def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android(options.input) vm = None a = None if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): vm = dvm.DalvikVMFormat(a.get_dex()) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat(read(options.input)) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, a) create_directories(vm, options.output) # dv.export_to_gml( options.output ) dd = data.Data(vm, vmx, gvmx, a) buff = dd.export_apk_to_gml() androconf.save_to_disk(buff, options.output + "/" + "apk.graphml") buff = dd.export_methodcalls_to_gml() androconf.save_to_disk(buff, options.output + "/" + "methodcalls.graphml") buff = dd.export_dex_to_gml() for i in buff: androconf.save_to_disk(buff[i], options.output + "/" + i + ".graphml")
def _analyze(self) : for i in self.__files : #print "processing ", i if ".class" in i : bc = jvm.JVMFormat( self.__orig_raw[ i ] ) elif ".jar" in i : x = jvm.JAR( i ) bc = x.get_classes() elif ".dex" in i : bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] ) elif ".apk" in i : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) else : ret_type = androconf.is_android( i ) if ret_type == "APK" : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) elif ret_type == "DEX" : bc = dvm.DalvikVMFormat( open(i, "rb").read() ) elif ret_type == "ELF" : from androguard.core.binaries import elf bc = elf.ELF( open(i, "rb").read() ) else : raise( "Unknown bytecode" ) if isinstance(bc, list) : for j in bc : self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) ) else : self.__bc.append( (i, BC( bc )) )
def load(self, file_path): self.file_path = file_path if file_path.endswith(".ag"): self.incoming_file = (file_path, 'SESSION') else: file_type = androconf.is_android(file_path) self.incoming_file = (file_path, file_type) self.start(QtCore.QThread.LowestPriority)
def auto_vm(filename): ret = androconf.is_android(filename) if ret == 'APK': return dvm.DalvikVMFormat(apk.APK(filename).get_dex()) elif ret == 'DEX': return dvm.DalvikVMFormat(read(filename)) elif ret == 'DEY': return dvm.DalvikOdexVMFormat(read(filename)) return None
def makeFileAnalysis(self, file_path): logger.debug("Performing analysis of file [%s]..." % file_path) a = None d = None dx = None ret_type = androconf.is_android(file_path) if ret_type == "APK": a = apk.APK(file_path) d = dvm.DalvikVMFormat(a.get_dex()) elif ret_type == "DEX" : try : d = dvm.DalvikVMFormat(open(file_path, "rb").read()) except Exception as e : logger.error("[%s] is not valid dex file!" % file_path, e) return dx = analysis.VMAnalysis(d) invokeMethodPaths = analysis.seccon_get_invoke_method_paths(dx) newInstanceMethodPaths = analysis.seccon_get_newInstance_method_paths(dx) dynamicMethodPaths = analysis.seccon_get_dyncode_loading_paths(dx) if invokeMethodPaths: t = None for path in invokeMethodPaths: src = path.get_src(d.get_class_manager()) dst = path.get_dst(d.get_class_manager()) t = (src, dst) self._sources_invoke.append(t) self._uncovered_invoke.append(t) if newInstanceMethodPaths: t = None for path in newInstanceMethodPaths: src = path.get_src(d.get_class_manager()) dst = path.get_dst(d.get_class_manager()) t = (src, dst) self._sources_newInstance.append(t) self._uncovered_newInstance.append(t) if dynamicMethodPaths: t = None for path in dynamicMethodPaths: src = path.get_src(d.get_class_manager()) dst = path.get_dst(d.get_class_manager()) t = (src, dst) self._sources_dexload.append(t) self._uncovered_dexload.append(t) #building MFG for the file self._stadynaMcg.analyseFile(dx, a)
def main(options, arguments): if options.input != None: buff = "" arscobj = None ret_type = androconf.is_android(options.input) if ret_type == "APK": a = apk.APK(options.input) arscobj = a.get_android_resources() elif ret_type == "ARSC": arscobj = apk.ARSCParser(read(options.input)) else: print "Unknown file type" return if not options.package and not options.type and not options.locale: buff = "" for package in arscobj.get_packages_names(): buff += package + "\n" for locale in arscobj.get_locales(package): buff += "\t" + repr(locale) + "\n" for ttype in arscobj.get_types(package, locale): buff += "\t\t" + ttype + "\n" else: package = options.package or arscobj.get_packages_names()[0] ttype = options.type or "public" locale = options.locale or "\x00\x00" buff = minidom.parseString(getattr(arscobj, "get_" + ttype + "_resources")(package, locale)).toprettyxml() if options.output != None: fd = codecs.open(options.output, "w", "utf-8") fd.write(buff) fd.close() else: print buff elif options.version != None: print "Androarsc version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments): if options.database == None or options.config == None: return s = dalvik_elsign.MSignature( options.database, options.config, options.verbose != None, ps = dalvik_elsign.PublicSignature) if options.input != None: ret_type = androconf.is_android( options.input ) print os.path.basename(options.input), ":", sys.stdout.flush() if ret_type == "APK": try: a = apk.APK( options.input ) if a.is_valid_APK(): display( s.check_apk( a ), options.verbose ) else: print "INVALID" except Exception, e: print "ERROR", e elif ret_type == "DEX": display( s.check_dex( read(options.input) ), options.verbose )
def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android( options.input ) vm = None a = None if ret_type == "APK": a = apk.APK( options.input ) if a.is_valid_APK(): vm = dvm.DalvikVMFormat( a.get_dex() ) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat( read(options.input) ) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis( vm ) gvmx = ganalysis.GVMAnalysis( vmx, a ) b = gvmx.export_to_gexf() androconf.save_to_disk( b, options.output )
def main(options, arguments): if options.input != None: a = None ret_type = androconf.is_android( options.input[0] ) if ret_type == "APK": a = apk.APK( options.input[0] ) d1 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d1 = dvm.DalvikVMFormat( read(options.input[0]) ) dx1 = analysis.VMAnalysis( d1 ) threshold = None if options.threshold != None: threshold = float(options.threshold) FS = FILTERS_DALVIK_SIM FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude ) FS[elsim.FILTER_SKIPPED_METH].set_size( options.size ) new = True if options.new != None: new = False library = True if options.library != None: library = options.library if options.library == "python": library = False if os.path.isdir( options.input[1] ) == False: check_one_file( a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library ) else: check_one_directory(a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library ) elif options.version != None: print "Androsim version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments): if options.input != None: buff = "" ret_type = androconf.is_android(options.input) if ret_type == "APK": a = apk.APK(options.input) buff = a.get_android_manifest_xml().toprettyxml(encoding="utf-8") elif ".xml" in options.input: ap = apk.AXMLPrinter(read(options.input)) buff = minidom.parseString(ap.get_buff()).toprettyxml(encoding="utf-8") else: print "Unknown file type" return if options.output != None: fd = codecs.open(options.output, "w", "utf-8") fd.write( buff ) fd.close() else: print buff elif options.version != None: print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
print "INVALID" except Exception, e: print "ERROR", e elif ret_type == "DEX": display( s.check_dex( read(options.input) ), options.verbose ) elif options.directory != None: for root, dirs, files in os.walk( options.directory, followlinks=True ): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f ret_type = androconf.is_android( real_filename ) if ret_type == "APK": print os.path.basename( real_filename ), ":", sys.stdout.flush() try: a = apk.APK( real_filename ) if a.is_valid_APK(): display( s.check_apk( a ), options.verbose ) else: print "INVALID APK" except Exception, e: print "ERROR", e elif ret_type == "DEX": try: print os.path.basename( real_filename ), ":", sys.stdout.flush()
def main(options, arguments): details = False if options.display != None: details = True if options.input != None: ret_type = androconf.is_android( options.input[0] ) if ret_type == "APK": a = apk.APK( options.input[0] ) d1 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d1 = dvm.DalvikVMFormat( read(options.input[0]) ) dx1 = analysis.VMAnalysis( d1 ) ret_type = androconf.is_android( options.input[1] ) if ret_type == "APK": a = apk.APK( options.input[1] ) d2 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat( read(options.input[1]) ) dx2 = analysis.VMAnalysis( d2 ) print d1, dx1, d2, dx2 sys.stdout.flush() threshold = None if options.threshold != None: threshold = float(options.threshold) FS = FILTERS_DALVIK_SIM FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude ) FS[elsim.FILTER_SKIPPED_METH].set_size( options.size ) el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor ) el.show() e1 = elsim.split_elements( el, el.get_similar_elements() ) for i in e1: j = e1[ i ] elb = elsim.Elsim( ProxyDalvikMethod(i), ProxyDalvikMethod(j), FILTERS_DALVIK_BB, threshold, options.compressor ) #elb.show() eld = elsim.Eldiff( ProxyDalvikBasicBlock(elb), FILTERS_DALVIK_DIFF_BB ) #eld.show() ddm = DiffDalvikMethod( i, j, elb, eld ) ddm.show() print "NEW METHODS" enew = el.get_new_elements() for i in enew: el.show_element( i, False ) print "DELETED METHODS" edel = el.get_deleted_elements() for i in edel: el.show_element( i ) elif options.version != None: print "Androdiff version %s" % androconf.ANDROGUARD_VERSION
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True): d2 = None ret_type = androconf.is_android( file_input ) if ret_type == "APK": a = apk.APK( file_input ) d2 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat( read(file_input) ) if d2 == None: return dx2 = analysis.VMAnalysis( d2 ) el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library ) el.show() print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new) if options.display: print "SIMILAR methods:" diff_methods = el.get_similar_elements() for i in diff_methods: el.show_element( i ) print "IDENTICAL methods:" new_methods = el.get_identical_elements() for i in new_methods: el.show_element( i ) print "NEW methods:" new_methods = el.get_new_elements() for i in new_methods: el.show_element( i, False ) print "DELETED methods:" del_methods = el.get_deleted_elements() for i in del_methods: el.show_element( i ) print "SKIPPED methods:" skipped_methods = el.get_skipped_elements() for i in skipped_methods: el.show_element( i ) if view_strings: els = elsim.Elsim( ProxyDalvikStringMultiple(d1, dx1), ProxyDalvikStringMultiple(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) #els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1), # ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) els.show() print "\t--> strings: %f%% of similarities" % els.get_similarity_value(new) if options.display: print "SIMILAR strings:" diff_strings = els.get_similar_elements() for i in diff_strings: els.show_element( i ) print "IDENTICAL strings:" new_strings = els.get_identical_elements() for i in new_strings: els.show_element( i ) print "NEW strings:" new_strings = els.get_new_elements() for i in new_strings: els.show_element( i, False ) print "DELETED strings:" del_strings = els.get_deleted_elements() for i in del_strings: els.show_element( i ) print "SKIPPED strings:" skipped_strings = els.get_skipped_elements() for i in skipped_strings: els.show_element( i )