class TestFile(object):
def setup(self):
# File() will invoke cwd(), so any CWD is required.
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
self.file = File(self.path)
def test_get_name(self):
assert self.path.split(os.sep)[-1] == self.file.get_name()
def test_get_data(self):
assert "" == self.file.get_data()
def test_get_size(self):
assert 0 == self.file.get_size()
def test_get_crc32(self):
assert "00000000" == self.file.get_crc32()
def test_get_md5(self):
assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5()
def test_get_sha1(self):
assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1(
)
def test_get_sha256(self):
assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256(
)
def test_get_sha512(self):
assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512(
)
def test_get_ssdeep(self):
try:
import pydeep
assert self.file.get_ssdeep() is not None
pydeep # Fake usage.
except ImportError:
assert self.file.get_ssdeep() is None
def test_get_type(self):
assert "empty" in self.file.get_type()
def test_get_content_type(self):
assert self.file.get_content_type() in [
"inode/x-empty", "application/x-empty"
]
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in [
"name", "size", "crc32", "md5", "sha1", "sha256", "sha512",
"ssdeep", "type"
]:
assert key in self.file.get_all()
def run(self):
"""Run Google play unofficial python api the get the google play information
@return: list of google play features
"""
self.key = "googleplay"
googleplay = {}
if not HAVE_GOOGLEPLAY:
log.error("Unable to import the GooglePlay library, has it been "
"installed properly?")
return
if "file" not in self.task["category"]:
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)
android_id = self.options.get("android_id")
google_login = self.options.get("google_login")
google_password = self.options.get("google_password")
# auth_token = self.options.get("auth_token", None)
if not android_id and not google_login and not google_password:
raise CuckooProcessingError("Google Play Credentials not configured, skip")
try:
a = APK(self.file_path)
if a.is_valid_APK():
package = a.get_package()
# Connect
api = GooglePlayAPI(android_id)
api.login(google_login, google_password, None)
# Get the version code and the offer type from the app details
app_data = api.details(package)
app_detail = app_data.docV2.details.appDetails
if not app_detail.installationSize:
return googleplay
googleplay["title"] = app_detail.title
googleplay["app_category"] = app_detail.appCategory._values
googleplay["version_code"] = app_detail.versionCode
googleplay["app_type"] = app_detail.appType
googleplay["content_rating"] = app_detail.contentRating
googleplay["developer_email"] = app_detail.developerEmail
googleplay["developer_name"] = app_detail.developerName
googleplay["developer_website"] = app_detail.developerWebsite
googleplay["installation_size"] = app_detail.installationSize
googleplay["num_downloads"] = app_detail.numDownloads
googleplay["upload_date"] = app_detail.uploadDate
googleplay["permissions"] = app_detail.permission._values
except (IOError, OSError, zipfile.BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return googleplay
def run(self):
"""Run androguard to extract static android information
@return: list of static features
"""
self.key = "apkinfo"
apkinfo = {}
if "file" not in self.task["category"]:
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError(
"Sample file doesn't exist: \"%s\"" % self.file_path)
try:
a = APK(self.file_path)
if a.is_valid_APK():
manifest = {}
apkinfo["files"] = self._apk_files(a)
manifest["package"] = a.get_package()
# manifest["permissions"]=a.get_details_permissions_new()
manifest["main_activity"] = a.get_main_activity()
manifest["activities"] = a.get_activities()
manifest["services"] = a.get_services()
manifest["receivers"] = a.get_receivers()
# manifest["receivers_actions"]=a.get__extended_receivers()
manifest["providers"] = a.get_providers()
manifest["libraries"] = a.get_libraries()
apkinfo["manifest"] = manifest
# apkinfo["certificate"] = a.get_certificate()
static_calls = {}
if self.check_size(apkinfo["files"]):
vm = DalvikVMFormat(a.get_dex())
vmx = uVMAnalysis(vm)
static_calls["all_methods"] = self.get_methods(vmx)
static_calls[
"is_native_code"] = analysis.is_native_code(vmx)
static_calls["is_dynamic_code"] = analysis.is_dyn_code(
vmx)
static_calls[
"is_reflection_code"] = analysis.is_reflection_code(
vmx)
# static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
# static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
# static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
# static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
# static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
else:
log.warning("Dex size bigger than: %s",
self.options.decompilation_threshold)
apkinfo["static_method_calls"] = static_calls
except (IOError, OSError, zipfile.BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return apkinfo
def run(self):
"""Run androguard to extract static android information
@return: list of static features
"""
self.key = "apkinfo"
apkinfo = {}
if "file" not in self.task["category"]:
return
from androguard.core.bytecodes.apk import APK
from androguard.core.bytecodes.dvm import DalvikVMFormat
from androguard.core.analysis.analysis import uVMAnalysis
from androguard.core.analysis import analysis
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)
try:
a = APK(self.file_path)
if a.is_valid_APK():
manifest = {}
apkinfo["files"] = self._apk_files(a)
manifest["package"] = a.get_package()
# manifest["permissions"]=a.get_details_permissions_new()
manifest["main_activity"] = a.get_main_activity()
manifest["activities"] = a.get_activities()
manifest["services"] = a.get_services()
manifest["receivers"] = a.get_receivers()
# manifest["receivers_actions"]=a.get__extended_receivers()
manifest["providers"] = a.get_providers()
manifest["libraries"] = a.get_libraries()
apkinfo["manifest"] = manifest
# apkinfo["certificate"] = a.get_certificate()
static_calls = {}
if self.check_size(apkinfo["files"]):
vm = DalvikVMFormat(a.get_dex())
vmx = uVMAnalysis(vm)
static_calls["all_methods"] = self.get_methods(vmx)
static_calls["is_native_code"] = analysis.is_native_code(vmx)
static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx)
static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx)
# static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
# static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
# static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
# static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
# static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
else:
log.warning("Dex size bigger than: %s",
self.options.decompilation_threshold)
apkinfo["static_method_calls"] = static_calls
except (IOError, OSError, zipfile.BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return apkinfo
class TestFile(object):
def setup(self):
# File() will invoke cwd(), so any CWD is required.
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
self.file = File(self.path)
def test_get_name(self):
assert self.path.split(os.sep)[-1] == self.file.get_name()
def test_get_data(self):
assert "" == self.file.get_data()
def test_get_size(self):
assert 0 == self.file.get_size()
def test_get_crc32(self):
assert "00000000" == self.file.get_crc32()
def test_get_md5(self):
assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5()
def test_get_sha1(self):
assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1()
def test_get_sha256(self):
assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256()
def test_get_sha512(self):
assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512()
def test_get_ssdeep(self):
try:
import pydeep
assert self.file.get_ssdeep() is not None
pydeep # Fake usage.
except ImportError:
assert self.file.get_ssdeep() is None
def test_get_type(self):
assert "empty" in self.file.get_type()
def test_get_content_type(self):
assert self.file.get_content_type() in ["inode/x-empty", "application/x-empty"]
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in ["name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type"]:
assert key in self.file.get_all()
def test_init_remov_original(self):
self.create_cwd()
task = Task()
fd, tmpfile = tempfile.mkstemp()
os.write(fd, os.urandom(64))
os.close(fd)
id = task.add_path(tmpfile)
task.load_from_db(id)
tmpfile_obj = File(tmpfile)
tmpfile_obj.calc_hashes()
manager = self.get_manager(task)
# Remove so init fails to find the original target
os.remove(tmpfile)
result = manager.init(self.db)
assert result
assert manager.options["target"] == tmpfile
assert manager.options["file_name"] == tmpfile_obj.get_name()
assert isinstance(manager.guest_manager, GuestManager)
assert isinstance(manager.aux, RunAuxiliary)
assert os.path.isfile(os.path.join(task.path, "task.json"))
