def export_apps_to_format(a, output, dot=None, _format=None): output_name = output if output_name[-1] != "/": output_name = output_name + "/" for vm in a.get_vms(): x = analysis.VMAnalysis(vm) for method in vm.get_methods(): filename = output_name + valid_class_name(method.get_class_name()) if filename[-1] != "/": filename = filename + "/" descriptor = method.get_descriptor() descriptor = descriptor.replace(";", "") descriptor = descriptor.replace(" ", "") descriptor = descriptor.replace("(", "-") descriptor = descriptor.replace(")", "-") descriptor = descriptor.replace("/", "_") filename = filename + method.get_name() + descriptor buff = method2dot(x.get_method(method)) if dot: fd = open(filename + ".dot", "w") fd.write(buff) fd.close() if _format: method2format(filename + "." + _format, _format, raw=buff)
def __init__(self, name): vm = androguard.AndroguardS(name) self.vm = vm.get_vm() self.bca = analysis.VMAnalysis(self.vm) ldict = [(dvclass.get_name(), DvClass(dvclass, self.bca)) for dvclass in self.vm.get_classes()] self.classes = dict(ldict) Util.merge_inner(self.classes)
def export_apps_to_xgmml( input, output, fcg, efcg ) : a = androguard.Androguard( [ input ] ) fd = open(output, "w") fd.write("<?xml version='1.0'?>\n") fd.write("<graph label=\"Androguard XGMML %s\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:ns1=\"http://www.w3.org/1999/xlink\" xmlns:dc=\"http://purl.org/dc/elements/1.1/\" xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\" xmlns=\"http://www.cs.rpi.edu/XGMML\" directed=\"1\">\n" % (os.path.basename(input))) for vm in a.get_vms() : x = analysis.VMAnalysis( vm ) # CFG for method in vm.get_methods() : g = x.hmethods[ method ] export_xgmml_cfg(g, fd) if fcg : export_xgmml_fcg(vm, x, fd) if efcg : export_xgmml_efcg(vm, x, fd) fd.write("</graph>") fd.close()
if __name__ == "__main__": # a = apk.APK( PATH_INSTALL + "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" ) # a = apk.APK( PATH_INSTALL + "apks/drweb-600-android-beta.apk" ) # a = apk.APK( PATH_INSTALL + "debug/062d5e38dc4618a8b1c6bf3587dc2016a3a3db146aea0d82cc227a18ca21ad13") a = apk.APK(PATH_INSTALL + "apks/malwares/kungfu/sample2.apk") t1 = time.time() if len(sys.argv) > 1: d = dvm.DalvikVMFormat(a.get_dex(), engine=["python"]) else: d = dvm.DalvikVMFormat(a.get_dex()) t2 = time.time() x = analysis.VMAnalysis(d) t3 = time.time() print('-> %0.8f %0.8f %0.8f' % ((t2 - t1, t3 - t2, t3 - t1))) sys.exit(0) for method in d.get_methods(): print(method.get_class_name(), method.get_name(), method.get_descriptor()) code = method.get_code() if code == None: continue bc = code.get_bc()
#!/usr/bin/env python import sys PATH_INSTALL = "./" sys.path.append(PATH_INSTALL + "/core") sys.path.append(PATH_INSTALL + "/core/bytecodes") sys.path.append(PATH_INSTALL + "/core/analysis") import jvm, analysis TEST = "./examples/java/test/orig/Test1.class" j = jvm.JVMFormat(open(TEST).read()) x = analysis.VMAnalysis(j) # SHOW CLASS (verbose and pretty) #j.pretty_show( x ) # SHOW METHODS for i in j.get_methods(): print i i.pretty_show(x)
import androguard, analysis from analysis import * TEST_CASE = "examples/android/TestsAndroguard/bin/classes.dex" def test(got, expected): if got == expected: prefix = ' OK ' else: prefix = ' X ' print '%s got: %s expected: %s' % (prefix, repr(got), repr(expected)) a = androguard.AndroguardS(TEST_CASE) x = analysis.VMAnalysis(a.get_vm(), code_analysis=True) for method in a.get_methods(): print method.get_class_name(), method.get_name(), method.get_descriptor() print "-> : \t", x.get_method_signature( method, predef_sign=SIGNATURE_L0_0).get_string() print "-> : \t", x.get_method_signature( method, predef_sign=SIGNATURE_L0_1).get_string() print "-> : \t", x.get_method_signature( method, predef_sign=SIGNATURE_L0_2).get_string() print "-> : \t", x.get_method_signature(method, "L4", { "L4": { "arguments": ["Landroid"] } }).get_string() print "-> : \t", x.get_method_signature(method, "L2").get_string()
PATH_INSTALL = "./" sys.path.append(PATH_INSTALL + "./") import androguard, analysis #TEST = 'examples/java/test/orig/Test1.class' #TEST = 'examples/java/Demo1/orig/DES.class' #TEST = 'examples/java/Demo1/orig/Util.class' #TEST = 'examples/android/Test/bin/classes.dex' TEST = 'examples/android/TestsAndroguard/bin/classes.dex' #TEST = 'examples/android/TC/bin/classes.dex' #TEST = 'examples/android/Hello_Kitty/classes.dex' a = androguard.AndroguardS(TEST) x = analysis.VMAnalysis(a.get_vm()) # CFG for method in a.get_methods(): g = x.hmethods[method] print method.get_class_name(), method.get_name(), method.get_descriptor( ), method.get_code().get_length(), method.get_code( ).registers_size.get_value() idx = 0 for i in g.basic_blocks.get(): print "\t %s %x %x" % (i.name, i.start, i.end), i.ins[-1].get_name( ), '[ CHILDS = ', ', '.join( "%x-%x-%s" % (j[0], j[1], j[2].get_name()) for j in i.childs), ']', '[ FATHERS = ', ', '.join(
def analyze(self) : self.__a = analysis.VMAnalysis( self.__bc, code_analysis=True )
r = r.next[0] except ValueError : break print ret, l if __name__ == "__main__" : u = cdll.LoadLibrary( "./libsign.so") u.add_sign.restype = c_int u.entropy.restype = c_float new_sign = u.init() a = apk.APK( PATH_INSTALL + "apks/DroidDream/Magic Hypnotic Spiral.apk" ) vm = dvm.DalvikVMFormat( a.get_dex() ) vmx = analysis.VMAnalysis( vm ) n = 0 for s in NCD_SIGNATURES : v = NCD_SIGNATURES[ s ] m = vm.get_method_descriptor( v[0], v[1], v[2] ) entropies = create_entropies( vmx, m, u ) print m, entropies value = vmx.get_method_signature(m, predef_sign = analysis.SIGNATURE_L0_0 ).get_string() print "ADD NCD_SIGNATURE -->", u.add_sign( new_sign, n, 0, cast( value, c_void_p ), len( value ), addressof ( entropies ) ) n += 1