix) parser.run() results = parser.get_results() for i in results: for key, values in i.items(): if key == "path": filename = values if key == "const-strings": search_ecb(filename, values) elif key == "methods": for j in values: for mkey, mvalue in j.items(): if mkey == "calls": receiver_set = pattern_receiver(filename, mvalue) for i in receiver_set: for x in i: if 'JAVASCRIPT' in x: set_of_js.update(i) if 'ECB' in x: set_of_ecb.update(i) if 'DYNAMIC_RECEIVER' in x: set_of_search_dynamic.update(i) if 'EMPTY_PENDING_INTENT' in x: set_of_empty_pend_list.update(i) if 'SYSTEM_BROADCAST_RECEIVER' in x: set_of_sys_broadcast_list.update(i) if 'TLS_VALIDTY' in x: set_of_tls_validity_list.update(i) if 'INSECURE_SOCKET' in x: set_of_insecure_socket_list.update(i) if 'UNENCRYPTED_COMMUNICATION' in x: set_of_list_of_unenc_soc.update(i) if 'UNSAFE_INTENT' in x: set_of_unsafe_intent_list.update(i) if 'COOKIE_OVERWRITE' in x: set_of_list_of_cookie_overwrite.update( i) if 'FILE_FROM_URL' in x: set_of_url_allowed_list.update(i) if 'CONTENT_FROM_URL' in x: set_of_content_allowed_list.update(i) if 'DYNAMIC_WEAK_CHECKS' in x: set_of_weak_checks_list.update(i) else: pass set_updater(set_of_js, 'JAVASCRIPT') set_updater(set_of_ecb, 'ECB') set_updater(set_of_search_dynamic, 'DYNAMIC_RECEIVER') set_updater(set_of_empty_pend_list, 'EMPTY_PENDING_INTENT') set_updater(set_of_sys_broadcast_list, 'SYSTEM_BROADCAST_RECEIVER') set_updater(set_of_tls_validity_list, 'TLS_VALIDTY') set_updater(set_of_insecure_socket_list, 'INSECURE_SOCKET') set_updater(set_of_list_of_unenc_soc, 'UNENCRYPTED_COMMUNICATION') set_updater(set_of_unsafe_intent_list, 'UNSAFE_INTENT') set_updater(set_of_list_of_cookie_overwrite, 'COOKIE_OVERWRITE') set_updater(set_of_url_allowed_list, 'FILE_FROM_URL') set_updater(set_of_content_allowed_list, 'CONTENT_FROM_URL') set_updater(set_of_weak_checks_list, 'DYNAMIC_WEAK_CHECKS') print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Javascript is enabled \n") printer(set_of_js) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "ECB cipher usage instance found \n") printer(set_of_ecb) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Broadcast Receiver Exported \n") printer(set_of_search_dynamic) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Empty Pending Intent Found \n") printer(set_of_empty_pend_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Sticky Broadcast Found \n") printer(set_of_sys_broadcast_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Certificate Validity Checks Not Found\n") printer(set_of_tls_validity_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Insecure Hostname Verification Routine Found\n") printer(set_of_insecure_socket_list) # print(Fore.RED + "\n\t\t[!] " + Fore.RED + "HTTP URLs Found\n") print(Fore.RED + "\n\t\t[!] " + Fore.RED + "SetCookie is Enabled. Cookie overwrite possible \n") printer(set_of_list_of_cookie_overwrite) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "File Access from URLs Allowed \n") printer(set_of_url_allowed_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Content Access from URLs Allowed \n") printer(set_of_content_allowed_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Usage of 'Call' for ContentProvider! \n") printer(set_of_weak_checks_list) add_to_db() print( Fore.BLUE + "\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'" )
def default(self): """Default command""" if self.app.pargs.location and self.app.pargs.suffix: self.location = self.app.pargs.location self.suffix = self.app.pargs.suffix # Create new parser parser = SmaliParser(self.location, self.suffix) parser.run() # Output results if (self.app.pargs.output) and (self.app.pargs.fileformat): results = parser.get_results() app = App(__name__) # Add additional info app.add_location(self.location) app.add_parser("%s - %s" % (config.PROJECT_NAME, config.PROJECT_VERSION)) # Append classes for c in results: app.add_class_obj(c) # Write results to JSON if self.app.pargs.fileformat == 'json': log.info("Exporting results to JSON") app.write_json(self.app.pargs.output) log.info("\tWrote results to %s" % self.app.pargs.output) # Write results to sqlite elif self.app.pargs.fileformat == 'sqlite': appSQL = AppSQLModel(self.app.pargs.output) try: log.info("Exporting results to SQLite") # Add classes log.info("\tExtract classes ...") for c in app.get_classes(): appSQL.add_class(c) # Add properties log.info("\tExtract class properties ...") for p in app.get_properties(): appSQL.add_property(p) # Add const-strings log.info("\tExtract class const-strings ...") for c in app.get_const_strings(): appSQL.add_const_string(c) # Add methods log.info("\tExtract class methods ...") for m in app.get_methods(): appSQL.add_method(m) # Add calls log.info("\tExtract calls ...") for c in app.get_calls(): appSQL.add_call(c) # Commit changes log.info("\tCommit changes to SQLite DB") appSQL.commit() log.info("\tWrote results to %s" % self.app.pargs.output) finally: log.info("Finished scanning")
from smalisca.modules.module_static_analysis import ProgramSlicing import json # Specify the location where your APK has been dumped location = 'smalisca/modules/com.badminton.free-313913/smali_classes2/com/ironsource/mediationsdk/utils' # location = r'D:\UCalgary\CPSC502.04\all_apks\com.badminton.free-313913' # location = r'D:\UCalgary\CPSC502.04\com.sina.weibo-8.10.3-3767' # Specify file name suffix suffix = 'smali' # debug mode debug = False # Create a new parser parser = SmaliParser(location, suffix, debug) parser.run() # Get results res = parser.get_results() # All the method with Crypto call inside it for r in res: # create analyzer slicer = ProgramSlicing(location, r['crypto_methods'], debug) file_path = location + "/" + r['name'].split('/')[-1] + r'.' + suffix slicer.read_file(file_path) slicer.read_all_method()
def parser(hash_of_apk): receiver_set = set() printflag = 0 print(Fore.YELLOW + "\n\n--------------------------------------------------") print(Fore.GREEN + "[INFO] " + Fore.BLUE + "SCANNING FOR VULNERABILITIES\n") path = hash_of_apk os.chdir(path) filename = None app = SmaliscaApp() app.setup() location = './Bytecode' suffix = 'smali' parser = SmaliParser(location, suffix) parser.run() results = parser.get_results() for i in results: for key, values in i.items(): if key == "path": filename = values if key == "const-strings": search_ecb(filename, values) elif key == "methods": for j in values: for mkey, mvalue in j.items(): if mkey == "calls": receiver_set = pattern_receiver(filename, mvalue) for i in receiver_set: for x in i: if 'JAVASCRIPT' in x: set_of_js.update(i) if 'ECB' in x: set_of_ecb.update(i) if 'DYNAMIC_RECEIVER' in x: set_of_search_dynamic.update(i) if 'EMPTY_PENDING_INTENT' in x: set_of_empty_pend_list.update(i) if 'SYSTEM_BROADCAST_RECEIVER' in x: set_of_sys_broadcast_list.update(i) if 'TLS_VALIDTY' in x: set_of_tls_validity_list.update(i) if 'INSECURE_SOCKET' in x: set_of_insecure_socket_list.update(i) if 'UNENCRYPTED_COMMUNICATION' in x: set_of_list_of_unenc_soc.update(i) if 'UNSAFE_INTENT' in x: set_of_unsafe_intent_list.update(i) if 'COOKIE_OVERWRITE' in x: set_of_list_of_cookie_overwrite.update(i) if 'FILE_FROM_URL' in x: set_of_url_allowed_list.update(i) if 'CONTENT_FROM_URL' in x: set_of_content_allowed_list.update(i) if 'DYNAMIC_WEAK_CHECKS' in x: set_of_weak_checks_list.update(i) if 'EXECSQL_USAGE' in x: set_of_execsql_used.update(i) if 'SHAREDPREFS_USAGE' in x: set_of_sharedprefs_used.update(i) if 'SQLITE_USAGE' in x: set_of_sqli_used.update(i) if 'INT_STORAGE_USAGE' in x: set_of_int_storage_used.update(i) if 'KEYSTORE_USAGE' in x: set_of_keystore_used.update(i) else: pass set_updater(set_of_js, 'JAVASCRIPT') set_updater(set_of_ecb, 'ECB') set_updater(set_of_search_dynamic, 'DYNAMIC_RECEIVER') set_updater(set_of_empty_pend_list, 'EMPTY_PENDING_INTENT') set_updater(set_of_sys_broadcast_list, 'SYSTEM_BROADCAST_RECEIVER') set_updater(set_of_tls_validity_list, 'TLS_VALIDTY') set_updater(set_of_insecure_socket_list, 'INSECURE_SOCKET') set_updater(set_of_list_of_unenc_soc, 'UNENCRYPTED_COMMUNICATION') set_updater(set_of_unsafe_intent_list, 'UNSAFE_INTENT') set_updater(set_of_list_of_cookie_overwrite, 'COOKIE_OVERWRITE') set_updater(set_of_url_allowed_list, 'FILE_FROM_URL') set_updater(set_of_content_allowed_list, 'CONTENT_FROM_URL') set_updater(set_of_weak_checks_list, 'DYNAMIC_WEAK_CHECKS') set_updater(set_of_execsql_used, 'EXECSQL_USAGE') set_updater(set_of_sharedprefs_used, 'SHAREDPREFS_USAGE') set_updater(set_of_sqli_used, 'SQLITE_USAGE') set_updater(set_of_int_storage_used, 'INT_STORAGE_USAGE') set_updater(set_of_keystore_used, 'KEYSTORE_USAGE') print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Javascript is enabled \n") printer(set_of_js) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "ECB cipher usage instance found \n") printer(set_of_ecb) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Broadcast Receiver Exported \n") printer(set_of_search_dynamic) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Empty Pending Intent Found \n") printer(set_of_empty_pend_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Sticky Broadcast Found \n") printer(set_of_sys_broadcast_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Certificate Validity Checks Not Found\n") printer(set_of_tls_validity_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Insecure Hostname Verification Routine Found\n") printer(set_of_insecure_socket_list) # print(Fore.RED + "\n\t\t[!] " + Fore.RED + "HTTP URLs Found\n") print(Fore.RED + "\n\t\t[!] " + Fore.RED + "SetCookie is Enabled. Cookie overwrite possible \n") printer(set_of_list_of_cookie_overwrite) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "File Access from URLs Allowed \n") printer(set_of_url_allowed_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Content Access from URLs Allowed \n") printer(set_of_content_allowed_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Usage of 'Call' for ContentProvider! \n") printer(set_of_weak_checks_list) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Usage of 'execSQL'! \n") printer(set_of_execsql_used) print(Fore.YELLOW + "\n\t\t[!] " + Fore.RED + "SharedPreference has been used \n") printer(set_of_sharedprefs_used) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "SQLite DB used\n") printer(set_of_sqli_used) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Internal storage used\n") printer(set_of_int_storage_used) print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Keystore used\n") printer(set_of_keystore_used) path = os.getcwd() + '/..' os.chdir(path) add_to_db(hash_of_apk) print(Fore.BLUE + "\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'") #-------------------------------- dbname = "adhrit.db" dbconstatus = dbconnection(dbname) query = f"UPDATE StatusDB SET Bytecode = 'complete' WHERE Hash='{hash_of_apk}';" addedornot = insert_statustable(dbconstatus, query)