def find_executables(self, dir):
"""Finds executables in a given directory. Does not parse recursively.
Returns two lists:
- ARM executables list (absolute filename)
- APK executables list (absolute filename)
"""
assert os.path.isdir(dir), "argument should be a directory"
found_apk = []
found_arm = []
listing = os.listdir(dir)
for file in listing:
absolute_file = os.path.join(dir, file)
if os.path.isfile(absolute_file):
filetype = droidutil.get_filetype(absolute_file)
if filetype == droidutil.ARM:
if self.verbose:
print("%s is an ARM executable" % (absolute_file))
found_arm.append(absolute_file)
else:
if filetype == droidutil.ZIP:
innerzip = droidziprar.droidziprar(
absolute_file, True, self.verbose)
if innerzip.handle == None:
if self.verbose:
print("%s is not a valid zip" %
(absolute_file))
return found_apk, found_arm
filetype = innerzip.get_type()
innerzip.close()
if filetype == droidutil.APK:
if self.verbose:
print("%s contains an APK" % (absolute_file))
found_apk.append(absolute_file)
else:
if filetype == droidutil.RAR:
innerzip = droidziprar.droidziprar(
absolute_file, False, self.verbose)
if innerzip.handle == None:
if self.verbose:
print("%s is not a valid rar" %
(absolute_file))
return found_apk, found_arm
filetype = innerzip.get_type()
innerzip.close()
if filetype == droidutil.APK:
if self.verbose:
print("%s contains an APK" %
(absolute_file))
found_apk.append(absolute_file)
return found_arm, found_apk
def unzip(self):
"""
This method will unzip/unrar the sample, and recursively unzip/unrar inner zips/rars.
If we are not removing the analysis directory (clearoutput option), then we also
unzip the sample in outdir/unzipped subdirectory.
If the sample is password protected, we try 'infected' as password.
Returns the file type of the sample: droidutil.<FILE CONSTANT> (UNKNOWN, APK, DEX, ...)
"""
if self.verbose:
print("------------- Unzipping %s" % (self.absolute_filename))
self.properties.filetype = droidutil.get_filetype(
self.absolute_filename)
if self.properties.filetype == droidutil.ARM or \
self.properties.filetype == droidutil.UNKNOWN or \
self.properties.filetype == droidutil.DEX:
if self.verbose:
print "This is a %s. Nothing to unzip for %s" % (
droidutil.str_filetype(
self.properties.filetype), self.absolute_filename)
return self.properties.filetype
if self.properties.filetype == droidutil.ZIP or \
self.properties.filetype == droidutil.RAR:
if self.properties.filetype == droidutil.ZIP:
self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
zipmode=True, verbose=self.verbose)
else:
self.ziprar = droidziprar.droidziprar(self.absolute_filename, \
zipmode=False, verbose=self.verbose)
if self.ziprar.handle == None:
self.properties.filetype = droidutil.UNKNOWN # damaged zip/rar
if self.verbose:
print "We are unable to unzip/unrar %s because of errors" % (
self.absolute_filename)
return droidutil.UNKNOWN
# Now, we know self.ziprar is valid and open.
self.properties.filetype, innerzips = self.ziprar.get_type()
if innerzips:
self.properties.file_innerzips = True
if self.verbose:
print "There are inner zips/rars in " + self.absolute_filename
for element in innerzips:
# extract the inner zip/rar
if self.verbose:
print "Extracting " + element + " inside " + self.absolute_filename
try:
self.ziprar.extract_one_file(element, self.outdir)
if self.verbose:
print "Recursively processing " + os.path.join(
self.outdir, element)
droidlysis.process_file(
os.path.join(self.outdir, element), self.outdir,
self.verbose, self.clear, self.enable_procyon,
self.disable_description, self.disable_dump,
self.no_kit_exception)
except:
print "Cannot extract %s : %s" % (element,
sys.exc_info()[0])
if self.properties.filetype == droidutil.APK:
# our zip actually is an APK
if not self.clear:
# let's unzip
if self.verbose:
print "Unzipping " + self.absolute_filename + " to " + os.path.join(
self.outdir, 'unzipped')
try:
self.ziprar.extract_all(
outdir=os.path.join(self.outdir, 'unzipped'))
except:
print "Unzipping failed (catching exception): %s" % (
sys.exc_info()[0])
return self.properties.filetype