コード例 #1
0
def get_env(md5_hash, package, launcher):
    base_dir = settings.BASE_DIR
    app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')  # APP DIRECTORY
    app_file = md5_hash + '.apk'  # NEW FILENAME
    app_path = app_dir + app_file  # APP PATH
    toolsdir = os.path.join(base_dir, 'DynamicAnalyzer/tools/')  # TOOLS DIR
    adb = getADB(toolsdir)
    #if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
    #    proxy_ip = '127.0.0.1'
    #else:
    #    proxy_ip = settings.PROXY_IP  # Proxy IP
    #start_proxy(settings.PORT, package)
    # AVD only needs to wait, vm needs the connect function
    try:
        if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
            avd_load_wait(adb)
        else:
            connect(toolsdir)
    except Exception as exp:
        print("\n[WARNING] ADB Load Wait Failed")
        return HttpResponseRedirect('/error/')
    # Change True to support non-activity components
    install_and_run(toolsdir, app_path, package, launcher, True)
    screen_width, screen_width = get_res()
    data = {
        'ready': 'yes',
        'screen_witdth': screen_width,
        'screen_height': screen_width,
    }
    return data
コード例 #2
0
def yield_dynamic_run(apk_path):
    try:
        #step1: app_info
        app_info = get_base_info(apk_path)

        #step2 init virtual android devices by virtualbox
        refresh_vm(SETTINGS.UUID, SETTINGS.SUUID, SETTINGS.VBOX)
        connect(DYNAMIC_TOOL_DIR)

        #step3 install, run
        install_and_run(DYNAMIC_TOOL_DIR, app_info['apk_path'],
                        app_info['packagename'], app_info['main_activity'],
                        True)

        #step4 auto_app_test and start download x_logcat.txt
        #auto_app_test in another thread, download in main thread
        set_run_state(True)
        adb = getADB(DYNAMIC_TOOL_DIR)
        monkey = threading.Thread(target=monkey_test, args=(adb, app_info))
        monkey.start()

        for cnt in yield_droidmon_download(adb, app_info['detail_dir'],
                                           app_info['packagename']):
            yield cnt
            if not check_run_state():
                break
        monkey.join()

    except Exception as e:
        result = {}
        traceback.print_exc()
コード例 #3
0
ファイル: dynamic.py プロジェクト: ays14/mobsf 
def get_env(request):
    """Get Dynamic Analysis Environment for Android"""
    print("\n[INFO] Setting up Dynamic Analysis Environment")
    try:
        if request.method == 'POST':
            data = {}
            md5_hash = request.POST['md5']
            package = request.POST['pkg']
            launcher = request.POST['lng']
            if re.findall(r";|\$\(|\|\||&&", package) or re.findall(
                    r";|\$\(|\|\||&&", launcher):
                print("[ATTACK] Possible RCE")
                return HttpResponseRedirect('/error/')
            if re.match('^[0-9a-f]{32}$', md5_hash):
                base_dir = settings.BASE_DIR
                app_dir = os.path.join(settings.UPLD_DIR,
                                       md5_hash + '/')  # APP DIRECTORY
                app_file = md5_hash + '.apk'  # NEW FILENAME
                app_path = app_dir + app_file  # APP PATH
                toolsdir = os.path.join(base_dir,
                                        'DynamicAnalyzer/tools/')  # TOOLS DIR
                adb = getADB(toolsdir)
                if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                    proxy_ip = '127.0.0.1'
                else:
                    proxy_ip = settings.PROXY_IP  # Proxy IP
                start_proxy(settings.PORT, package)
                # AVD only needs to wait, vm needs the connect function
                try:
                    if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                        avd_load_wait(adb)
                    else:
                        connect(toolsdir)
                except Exception as exp:
                    data = {
                        'ready': 'no',
                        'msg': 'Cannot Connect to the VM/Device.',
                        'error': str(exp)
                    }
                    return HttpResponse(json.dumps(data),
                                        content_type='application/json')
                # Change True to support non-activity components
                install_and_run(toolsdir, app_path, package, launcher, True)
                screen_width, screen_width = get_res()
                data = {
                    'ready': 'yes',
                    'screen_witdth': screen_width,
                    'screen_height': screen_width,
                }
                return HttpResponse(json.dumps(data),
                                    content_type='application/json')
            else:
                return HttpResponseRedirect('/error/')
        else:
            return HttpResponseRedirect('/error/')
    except:
        PrintException("[ERROR] Setting up Dynamic Analysis Environment")
        return HttpResponseRedirect('/error/')
コード例 #4
0
def get_env(request):
    """Get Dynamic Analysis Environment for Android"""
    logger.info("Setting up Dynamic Analysis Environment")
    try:
        if request.method == 'POST':
            data = {}
            md5_hash = request.POST['md5']
            package = request.POST['pkg']
            launcher = request.POST['lng']
            if re.findall(r";|\$\(|\|\||&&", package) or re.findall(
                    r";|\$\(|\|\||&&", launcher):
                return print_n_send_error_response(request,
                                                   "Possible RCE Attack", True)
            if re.match('^[0-9a-f]{32}$', md5_hash):
                base_dir = settings.BASE_DIR
                app_dir = os.path.join(settings.UPLD_DIR,
                                       md5_hash + '/')  # APP DIRECTORY
                app_file = md5_hash + '.apk'  # NEW FILENAME
                app_path = app_dir + app_file  # APP PATH
                adb = getADB()
                if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                    proxy_ip = '127.0.0.1'
                else:
                    proxy_ip = settings.PROXY_IP  # Proxy IP
                start_proxy(settings.PORT, package)
                # vm needs the connect function
                try:
                    if not settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                        connect()
                except Exception as exp:
                    data = {
                        'ready': 'no',
                        'msg': 'Cannot Connect to the VM/Device.',
                        'error': str(exp)
                    }
                    return HttpResponse(json.dumps(data),
                                        content_type='application/json')
                # Change True to support non-activity components
                install_and_run(app_path, package, launcher, True)
                screen_width, screen_width = get_res()
                data = {
                    'ready': 'yes',
                    'screen_witdth': screen_width,
                    'screen_height': screen_width,
                }
                return HttpResponse(json.dumps(data),
                                    content_type='application/json')
            else:
                return print_n_send_error_response(request,
                                                   "Invalid Scan Hash", True)
        else:
            return print_n_send_error_response(request, "Only POST allowed",
                                               True)
    except:
        PrintException("Setting up Dynamic Analysis Environment")
        return print_n_send_error_response(request, "Environment Setup Failed",
                                           True)
コード例 #5
0
def connect_device(adb):
    # AVD only needs to wait, vm needs the connect function
    if SETTINGS.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
        if not avd_load_wait(adb):
            print("\n[WARNING] ADB Load Wait Failed")
            exit()
    else:
        connect(DYNAMIC_TOOL_DIR)
    return
コード例 #6
0
def get_env(request):
    """Get Dynamic Analysis Environment for Android."""
    logger.info('Setting up Dynamic Analysis Environment')
    try:
        if request.method == 'POST':
            data = {}
            md5_hash = request.POST['md5']
            package = request.POST['pkg']
            launcher = request.POST['lng']
            if (re.findall(r';|\$\(|\|\||&&', package)
                    or re.findall(r';|\$\(|\|\||&&', launcher)):
                return print_n_send_error_response(request,
                                                   'Possible RCE Attack',
                                                   True)
            if re.match('^[0-9a-f]{32}$', md5_hash):
                app_dir = os.path.join(
                    settings.UPLD_DIR, md5_hash + '/')  # APP DIRECTORY
                app_file = md5_hash + '.apk'  # NEW FILENAME
                app_path = app_dir + app_file  # APP PATH
                start_proxy(settings.PORT, package)
                # vm needs the connect function
                try:
                    connect()
                except Exception as exp:
                    data = {'ready': 'no',
                            'msg': 'Cannot Connect to the VM/Device.',
                            'error': str(exp)}
                    return HttpResponse(json.dumps(data),
                                        content_type='application/json')
                # Change True to support non-activity components
                install_and_run(app_path, package, launcher, True)
                screen_width, screen_width = get_res()
                data = {'ready': 'yes',
                        'screen_witdth': screen_width,
                        'screen_height': screen_width}
                return HttpResponse(json.dumps(data),
                                    content_type='application/json')
            else:
                return print_n_send_error_response(request,
                                                   'Invalid Scan Hash',
                                                   True)
        else:
            return print_n_send_error_response(request,
                                               'Only POST allowed',
                                               True)
    except Exception:
        logger.exception('Setting up Dynamic Analysis Environment')
        return print_n_send_error_response(request,
                                           'Environment Setup Failed',
                                           True)
コード例 #7
0
def get_env(request):
    """Get Dynamic Analysis Environment for Android"""
    print("\n[INFO] Setting up Dynamic Analysis Environment")
    try:
        if request.method == 'POST':
            data = {}
            md5_hash = request.POST['md5']
            package = request.POST['pkg']
            launcher = request.POST['lng']
            if re.findall(r";|\$\(|\|\||&&", package) or re.findall(r";|\$\(|\|\||&&", launcher):
                print("[ATTACK] Possible RCE")
                return HttpResponseRedirect('/error/')
            if re.match('^[0-9a-f]{32}$', md5_hash):
                base_dir = settings.BASE_DIR
                app_dir = os.path.join(
                    settings.UPLD_DIR, md5_hash + '/')  # APP DIRECTORY
                app_file = md5_hash + '.apk'  # NEW FILENAME
                app_path = app_dir + app_file  # APP PATH
                adb = getADB()
                if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                    proxy_ip = '127.0.0.1'
                else:
                    proxy_ip = settings.PROXY_IP  # Proxy IP
                start_proxy(settings.PORT, package)
                # vm needs the connect function
                try:
                    if not settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
                        connect()
                except Exception as exp:
                    data = {'ready': 'no',
                            'msg': 'Cannot Connect to the VM/Device.',
                            'error': str(exp)}
                    return HttpResponse(json.dumps(data), content_type='application/json')
                # Change True to support non-activity components
                install_and_run(app_path, package, launcher, True)
                screen_width, screen_width = get_res()
                data = {'ready': 'yes',
                        'screen_witdth': screen_width,
                        'screen_height': screen_width, }
                return HttpResponse(json.dumps(data), content_type='application/json')
            else:
                return HttpResponseRedirect('/error/')
        else:
            return HttpResponseRedirect('/error/')
    except:
        PrintException("[ERROR] Setting up Dynamic Analysis Environment")
        return HttpResponseRedirect('/error/')
コード例 #8
0
def dynamic_run(apk_path):
    start_time = time.time()
    try:
        #step1: app_info
        app_info = get_base_info(apk_path)

        #step2 init virtual android devices by virtualbox
        refresh_vm(SETTINGS.UUID, SETTINGS.SUUID, SETTINGS.VBOX)
        connect(DYNAMIC_TOOL_DIR)

        #step3 install, run, map run error
        try:
            install_and_run(DYNAMIC_TOOL_DIR, app_info['apk_path'],
                            app_info['packagename'], app_info['main_activity'],
                            True)
        except Exception as e:
            print("[dynamic run], exception at install_and_run:", e,
                  'app_info: ', app_info)

        #step4 auto_app_test and start download x_logcat.txt
        #auto_app_test in another thread, download in main thread
        set_run_state(True)
        adb = getADB(DYNAMIC_TOOL_DIR)
        monkey = threading.Thread(target=monkey_test, args=(adb, app_info))
        monkey.start()

        droidmon_download(adb, app_info['detail_dir'], app_info['packagename'])
        monkey.join()

        #step5 power off
        poweroff_vm(SETTINGS.UUID, SETTINGS.VBOX)
        return time.time() - start_time
    except Exception as e:
        result = {}
        traceback.print_exc()
    return 0