Esempio n. 1
0
class ExploitDisablePinning:
    _patcher: Patcher

    def __init__(self, apk: str, out: str) -> None:
        from trueseeing.core.patch import Patcher
        self._patcher = Patcher(apk, out)

    def exploit(self) -> None:
        self._patcher.apply(self)

    def apply(self, context: Context) -> None:
        manifest = context.parsed_manifest()
        for e in manifest.xpath('.//application'):
            e.attrib[
                '{http://schemas.android.com/apk/res/android}networkSecurityConfig'] = "@xml/network_security_config"
        with open(os.path.join(context.wd, 'AndroidManifest.xml'), 'wb') as f:
            f.write(context.manifest_as_xml(manifest))
        os.makedirs(os.path.join(context.wd, 'res', 'xml'), exist_ok=True)
        with open(
                os.path.join(context.wd, 'res', 'xml',
                             'network_security_config.xml'), 'wb') as f:
            f.write(b'''\
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
  <base-config cleartextTrafficPermitted="true">
    <trust-anchors>
      <certificates src="system" />
      <certificates src="user" />
    </trust-anchors>
  </base-config>
</network-security-config>
''')
Esempio n. 2
0
class ExploitEnableDebug:
    _patcher: Patcher

    def __init__(self, apk: str, out: str) -> None:
        from trueseeing.core.patch import Patcher
        self._patcher = Patcher(apk, out)

    def exploit(self) -> None:
        self._patcher.apply(self)

    def apply(self, context: Context) -> None:
        manifest = context.parsed_manifest()
        for e in manifest.xpath('.//application'):
            e.attrib[
                '{http://schemas.android.com/apk/res/android}debuggable'] = "true"
        with open(os.path.join(context.wd, 'AndroidManifest.xml'), 'wb') as f:
            f.write(context.manifest_as_xml(manifest))
Esempio n. 3
0
 def invoke(self, mode):
   for f in self._files:
     if mode == 'all':
       Patcher(f, os.path.basename(f).replace('.apk', '-patched.apk')).apply_multi([
         PatchDebuggable(),
         PatchBackupable(),
         PatchLoggers()
       ])
   return 0
Esempio n. 4
0
 def invoke(self, mode: str) -> int:
     from trueseeing.core.patch import Patcher
     for f in self._files:
         if mode == 'all':
             Patcher(f,
                     os.path.basename(f).replace(
                         '.apk', '-patched.apk')).apply_multi([
                             PatchDebuggable(),
                             PatchBackupable(),
                             PatchLoggers()
                         ])
     return 0
Esempio n. 5
0
class ExploitEnableBackup(Patch):
    def __init__(self, apk, out):
        self._patcher = Patcher(apk, out)

    def exploit(self):
        return self._patcher.apply(self)

    def apply(self, context):
        manifest = context.parsed_manifest()
        for e in manifest.xpath('.//application'):
            e.attrib[
                '{http://schemas.android.com/apk/res/android}allowBackup'] = "true"
        with open(os.path.join(context.wd, 'AndroidManifest.xml'), 'wb') as f:
            f.write(ET.tostring(manifest))
Esempio n. 6
0
 def __init__(self, apk, out):
     self._patcher = Patcher(apk, out)
Esempio n. 7
0
 def __init__(self, apk: str, out: str) -> None:
     from trueseeing.core.patch import Patcher
     self._patcher = Patcher(apk, out)