def main(options, arguments):
if options.input != None:
if androconf.is_android(options.input) == "APK":
ri = risk.RiskIndicator()
a = apk.APK(options.input)
print options.input, ri.with_apk(a)
elif options.directory != None:
ri = risk.RiskIndicator()
for root, dirs, files in os.walk(options.directory, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
if androconf.is_android(real_filename) == "APK":
try:
a = apk.APK(real_filename)
print ri.with_apk(
a), real_filename #, ri.with_apk( a )
except Exception, e:
print e
def main(options, arguments):
if options.database == None or options.config == None:
return
s = msign.MSignature(options.database, options.config)
if options.verbose:
s.set_debug()
s.load()
if options.input != None:
ret_type = androconf.is_android(options.input)
print os.path.basename(options.input), ":",
if ret_type == "APK":
a = apk.APK(options.input)
if a.is_valid_APK():
display(s.check_apk(a), options.verbose)
else:
print "INVALID"
elif ret_type == "DEX":
display(s.check_dex(open(options.input, "rb").read()),
options.verbose)
elif options.directory != None:
for root, dirs, files in os.walk(options.directory, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
ret_type = androconf.is_android(real_filename)
if ret_type == "APK":
print os.path.basename(real_filename), ":",
a = apk.APK(real_filename)
if a.is_valid_APK():
display(s.check_apk(a), options.verbose)
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
print os.path.basename(real_filename), ":",
display(
s.check_dex(open(real_filename, "rb").read()),
options.verbose)
except Exception, e:
print "ERROR", e
def main(options, arguments):
for root, dirs, files in os.walk(options.input):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
file_type = androconf.is_android(real_filename)
if file_type != None:
try:
if file_type == "APK":
a = apk.APK(real_filename)
if a.is_valid_APK() == False:
print "FAILED", real_filename, file_type
continue
raw = a.get_dex()
elif file_type == "DEX":
raw = open(real_filename, "rb").read()
d = open_dex(raw)
print "PASSED", real_filename, file_type
except Exception, e:
print "FAILED", real_filename, file_type
import traceback
traceback.print_exc()
else:
print "BAD FILE FORMAT", real_filename
def readManifest(apkfile): if (androconf.is_android(apkfile) != "APK"): print "Unknow file type" return "" a=apk.APK(apkfile) buff = a.xml[ "AndroidManifest.xml" ].toprettyxml() return buff
def _analyze(self) :
for i in self.__files :
#print "processing ", i
if ".class" in i :
bc = jvm.JVMFormat( self.__orig_raw[ i ] )
elif ".jar" in i :
x = jvm.JAR( i )
bc = x.get_classes()
elif ".dex" in i :
bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] )
elif ".apk" in i :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
else :
if androconf.is_android( i ) == "APK" :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
else :
raise( "Unknown bytecode" )
if isinstance(bc, list) :
for j in bc :
self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) )
else :
self.__bc.append( (i, BC( bc )) )
def _analyze(self) :
for i in self.__files :
#print "processing ", i
if ".class" in i :
bc = jvm.JVMFormat( self.__orig_raw[ i ] )
elif ".jar" in i :
x = jvm.JAR( i )
bc = x.get_classes()
elif ".dex" in i :
bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] )
elif ".apk" in i :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
else :
ret_type = androconf.is_android( i )
if ret_type == "APK" :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
elif ret_type == "DEX" :
bc = dvm.DalvikVMFormat( open(i, "rb").read() )
else :
raise( "Unknown bytecode" )
if isinstance(bc, list) :
for j in bc :
self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) )
else :
self.__bc.append( (i, BC( bc )) )
def main(options, arguments) :
for root, dirs, files in os.walk( options.input ) :
if files != [] :
for f in files :
real_filename = root
if real_filename[-1] != "/" :
real_filename += "/"
real_filename += f
file_type = androconf.is_android( real_filename )
if file_type != None :
try :
if file_type == "APK" :
a = apk.APK( real_filename )
if a.is_valid_APK() == False :
print "FAILED", real_filename, file_type
continue
raw = a.get_dex()
elif file_type == "DEX" :
raw = open(real_filename, "rb").read()
d = open_dex( raw )
print "PASSED", real_filename, file_type
except Exception, e :
print "FAILED", real_filename, file_type
import traceback
traceback.print_exc()
else :
print "BAD FILE FORMAT", real_filename
def main(options, arguments) :
if options.database == None or options.config == None :
return
s = msign.MSignature( options.database, options.config )
if options.verbose :
s.set_debug()
s.load()
if options.input != None :
ret_type = androconf.is_android( options.input )
print os.path.basename(options.input), ":",
if ret_type == "APK" :
a = apk.APK( options.input )
if a.is_valid_APK() :
display( s.check_apk( a ), options.verbose )
else :
print "INVALID"
elif ret_type == "DEX" :
display( s.check_dex( open(options.input, "rb").read() ), options.verbose )
elif options.directory != None :
for root, dirs, files in os.walk( options.directory, followlinks=True ) :
if files != [] :
for f in files :
real_filename = root
if real_filename[-1] != "/" :
real_filename += "/"
real_filename += f
ret_type = androconf.is_android( real_filename )
if ret_type == "APK" :
print os.path.basename( real_filename ), ":",
a = apk.APK( real_filename )
if a.is_valid_APK() :
display( s.check_apk( a ), options.verbose )
else :
print "INVALID APK"
elif ret_type == "DEX" :
try :
print os.path.basename( real_filename ), ":",
display( s.check_dex( open(real_filename, "rb").read() ), options.verbose )
except Exception, e :
print "ERROR", e
def main(options, arguments) :
if options.database == None :
return
if options.input != None :
s = msign.MSignature( options.database )
ret_type = androconf.is_android( options.input )
if ret_type == "APK" :
a = apk.APK( options.input )
if a.is_valid_APK() :
s.check_apk( a )
elif ret_type == "DEX" :
vm = dvm.DalvikVMFormat( open(options.input, "rb").read() )
s.check_dex( open(options.input, "rb").read() )
elif options.directory != None :
s = msign.MSignature( options.database )
for root, dirs, files in os.walk( options.directory, followlinks=True ) :
if files != [] :
for f in files :
real_filename = root
if real_filename[-1] != "/" :
real_filename += "/"
real_filename += f
ret_type = androconf.is_android( real_filename )
if ret_type == "APK" :
print real_filename, "--->",
try :
a = apk.APK( real_filename )
if a.is_valid_APK() :
s.check_apk( a )
else :
print "INVALID"
except Exception, e :
print "ERROR"
elif ret_type == "DEX" :
try :
print real_filename, "--->",
s.check_dex( open(real_filename, "rb").read() )
except Exception, e :
print "ERROR"
def main(options, arguments) :
if options.input != None :
if androconf.is_android( options.input ) == "APK" :
ri = risk.RiskIndicator()
a = apk.APK( options.input )
print options.input, ri.with_apk( a )
elif options.directory != None :
ri = risk.RiskIndicator()
for root, dirs, files in os.walk( options.directory, followlinks=True ) :
if files != [] :
for f in files :
real_filename = root
if real_filename[-1] != "/" :
real_filename += "/"
real_filename += f
if androconf.is_android( real_filename ) == "APK" :
try :
a = apk.APK( real_filename )
print ri.with_apk(a), real_filename#, ri.with_apk( a )
except Exception, e :
print e
def main(options, arguments) :
if options.input != None and options.output != None :
buff = ""
ret_type = androconf.is_android( options.input )
if ret_type == "APK" :
a = apk.APK( options.input )
buff = a.xml[ "AndroidManifest.xml" ].toprettyxml()
elif ".xml" in options.input :
ap = apk.AXMLPrinter( open(options.input, "rb").read() )
buff = minidom.parseString( ap.getBuff() ).toprettyxml()
else :
print "Unknown file type"
return
fd = codecs.open(options.output, "w", "utf-8")
fd.write( buff )
fd.close()
elif options.version != None :
print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments):
if options.input != None and options.output != None:
buff = ""
ret_type = androconf.is_android(options.input)
if ret_type == "APK":
a = apk.APK(options.input)
buff = a.xml["AndroidManifest.xml"].toprettyxml()
elif ".xml" in options.input:
ap = apk.AXMLPrinter(open(options.input, "rb").read())
buff = minidom.parseString(ap.getBuff()).toprettyxml()
else:
print "Unknown file type"
return
fd = codecs.open(options.output, "w", "utf-8")
fd.write(buff)
fd.close()
elif options.version != None:
print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments) :
if options.input != None and options.output != None :
ret_type = androconf.is_android( options.input )
vm = None
a = None
if ret_type == "APK" :
a = apk.APK( options.input )
if a.is_valid_APK() :
vm = dvm.DalvikVMFormat( a.get_dex() )
else :
print "INVALID APK"
elif ret_type == "DEX" :
try :
vm = dvm.DalvikVMFormat( open(options.input, "rb").read() )
except Exception, e :
print "INVALID DEX", e
vmx = analysis.VMAnalysis( vm )
gvmx = ganalysis.GVMAnalysis( vmx, a )
gvmx.export_to_gexf( options.output )
def check(db, dbconf, TESTS) :
s = msign.MSignature( db, dbconf )
s.load()
s.set_debug()
for i in TESTS :
ret_type = androconf.is_android( i )
if ret_type == "APK" :
print os.path.basename( i ), ":",
sys.stdout.flush()
a = apk.APK( i )
if a.is_valid_APK() :
test( s.check_apk( a )[0], TESTS[i] )
else :
print "INVALID APK"
elif ret_type == "DEX" :
try :
print os.path.basename( i ), ":",
sys.stdout.flush()
test( s.check_dex( open(i, "rb").read() )[0], TESTS[i] )
except Exception, e :
print "ERROR", e
def check(db, dbconf, TESTS):
s = msign.MSignature(db, dbconf)
s.load()
s.set_debug()
for i in TESTS:
ret_type = androconf.is_android(i)
if ret_type == "APK":
print os.path.basename(i), ":",
sys.stdout.flush()
a = apk.APK(i)
if a.is_valid_APK():
test(s.check_apk(a)[0], TESTS[i])
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
print os.path.basename(i), ":",
sys.stdout.flush()
test(s.check_dex(open(i, "rb").read())[0], TESTS[i])
except Exception, e:
print "ERROR", e
def add_file(self, srules) :
l = []
rules = json.loads( srules )
ret_type = androconf.is_android( rules[0]["SAMPLE"] )
if ret_type == "APK" :
a = apk.APK( rules[0]["SAMPLE"] )
classes_dex = a.get_dex()
elif ret_type == "DEX" :
classes_dex = open( rules[0]["SAMPLE"], "rb" ).read()
elif ret_type == "ELF" :
elf_file = open( rules[0]["SAMPLE"], "rb" ).read()
else :
return None
if ret_type == "APK" or ret_type == "DEX" :
vm = dvm.DalvikVMFormat( classes_dex )
vmx = VMAnalysis( vm )
for i in rules[1:] :
x = { i["NAME"] : [] }
n = 0
sign = []
for j in i["SIGNATURE"] :
z = []
if j["TYPE"] == "METHSIM" :
z.append( METHSIM )
m = vm.get_method_descriptor( j["CN"], j["MN"], j["D"] )
if m == None :
print "impossible to find", j["CN"], j["MN"], j["D"]
raise("ooo")
#print m.get_length()
z_tmp = create_entropies( vmx, m )
z_tmp[0] = base64.b64encode( z_tmp[0] )
z.extend( z_tmp )
elif j["TYPE"] == "CLASSHASH" :
buff = ""
for c in vm.get_classes() :
if j["CN"] == c.get_name() :
z.append( CLASSHASH )
class_data = c.get_class_data()
buff += "%d%d%d%d%d" % ( c.get_access_flags(), class_data.static_fields_size, class_data.instance_fields_size, class_data.direct_methods_size, class_data.virtual_methods_size )
for m in c.get_methods() :
buff += "%d%s" % (m.get_access_flags(), m.get_descriptor())
for f in c.get_fields() :
buff += "%d%s" % (f.get_access_flags(), f.get_descriptor())
z.append( hashlib.sha256( buff ).hexdigest() )
elif j["TYPE"] == "CLASSSIM" :
for c in vm.get_classes() :
if j["CN"] == c.get_name() :
z.append( CLASSSIM )
value = ""
value_entropy = 0.0
android_entropy = 0.0
java_entropy = 0.0
hex_entropy = 0.0
exception_entropy = 0.0
nb_methods = 0
for m in c.get_methods() :
z_tmp = create_entropies( vmx, m )
value += z_tmp[0]
value_entropy += z_tmp[1]
android_entropy += z_tmp[2]
java_entropy += z_tmp[3]
hex_entropy += z_tmp[4]
exception_entropy += z_tmp[5]
nb_methods += 1
z.extend( [ base64.b64encode(value),
value_entropy/nb_methods,
android_entropy/nb_methods,
java_entropy/nb_methods,
hex_entropy/nb_methods,
exception_entropy/nb_methods ] )
elif j["TYPE"] == "BINHASH" :
z.append( BINHASH )
z.extend( [ base64.b64encode(elf_file[j["START"]:j["END"]]) ] )
#elif j["TYPE"] == "MPSM" :
# z.append( 1 )
# z.append( j["STYPE"] )
# z.append( vmx.get_method_signature( vm.get_method_descriptor( j["CN"], j["MN"], j["D"] ), predef_sign = j["STYPE"] ).get_string() )
sign.append( z )
x[ i["NAME"] ].append( sign )
x[ i["NAME"] ].append( i["BF"] )
l.append( x )
print l
return l