def main(options, arguments):
if options.input != None and options.output != None:
ret_type = androconf.is_android(options.input)
vm = None
a = None
if ret_type == "APK":
a = apk.APK(options.input)
if a.is_valid_APK():
vm = dvm.DalvikVMFormat(a.get_dex())
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
vm = dvm.DalvikVMFormat(read(options.input))
except Exception, e:
print "INVALID DEX", e
vmx = analysis.VMAnalysis(vm)
gvmx = ganalysis.GVMAnalysis(vmx, a)
create_directories(vm, options.output)
# dv.export_to_gml( options.output )
dd = data.Data(vm, vmx, gvmx, a)
buff = dd.export_apk_to_gml()
androconf.save_to_disk(buff, options.output + "/" + "apk.graphml")
buff = dd.export_methodcalls_to_gml()
androconf.save_to_disk(buff, options.output + "/" + "methodcalls.graphml")
buff = dd.export_dex_to_gml()
for i in buff:
androconf.save_to_disk(buff[i], options.output + "/" + i + ".graphml")
def _analyze(self) :
for i in self.__files :
#print "processing ", i
if ".class" in i :
bc = jvm.JVMFormat( self.__orig_raw[ i ] )
elif ".jar" in i :
x = jvm.JAR( i )
bc = x.get_classes()
elif ".dex" in i :
bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] )
elif ".apk" in i :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
else :
ret_type = androconf.is_android( i )
if ret_type == "APK" :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
elif ret_type == "DEX" :
bc = dvm.DalvikVMFormat( open(i, "rb").read() )
elif ret_type == "ELF" :
from androguard.core.binaries import elf
bc = elf.ELF( open(i, "rb").read() )
else :
raise( "Unknown bytecode" )
if isinstance(bc, list) :
for j in bc :
self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) )
else :
self.__bc.append( (i, BC( bc )) )
def load(self, file_path):
self.file_path = file_path
if file_path.endswith(".ag"):
self.incoming_file = (file_path, 'SESSION')
else:
file_type = androconf.is_android(file_path)
self.incoming_file = (file_path, file_type)
self.start(QtCore.QThread.LowestPriority)
def auto_vm(filename):
ret = androconf.is_android(filename)
if ret == 'APK':
return dvm.DalvikVMFormat(apk.APK(filename).get_dex())
elif ret == 'DEX':
return dvm.DalvikVMFormat(read(filename))
elif ret == 'DEY':
return dvm.DalvikOdexVMFormat(read(filename))
return None
def makeFileAnalysis(self, file_path):
logger.debug("Performing analysis of file [%s]..." % file_path)
a = None
d = None
dx = None
ret_type = androconf.is_android(file_path)
if ret_type == "APK":
a = apk.APK(file_path)
d = dvm.DalvikVMFormat(a.get_dex())
elif ret_type == "DEX" :
try :
d = dvm.DalvikVMFormat(open(file_path, "rb").read())
except Exception as e :
logger.error("[%s] is not valid dex file!" % file_path, e)
return
dx = analysis.VMAnalysis(d)
invokeMethodPaths = analysis.seccon_get_invoke_method_paths(dx)
newInstanceMethodPaths = analysis.seccon_get_newInstance_method_paths(dx)
dynamicMethodPaths = analysis.seccon_get_dyncode_loading_paths(dx)
if invokeMethodPaths:
t = None
for path in invokeMethodPaths:
src = path.get_src(d.get_class_manager())
dst = path.get_dst(d.get_class_manager())
t = (src, dst)
self._sources_invoke.append(t)
self._uncovered_invoke.append(t)
if newInstanceMethodPaths:
t = None
for path in newInstanceMethodPaths:
src = path.get_src(d.get_class_manager())
dst = path.get_dst(d.get_class_manager())
t = (src, dst)
self._sources_newInstance.append(t)
self._uncovered_newInstance.append(t)
if dynamicMethodPaths:
t = None
for path in dynamicMethodPaths:
src = path.get_src(d.get_class_manager())
dst = path.get_dst(d.get_class_manager())
t = (src, dst)
self._sources_dexload.append(t)
self._uncovered_dexload.append(t)
#building MFG for the file
self._stadynaMcg.analyseFile(dx, a)
def main(options, arguments):
if options.input != None:
buff = ""
arscobj = None
ret_type = androconf.is_android(options.input)
if ret_type == "APK":
a = apk.APK(options.input)
arscobj = a.get_android_resources()
elif ret_type == "ARSC":
arscobj = apk.ARSCParser(read(options.input))
else:
print "Unknown file type"
return
if not options.package and not options.type and not options.locale:
buff = ""
for package in arscobj.get_packages_names():
buff += package + "\n"
for locale in arscobj.get_locales(package):
buff += "\t" + repr(locale) + "\n"
for ttype in arscobj.get_types(package, locale):
buff += "\t\t" + ttype + "\n"
else:
package = options.package or arscobj.get_packages_names()[0]
ttype = options.type or "public"
locale = options.locale or "\x00\x00"
buff = minidom.parseString(getattr(arscobj, "get_" + ttype + "_resources")(package, locale)).toprettyxml()
if options.output != None:
fd = codecs.open(options.output, "w", "utf-8")
fd.write(buff)
fd.close()
else:
print buff
elif options.version != None:
print "Androarsc version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments):
if options.database == None or options.config == None:
return
s = dalvik_elsign.MSignature( options.database, options.config, options.verbose != None, ps = dalvik_elsign.PublicSignature)
if options.input != None:
ret_type = androconf.is_android( options.input )
print os.path.basename(options.input), ":",
sys.stdout.flush()
if ret_type == "APK":
try:
a = apk.APK( options.input )
if a.is_valid_APK():
display( s.check_apk( a ), options.verbose )
else:
print "INVALID"
except Exception, e:
print "ERROR", e
elif ret_type == "DEX":
display( s.check_dex( read(options.input) ), options.verbose )
def main(options, arguments):
if options.input != None and options.output != None:
ret_type = androconf.is_android( options.input )
vm = None
a = None
if ret_type == "APK":
a = apk.APK( options.input )
if a.is_valid_APK():
vm = dvm.DalvikVMFormat( a.get_dex() )
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
vm = dvm.DalvikVMFormat( read(options.input) )
except Exception, e:
print "INVALID DEX", e
vmx = analysis.VMAnalysis( vm )
gvmx = ganalysis.GVMAnalysis( vmx, a )
b = gvmx.export_to_gexf()
androconf.save_to_disk( b, options.output )
def main(options, arguments):
if options.input != None:
a = None
ret_type = androconf.is_android( options.input[0] )
if ret_type == "APK":
a = apk.APK( options.input[0] )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input[0]) )
dx1 = analysis.VMAnalysis( d1 )
threshold = None
if options.threshold != None:
threshold = float(options.threshold)
FS = FILTERS_DALVIK_SIM
FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude )
FS[elsim.FILTER_SKIPPED_METH].set_size( options.size )
new = True
if options.new != None:
new = False
library = True
if options.library != None:
library = options.library
if options.library == "python":
library = False
if os.path.isdir( options.input[1] ) == False:
check_one_file( a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library )
else:
check_one_directory(a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library )
elif options.version != None:
print "Androsim version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments):
if options.input != None:
buff = ""
ret_type = androconf.is_android(options.input)
if ret_type == "APK":
a = apk.APK(options.input)
buff = a.get_android_manifest_xml().toprettyxml(encoding="utf-8")
elif ".xml" in options.input:
ap = apk.AXMLPrinter(read(options.input))
buff = minidom.parseString(ap.get_buff()).toprettyxml(encoding="utf-8")
else:
print "Unknown file type"
return
if options.output != None:
fd = codecs.open(options.output, "w", "utf-8")
fd.write( buff )
fd.close()
else:
print buff
elif options.version != None:
print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
print "INVALID"
except Exception, e:
print "ERROR", e
elif ret_type == "DEX":
display( s.check_dex( read(options.input) ), options.verbose )
elif options.directory != None:
for root, dirs, files in os.walk( options.directory, followlinks=True ):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
ret_type = androconf.is_android( real_filename )
if ret_type == "APK":
print os.path.basename( real_filename ), ":",
sys.stdout.flush()
try:
a = apk.APK( real_filename )
if a.is_valid_APK():
display( s.check_apk( a ), options.verbose )
else:
print "INVALID APK"
except Exception, e:
print "ERROR", e
elif ret_type == "DEX":
try:
print os.path.basename( real_filename ), ":",
sys.stdout.flush()
def main(options, arguments):
details = False
if options.display != None:
details = True
if options.input != None:
ret_type = androconf.is_android( options.input[0] )
if ret_type == "APK":
a = apk.APK( options.input[0] )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input[0]) )
dx1 = analysis.VMAnalysis( d1 )
ret_type = androconf.is_android( options.input[1] )
if ret_type == "APK":
a = apk.APK( options.input[1] )
d2 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d2 = dvm.DalvikVMFormat( read(options.input[1]) )
dx2 = analysis.VMAnalysis( d2 )
print d1, dx1, d2, dx2
sys.stdout.flush()
threshold = None
if options.threshold != None:
threshold = float(options.threshold)
FS = FILTERS_DALVIK_SIM
FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude )
FS[elsim.FILTER_SKIPPED_METH].set_size( options.size )
el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor )
el.show()
e1 = elsim.split_elements( el, el.get_similar_elements() )
for i in e1:
j = e1[ i ]
elb = elsim.Elsim( ProxyDalvikMethod(i), ProxyDalvikMethod(j), FILTERS_DALVIK_BB, threshold, options.compressor )
#elb.show()
eld = elsim.Eldiff( ProxyDalvikBasicBlock(elb), FILTERS_DALVIK_DIFF_BB )
#eld.show()
ddm = DiffDalvikMethod( i, j, elb, eld )
ddm.show()
print "NEW METHODS"
enew = el.get_new_elements()
for i in enew:
el.show_element( i, False )
print "DELETED METHODS"
edel = el.get_deleted_elements()
for i in edel:
el.show_element( i )
elif options.version != None:
print "Androdiff version %s" % androconf.ANDROGUARD_VERSION
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True):
d2 = None
ret_type = androconf.is_android( file_input )
if ret_type == "APK":
a = apk.APK( file_input )
d2 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d2 = dvm.DalvikVMFormat( read(file_input) )
if d2 == None:
return
dx2 = analysis.VMAnalysis( d2 )
el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library )
el.show()
print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new)
if options.display:
print "SIMILAR methods:"
diff_methods = el.get_similar_elements()
for i in diff_methods:
el.show_element( i )
print "IDENTICAL methods:"
new_methods = el.get_identical_elements()
for i in new_methods:
el.show_element( i )
print "NEW methods:"
new_methods = el.get_new_elements()
for i in new_methods:
el.show_element( i, False )
print "DELETED methods:"
del_methods = el.get_deleted_elements()
for i in del_methods:
el.show_element( i )
print "SKIPPED methods:"
skipped_methods = el.get_skipped_elements()
for i in skipped_methods:
el.show_element( i )
if view_strings:
els = elsim.Elsim( ProxyDalvikStringMultiple(d1, dx1),
ProxyDalvikStringMultiple(d2, dx2),
FILTERS_DALVIK_SIM_STRING,
threshold,
options.compressor,
libnative=library )
#els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1),
# ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library )
els.show()
print "\t--> strings: %f%% of similarities" % els.get_similarity_value(new)
if options.display:
print "SIMILAR strings:"
diff_strings = els.get_similar_elements()
for i in diff_strings:
els.show_element( i )
print "IDENTICAL strings:"
new_strings = els.get_identical_elements()
for i in new_strings:
els.show_element( i )
print "NEW strings:"
new_strings = els.get_new_elements()
for i in new_strings:
els.show_element( i, False )
print "DELETED strings:"
del_strings = els.get_deleted_elements()
for i in del_strings:
els.show_element( i )
print "SKIPPED strings:"
skipped_strings = els.get_skipped_elements()
for i in skipped_strings:
els.show_element( i )
