def jtool_archs(local_app_binary):
"""
Get available archs from the binary
:param str local_app_binary: the app to get the archs from
:return: a list with the available archs
"""
import re
archs = []
local_app_binary = local_app_binary.replace(" ", "\ ")
archs_result = _execute("jtool -v -h {}".format(local_app_binary))
# check for multiple archs
arch_no = re.findall(r"\d+\ architecture", archs_result)
if len(arch_no) > 0:
arch_no = int(arch_no[0].split(" ", 1)[0])
for arch in re.findall(r"arm(v6|v6s|v7|64)", archs_result):
archs += ["arm{}".format(arch)]
# for some reason jtool doesnt display arm64
if len(archs) < arch_no:
archs += ["arm64"]
return archs
# only 1 arch
return [
"arm{}".format(arch)
for arch in re.findall(r"arm(v6|v6s|v7|64)", archs_result.lower())
]
def _arguments_parser(arguments):
"""Returns a dict with the parsed arguments"""
arguments = arguments or ""
result_arguments = {}
arguments_str_list = arguments.split(";")
for argument in arguments_str_list:
if argument:
key, value = argument.split("=", 1)
result_arguments[key] = value
if "output" not in result_arguments or not result_arguments["output"]:
result_arguments["output"] = "./scrounger-results"
_execute("mkdir -p {}".format(result_arguments["output"]))
return result_arguments
def _adb_command(command):
"""
Runs an adb command on the host
:param str command: the adb command to run
:return: stdout and stderr from the executed command
"""
return _execute("adb {}".format(command)).replace("\r\n", "\n")
def _print_lists():
import scrounger.modules
modules_path = "{}/".format(scrounger.modules.__path__[0])
modules = _execute("find {} -name '*.py'".format(modules_path))
available_modules = [
module.replace(modules_path, "").replace(".py", "")
for module in modules.split("\n")
if module and "__" not in module and "full_analysis" not in module
]
# add custom modules
modules_path = "{}/modules/".format(_SCROUNGER_HOME)
modules = _execute("find {} -name \"*.py\"".format(modules_path))
#self._custom_modules = [
available_modules += [
module.replace(modules_path, "").replace(".py", "")
for module in modules.split("\n") if module and "__" not in module
]
print("\nAvailable Modules:")
for module in sorted(available_modules):
print " {}".format(module[1:] if module.startswith("/") else module)
print("\nIOS Devices:")
from scrounger.utils.ios import devices as ios_devices
devices = ios_devices()
for device in devices:
print " {}".format(device)
if not devices:
print " None"
print("\nAndroid Devices:")
from scrounger.utils.android import devices as android_devices
devices = android_devices()
for device in devices:
print " {}".format(device)
if not devices:
print " None"
def _connected_devices():
from scrounger.utils.general import remove_multiple_spaces
output = _execute("lsusb -v | grep -E \"idVendor|idProduct|iSerial\"")
devices = {}
# finds apple devices
lines = iter(output.split("\n"))
for vendor in lines:
product, serial = next(lines, ""), next(lines, "")
if "apple" in vendor.lower():
serial = serial.strip().rsplit(" ", 1)[-1]
devices[serial] = remove_multiple_spaces(product).split(
" ", 2)[-1]
return devices
def _entitlements(local_app_binary):
# prepare binary
local_app_binary = local_app_binary.replace(" ", "\ ")
ents_str = _execute("ldid -e {}".format(local_app_binary))
# fix multiple entitlements for multiple archs
"""
ents = ""
for line in ents_str.split("\n"):
if not line: break
ents += line
"""
ents = "{}</plist>".format(ents_str.split("</plist>")[0])
return plist_to_dict(ents)
def smali_dirs(decompiled_apk_path):
"""
Returns a list of directories contianing smali code
:param str decompiled_apk_path: the path to the decompiled apk directory
:return: a list with smali directories or an empty list if no smali dir
"""
dirs = _execute("ls -d {}/smali*".format(decompiled_apk_path))
if "No such file or directory" in dirs:
return []
return [
directory.replace(decompiled_apk_path, "")[1:]
for directory in dirs.split("\n") if directory
]
def application_path(root_path):
"""
Given a root path try to identify the application's path returning the
/path/to/Payload/App.app
:param str root_path: path to start looking from
:return: the path to the application or "" if not found
"""
if root_path.endswith("/"):
root_path = root_path[:-1]
if root_path.endswith(".app"):
return root_path
found_apps = _execute("find {} -name \"*.app\"".format(root_path))
return found_apps.split("\n")[0]
def _otool_flags(local_app_binary):
# prepare binary
local_app_binary = local_app_binary.replace(" ", "\ ")
return _execute("otool -hv {}".format(local_app_binary))
def _source(jar_file_path, destination_path):
_execute("jd-cli {} -od {}".format(jar_file_path, destination_path))
def _jar(apk_path, jar_file_path):
_execute("d2j-dex2jar --force -o {} {}".format(jar_file_path,
apk_path))
def _sign(apk_file_path, signjar, certificate, pk8):
return _execute("java -jar {} {} {} {} {}".format(
signjar, certificate, pk8, apk_file_path, signed_apk_file_path))
def _recompile(decompiled_app_path, apk_file_path):
return _execute("apktool b -o {} {}".format(apk_file_path,
decompiled_app_path))
def _decompile(apk_path, destination_path):
return _execute("apktool -q d -f {} -o {}".format(
apk_path, destination_path))
def _avds():
avds_raw = _execute("avdmanager list avd | grep Name:")
return [avd.strip.split(": ", 1)[-1] for avd in avds_raw.split("\n")]
def _jtool_flags(local_app_binary):
# prepare binary and assume arm64 arch
local_app_binary = local_app_binary.replace(" ", "\ ")
arch = jtool_archs(local_app_binary)[-1]
return _execute("jtool -v -h -arch {} {}".format(
arch, local_app_binary))
def _jtool_class_dump(local_app_binary):
# prepare binary and assume arm64 arch
local_app_binary = local_app_binary.replace(" ", "\ ")
return _execute(
"jtool -v -d objc -arch arm64 {}".format(local_app_binary))
def _otool_class_dump(local_app_binary):
# prepare binary
local_app_binary = local_app_binary.replace(" ", "\ ")
return _execute("otool -ov {}".format(local_app_binary))
def _unzip(local_ipa_file, target_path):
#clean path before
_execute("rm -rf {}".format(target_path))
_execute("unzip -o {} -d {}".format(local_ipa_file, target_path))
