def doAllAppInstall(method):
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
for apk in appsList:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
if method is "INSTALL": #install apps
installapk(app)
elif method is "UNINSTALL": #uninstall apps
uninstallapk(app)
def assemble_and_install(context):
"""
reassemble the apk file and install it to the device
:param context:
:return:
"""
app = Apps.getApp(context.package)
logger.info("%s starting reassembling to apk", app.package)
newapk = path + app.package + "/" + app.package + "-new.apk"
newalignedapk = path + app.package + "/" + app.package + "-aligned.apk"
logger.info("%s reassembling to apk", context.package)
cmd = ["apktool", "b", path + app.package + "/smali/", "-o", newapk]
logger.debug(" ".join(cmd))
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
logger.info("%s signing apk", context.package)
cmd = ["jarsigner", "-verbose", "-sigalg", "SHA1withRSA", "-digestalg", "SHA1", "-keystore", "my-release-key.keystore", "--store-pass", "123456", "-keypass", "123456", newapk, "alias_name"]
logger.debug(" ".join(cmd))
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
logger.info("%s aligning apk", context.package)
cmd = [zipalign, "-f", "-v", "4", newapk, newalignedapk]
logger.debug(" ".join(cmd))
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
app = Apps()
app.package = context.package
app.path_to_apk = newalignedapk
deviceHelper.uninstallapk(app)
deviceHelper.installapk(app)
def callMallodroid(appsList):
existingRecords = Mallodroid.getPackages()
for apk in appsList:
if apk[0] in existingRecords:
continue
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
res = runMallodroid(app)
# result will be empty if app doesn't require internet permission
if res:
parseXML(res.strip(), app)
def evicheck(appslist):
"""
runs the EviCheck tool on a list of apps and stores results
as log files and database entries
:param appslist:
:return:
"""
p_result = re.compile(".*Policy valid!.*")
for apk in appslist:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
certFile = path + app.package + "/EviCheck.cert"
logFile = path + app.package + "/EviCheck.log"
logger.info("%s running EviCheck", app.package)
malware = Malware()
malware.package = app.package
malware.logfile = logFile
malware.tool = "EviCheck"
cmd = ["python", eviscript, "-f", app.path_to_apk, "-g", "-p", evipolicy, "-t", certFile,
"-m"] # there are RSA and DSA certificates; cater for both
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
continue
else:
lines = out.splitlines()
log = open(logFile, 'w')
log.writelines(lines)
log.close()
global a # init variable
for line in lines:
a = p_result.match(line)
if a:
malware.result = "valid"
logger.info("%s is valid", app.package)
break
if not a:
malware.result = "invalid"
logger.info("%s is not valid", app.package)
malware.insert()
def allApksToJar():
"""
extracts all apk files to jar
:return:
"""
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
for apk in appsList:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
apkTorJar(app)
def explaindroid(appsList):
"""
running Explain Droid on a list of apps
:param appsList:
:return:
"""
p_result = re.compile(".*LABEL: BENIGN.*")
for apk in appsList:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
logFile = path + app.package + "/ExplainDroid.log"
logger.info("%s running ExplainDroid", app.package)
malware = Malware()
malware.package = app.package
malware.logfile = logFile
malware.tool = "ExplainDroid"
cmd = [expdroidscript, "-mod", "linux", "-apk", app.path_to_apk
] # there are RSA and DSA certificates; cater for both
p = subprocess.Popen(cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
continue
else:
lines = out.splitlines()
log = open(logFile, 'w')
log.writelines(lines)
log.close()
global a # init variable
for line in lines:
a = p_result.match(line)
if a:
malware.result = "benign"
logger.info("%s is benign", app.package)
break
if not a:
malware.result = "malicious"
logger.info("%s is malicious", app.package)
malware.insert()
def allApksToSmali():
"""
extracting smali code for all apk files
:return:
"""
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
for apk in appsList:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
allApksToSmali()
def downloadApp(pathToStore, package, install, writeToDb):
# create app object
app = Apps()
pripol = Pripol()
sreenshotplaystore(package.strip(),pathToStore)
downloadapk(package.strip(), pathToStore, app, pripol, writeToDb)
if install:
deviceHelper.installapk(app)
def do():
app = Apps()
app.package = "com.denper.addonsdetector"
# this will only work on a Nexus 5 with Android 6
if deviceHelper.checkInstall(app):
logger.debug("Addons detector found on device")
deviceHelper.startApp(app, "com.denper.addonsdetector.ui.Dashboard")
deviceHelper.tapScreem("540", "940")
time.sleep(5)
deviceHelper.tapScreem("360", "600")
deviceHelper.tapScreem("330", "1700")
deviceHelper.tapScreem("730", "1200")
deviceHelper.tapScreem("550", "1200")
deviceHelper.copyFile(data_dir, "/tmp/dummy")
deviceHelper.deleteFile(data_dir + "*")
parseJson()
else:
logger.warning("Addons Detector Application not found")
def downloadApps(pathToStore, appListFile, install, writeToDb):
with open(appListFile) as f:
for appId in f:
print(appId.strip())
if appId.startswith('#') <> True:
# create app object
app = Apps()
pripol = Pripol()
sreenshotplaystore(appId.strip(),pathToStore)
downloadapk(appId.strip(), pathToStore, app, pripol, writeToDb)
if install:
deviceHelper.installapk(app)
def do():
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
threads = []
for list in chunkify(appsList, 4):
p = Process(target=callMallodroid, args=(list, ))
logger.info("starting mallodroid thread %s", p)
threads += [p]
p.start()
for t in threads:
t.join()
def apkTorJar(context):
"""
unpack apk file to jar; can be loaded with JD GUI
:param context:
:return:
"""
app = Apps.getApp(context.package)
logger.info("%s starting dex to jar", app.package)
cmd = ["d2j-dex2jar", "-o", path + app.package + "/" + app.package + "-dex2jar.jar", app.path_to_apk, ]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
def openJarInJdGui(context):
"""
opens Jar in JD GUI
:param context:
:return:
"""
logger.info("%s opening jar in JD Gui", context.package)
app = Apps.getApp(context.package)
cmd = [jdgui, path + app.package + "/" + app.package + "-dex2jar.jar"]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
def do():
"""
splitting the list of apps to analyze and start in multiple threads
:return:
"""
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
threads = []
for list in chunkify(appsList, 4):
p = Process(target=explaindroid, args=(list, ))
logger.info("starting mallodroid thread %s", p)
threads += [p]
p.start()
for t in threads:
t.join()
def apkToSmali(context):
"""
extracts smali code form apk file; smali code to be used for further analysis
:param context:
:return:
"""
app = Apps.getApp(context.package)
logger.info("%s starting dissambly to smali", app.package)
cmd = ["apktool", "d", app.path_to_apk, "-o", path + app.package + "/smali/"]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
if err:
logger.error(err)
return
else:
logger.debug(out)
def install():
with open(app_list) as lines:
packages = [line.rstrip('\n') for line in lines]
packages.insert(0, "ALL")
packages.append("quit")
package, index = pick(packages, "choose package")
if package == "ALL":
apps = Apps.getAllApps()
for a in apps:
app = Apps()
app.package = a[0]
app.path_to_apk = a[1]
deviceHelper.installapk(app)
else:
app = Apps.getApp(package)
deviceHelper.installapk(app)
def parseJson():
apps = Apps.getAllApps()
appList = []
for app in apps:
appList.append(app[0])
file = glob.glob('/tmp/dummy/*')
docs = json.loads(open(file[0]).read())
for i in range(0, len(docs)):
ad = Addons()
ad.package = docs[i]['appPackageName']
if ad.package not in appList:
continue
logger.info("%s adding addins", ad.package)
for addon in docs[i]['addons']:
ad.addon_type = addon['addon_type']
ad.name = addon['name']
ad.insert()
logger.debug("%s adding %s", ad.package, ad.name)
os.remove(file[0])
def choosePackage():
title = 'choose package: '
packages = Apps.getPackages()
packages.append("quit")
package, index = pick(packages, title)
return package
def apkInfo():
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
for apk in appsList:
app = Apps()
app.filesize = os.path.getsize(apk[1])
app.package = apk[0]
app.id = apk[2]
logger.info("%s analyzing manifest", app.package)
# run android build tool aapt and write into temp file
f = open(RPDIR + "dummy", "w")
cmd = ["aapt", "dump", "badging", apk[1]]
p = subprocess.Popen(cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, err = p.communicate()
logger.debug("%s, %s, %s", cmd, "", err)
f.write(out)
f.close()
# read information from temp file
f = open(RPDIR + "dummy", "r")
for line in f:
# print line
p_versionname = re.compile(".*versionName='(.*?)'.*")
p_versioncode = re.compile(".*versionCode='(.*?)'.*")
p_icon = re.compile("application.*icon='(.*?)'.*")
p_permission = re.compile("uses-permission.*'(.*?)'.*")
## if "debuggable" in line:
## print "DEBUG FLAG set for " + apk + "!!!"
## r["debugging_flag_set_in_manifest"] = 1
## else:
## r["debugging_flag_set_in_manifest"] = 0
## if "intent" in line:
## print "INTENT FILTER used in " + apk + "!!!"
a = p_versionname.match(line)
if a:
app.version = a.group(1)
#break
a = p_versioncode.match(line)
if a:
app.versioncode = a.group(1)
#break
a = p_icon.match(line)
if a:
app.path_to_icon = a.group(1)
#break
a = p_permission.match(line)
if a:
perm.id_app = app.id
perm.id_perm = a.group(1)
perm.insert()
#break
app.upsert()
def do():
if checkInstall():
forwardPort()
#startApp()
# get all apks which are linked in the database
# will come with [0] package [1] path_to_apk
appsList = Apps().getAllApps()
for apk in appsList:
app = Apps()
app.path_to_apk = apk[1]
app.package = apk[0]
logger.info("%s running drozer", app.package)
out, err = runDrozerCmd(app, "app.service.info -a")
if err:
logger.error(err.strip())
logger.error(
"Probably client app is not running or app not installed ..."
)
else:
if "No exported" in out:
pass
else:
writeToDb("service", out, app)
out, err = runDrozerCmd(app, "app.broadcast.info -a")
if err:
logger.error(err.strip())
logger.error(
"Probably client app is not running or app not installed ..."
)
else:
if "No matching" in out:
pass
else:
writeToDb("broadcast", out, app)
out, err = runDrozerCmd(app, "app.provider.info -a")
if err:
logger.error(err.strip())
logger.error(
"Probably client app is not running or app not installed ..."
)
else:
if "No matching" in out:
pass
else:
writeToDb("provider", out, app)
out, err = runDrozerCmd(app, "app.activity.info -a")
if err:
logger.error(err.strip())
logger.error(
"Probably client app is not running or app not installed ..."
)
else:
if "No exported" in out:
pass
else:
writeToDb("activity", out, app)
out, err = runDrozerCmd(app, "app.package.attacksurface")
if err:
logger.error(err.strip())
logger.error(
"Probably client app is not running or app not installed ..."
)
else:
cal = CodeAnalysis()
cal.package = app.package
if "is debuggable" in out:
cal.debuggable = 'y'
else:
cal.debuggable = 'n'
cal.insert()
else:
logger.warning("Install Drozer Client application first")