def _analyze(self) :
for i in self.__files :
#print "processing ", i
if ".class" in i :
bc = jvm.JVMFormat( self.__orig_raw[ i ] )
elif ".jar" in i :
x = jvm.JAR( i )
bc = x.get_classes()
elif ".dex" in i :
bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] )
elif ".apk" in i :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
else :
ret_type = androconf.is_android( i )
if ret_type == "APK" :
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
elif ret_type == "DEX" :
bc = dvm.DalvikVMFormat( open(i, "rb").read() )
else :
raise( "Unknown bytecode" )
if isinstance(bc, list) :
for j in bc :
self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) )
else :
self.__bc.append( (i, BC( bc )) )
def main(options, arguments):
if options.input != None:
if androconf.is_android(options.input) == "APK":
ri = risk.RiskIndicator()
a = apk.APK(options.input)
print options.input, ri.with_apk(a)
elif options.directory != None:
ri = risk.RiskIndicator()
for root, dirs, files in os.walk(options.directory, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
if androconf.is_android(real_filename) == "APK":
try:
a = apk.APK(real_filename)
print ri.with_apk(
a), real_filename #, ri.with_apk( a )
except Exception, e:
print e
def main(options, arguments):
if options.database == None or options.config == None:
return
s = msign.MSignature(options.database, options.config)
if options.verbose:
s.set_debug()
s.load()
if options.input != None:
ret_type = androconf.is_android(options.input)
print os.path.basename(options.input), ":",
if ret_type == "APK":
a = apk.APK(options.input)
if a.is_valid_APK():
display(s.check_apk(a), options.verbose)
else:
print "INVALID"
elif ret_type == "DEX":
display(s.check_dex(open(options.input, "rb").read()),
options.verbose)
elif options.directory != None:
for root, dirs, files in os.walk(options.directory, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
ret_type = androconf.is_android(real_filename)
if ret_type == "APK":
print os.path.basename(real_filename), ":",
a = apk.APK(real_filename)
if a.is_valid_APK():
display(s.check_apk(a), options.verbose)
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
print os.path.basename(real_filename), ":",
display(
s.check_dex(open(real_filename, "rb").read()),
options.verbose)
except Exception, e:
print "ERROR", e
def main(options, arguments):
for root, dirs, files in os.walk(options.input):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
file_type = androconf.is_android(real_filename)
if file_type != None:
try:
if file_type == "APK":
a = apk.APK(real_filename)
if a.is_valid_APK() == False:
print "FAILED", real_filename, file_type
continue
raw = a.get_dex()
elif file_type == "DEX":
raw = open(real_filename, "rb").read()
d = open_dex(raw)
print "PASSED", real_filename, file_type
except Exception, e:
print "FAILED", real_filename, file_type
import traceback
traceback.print_exc()
else:
print "BAD FILE FORMAT", real_filename
def __init__(self, filename):
self.apkfile = apk.APK(
filename
) # make an object, called apkfile, of the APK class from the apk library
self.permissions = self.apkfile.get_permissions(
) # file permissions as a string
temp_list = permission_classifier(self.permissions)
self.Perm_READ_CALENDAR = temp_list[0]
self.Perm_WRITE_CALENDAR = temp_list[1]
self.Perm_CAMERA = temp_list[2]
self.Perm_READ_CONTACTS = temp_list[3]
self.Perm_WRITE_CONTACTS = temp_list[4]
self.Perm_GET_ACCOUNTS = temp_list[5]
self.Perm_ACCESS_FINE_LOCATION = temp_list[6]
self.Perm_ACCESS_COARSE_LOCATION = temp_list[7]
self.Perm_RECORD_AUDIO = temp_list[8]
self.Perm_READ_PHONE_STATE = temp_list[9]
self.Perm_CALL_PHONE = temp_list[10]
self.Perm_READ_CALL_LOG = temp_list[11]
self.Perm_WRITE_CALL_LOG = temp_list[12]
self.Perm_ADD_VOICEMAIL = temp_list[13]
self.Perm_USE_SIP = temp_list[14]
self.Perm_PROCESS_OUTGOING_CALLS = temp_list[15]
self.Perm_BODY_SENSORS = temp_list[16]
self.Perm_SEND_SMS = temp_list[17]
self.Perm_RECEIVE_SMS = temp_list[18]
self.Perm_READ_SMS = temp_list[19]
self.Perm_RECEIVE_WAP_PUSH = temp_list[20]
self.Perm_RECEIVE_MMS = temp_list[21]
self.Perm_READ_EXTERNAL_STORAGE = temp_list[21]
self.Perm_WRITE_EXTERNAL_STORAGE = temp_list[22]
def add_apk_raw(self, filename):
print "Processing ....", filename
a = apk.APK(filename)
raw = a.get_raw()
dex = a.get_dex()
if len(raw) == 0 or len(dex) == 0:
print "Empty raw"
return -1
original_name = os.path.basename(filename)
if self._session.query(AppsRaw).filter_by(
hashraw=hashlib.sha512(raw).hexdigest()).count() > 0:
print "HASH RAW is already present"
return -1
#if self._session.query(AppsRaw).filter_by(hashdex=hashlib.sha512( dex ).hexdigest()).count() > 0 :
# print "HASH DEX is already present"
# return -1
print "ADD it !"
r = Raw(filename)
self._session.add(r)
self._session.commit()
a_raw = AppsRaw(original_name, r.id, APK_RAW,
hashlib.sha512(raw).hexdigest(),
hashlib.sha512(dex).hexdigest())
self._session.add(a_raw)
self._session.commit()
return 0
def prepare_apks(self):
lockf = self.lock_repo()
try:
if not self.in_repo():
# self.app_apk.add_permission(["android.permission.INTERNET", "android.permission.READ_LOGS"])
self.app_apk.add_permission(["android.permission.INTERNET"])
shutil.copy(self.app_apk.get_path(), self.get_mod_path())
self.app_apk.cleanup()
self.app_apk = apk.APK(self.get_mod_path())
self.app_apk.resign(settings.keystore, settings.keystore_pass, settings.keystore_alias)
else:
self.app_apk = apk.APK(self.get_mod_path())
finally:
self.unlock_repo(lockf)
self.inst.make_apk()
def main(options, arguments) :
if options.input != None and options.output != None :
buff = ""
if ".apk" in options.input :
a = apk.APK( options.input )
buff = a.xml[ "AndroidManifest.xml" ].toprettyxml()
elif ".xml" in options.input :
ap = apk.AXMLPrinter( open(options.input, "rb").read() )
buff = minidom.parseString( ap.getBuff() ).toprettyxml()
else :
print "Unknown file type"
return
fd = codecs.open(options.output, "w", "utf-8")
fd.write( buff )
fd.close()
elif options.version != None :
print "Androaxml version %s" % misc.ANDROAXML_VERSION
def __init__(self, dev, app_apk_path, app_package = None, app_start_activity = None, device_conf = None, msg_proxy_mode = None, inst_args = None):
self.dev = dev
self.app_apk_path = app_apk_path
self.app_package = app_package
self.app_start_activity = app_start_activity
self.app_apk = apk.APK(self.app_apk_path)
self.device_conf = device_conf
self.msg_proxy_mode = msg_proxy_mode
self.inst_args = inst_args
if not self.app_package:
self.app_package = self.app_apk.get_package()
if not self.app_start_activity:
self.app_start_activity = self.app_apk.get_default_activity_full(self.app_package)
self.fullname = os.path.splitext(os.path.basename(app_apk_path))[0]
self.inst = instrumenter.Instrumenter(self.app_package, self.app_start_activity)
libinfo.load_lib_info()
self.skip_install = False
def check(db, dbconf, TESTS):
s = msign.MSignature(db, dbconf)
s.load()
s.set_debug()
for i in TESTS:
ret_type = androconf.is_android(i)
if ret_type == "APK":
print os.path.basename(i), ":",
sys.stdout.flush()
a = apk.APK(i)
if a.is_valid_APK():
test(s.check_apk(a)[0], TESTS[i])
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
print os.path.basename(i), ":",
sys.stdout.flush()
test(s.check_dex(open(i, "rb").read())[0], TESTS[i])
except Exception, e:
print "ERROR", e
from ctypes import cdll, c_float, c_int, c_uint, c_void_p, Structure, addressof, create_string_buffer, cast, POINTER, pointer
from struct import pack, unpack, calcsize
PATH_INSTALL = "../../../"
sys.path.append(PATH_INSTALL + "./")
sys.path.append(PATH_INSTALL + "./core")
sys.path.append(PATH_INSTALL + "./core/bytecodes")
sys.path.append(PATH_INSTALL + "./core/analysis")
import apk, dvm, analysis, msign
if __name__ == "__main__":
# a = apk.APK( PATH_INSTALL + "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" )
# a = apk.APK( PATH_INSTALL + "apks/drweb-600-android-beta.apk" )
# a = apk.APK( PATH_INSTALL + "debug/062d5e38dc4618a8b1c6bf3587dc2016a3a3db146aea0d82cc227a18ca21ad13")
a = apk.APK(PATH_INSTALL + "apks/malwares/kungfu/sample2.apk")
t1 = time.time()
if len(sys.argv) > 1:
d = dvm.DalvikVMFormat(a.get_dex(), engine=["python"])
else:
d = dvm.DalvikVMFormat(a.get_dex())
t2 = time.time()
x = analysis.VMAnalysis(d)
t3 = time.time()
print('-> %0.8f %0.8f %0.8f' % ((t2 - t1, t3 - t2, t3 - t1)))
sys.exit(0)
def resign(self):
instapk = apk.APK(self.get_apk_path())
instapk.resign(settings.keystore, settings.keystore_pass,
settings.keystore_alias)
#!/usr/bin/env python import sys PATH_INSTALL = "./" sys.path.append(PATH_INSTALL + "/core") sys.path.append(PATH_INSTALL + "/core/bytecodes") import dvm, apk TEST = "./examples/android/TC/bin/TC-debug.apk" a = apk.APK(TEST) a.show() j = dvm.DalvikVMFormat(a.get_dex()) # SHOW CLASS (verbose) #j.show()
def get_used_libs(self):
myapk = apk.APK(self.get_apk_path())
return myapk.get_used_libs()
try :
r = r.next[0]
except ValueError :
break
print ret, l
if __name__ == "__main__" :
u = cdll.LoadLibrary( "./libsign.so")
u.add_sign.restype = c_int
u.entropy.restype = c_float
new_sign = u.init()
a = apk.APK( PATH_INSTALL + "apks/DroidDream/Magic Hypnotic Spiral.apk" )
vm = dvm.DalvikVMFormat( a.get_dex() )
vmx = analysis.VMAnalysis( vm )
n = 0
for s in NCD_SIGNATURES :
v = NCD_SIGNATURES[ s ]
m = vm.get_method_descriptor( v[0], v[1], v[2] )
entropies = create_entropies( vmx, m, u )
print m, entropies
value = vmx.get_method_signature(m, predef_sign = analysis.SIGNATURE_L0_0 ).get_string()
print "ADD NCD_SIGNATURE -->", u.add_sign( new_sign, n, 0, cast( value, c_void_p ), len( value ), addressof ( entropies ) )