def get_shared_preferences_writes(apk,d,dx,include_support=None):
shared_preferences = []
sharedprefs_instruction_paths = dx.tainted_packages.search_methods("", "getSharedPreferences", "\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;")
context_instruction_paths = dx.tainted_packages.search_methods(".", "createPackageContext", ".")
for path in sharedprefs_instruction_paths:
src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager())
if should_analyze(src_class_name,include_support):
method = d.get_method_by_idx(path.src_idx)
i = method.get_instruction(0,path.idx)
index = get_instruction_offset(i,method)
if is_edit_present_later(method,index):
new_var = ""
if i.get_op_value() == 0x6E:#invoke-virtual { parameters }, methodtocall
new_var = i.get_output().split(",")[1].strip()
file_mode_var = i.get_output().split(",")[2].strip()
elif i.get_op_value() == 0x74:#invoke-virtual/range {vx..vy},methodtocall
new_var = i.get_output().split(",")[0].split(".")[-1].strip()[1:]
num = int(new_var)-1
new_var = "v"+`num`
file_mode_var = "v"+new_var
file_mode = track_int_value(method,index-1,file_mode_var)
if file_mode != 0:#if word readable or writable
pref_file = track_string_value(method,index-1,new_var)
context_path = get_path_of_method(src_class_name,src_method_name, context_instruction_paths,d)
if context_path:
context_method = d.get_method_by_idx(context_path.src_idx)
c_i = context_method.get_instruction(0,context_path.idx)
c_index = get_instruction_offset(c_i,context_method)
c_name_var = c_i.get_output().split(",")[1].strip()
package = track_string_value(context_method, c_index-1, c_name_var)
else:
package = apk.get_package()
sharedprefs = SharedPreferencesAnalysis(package, pref_file,"write")
shared_preferences.append(sharedprefs)
return shared_preferences
def get_dynamic_receivers(apk,d,dx,include_support=None):
"""
Returns a list of all the Receivers registered inside a method
:rtype: Receiver
"""
receivers = []
instruction_paths = dx.tainted_packages.search_methods(".", "registerReceiver", "\(Landroid\/content\/BroadcastReceiver")
for path in instruction_paths:
src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager())
if should_analyze(src_class_name,include_support):
method = d.get_method_by_idx(path.src_idx)
i = method.get_instruction(0,path.idx)
index = method.code.get_bc().off_to_pos(path.idx)
if i.get_op_value() in [0x6E,0x6F,0x72]:#invoke-virtual { parameters }, methodtocall or invoke-super
var = i.get_output().split(",")[2].strip() #The second argument holds the IntentFilter with the action
elif i.get_op_value() == 0x74:#invoke-virtual/range {vx..vy},methodtocall
var = i.get_output().split(",")[0].split(".")[-1]
else:
print "Error"
action = track_intent_filter_direct(method,index-1,var)
intentfilter = IntentFilterAnalysis(action)
filters = []
filters.append(intentfilter)
receiver = ReceiverAnalysis(filters)
receivers.append(receiver)
return receivers
def get_implicit_intents(apk,d,dx,include_support=None):
"""
Returns a list of Broadcast Intents that which action is set inside this method. They might not be declared in this method.
The best moment to detect an intent is when its action is set.
:rtype: Intent
"""
intents = []
instruction_paths = dx.tainted_packages.search_methods("Landroid/content/Intent;", "setAction", ".")
instruction_paths.extend(dx.tainted_packages.search_methods("Landroid/content/Intent;", "<init>", "\(Ljava\/lang\/String"))
for path in instruction_paths:
src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager())
if should_analyze(src_class_name,include_support):
method = d.get_method_by_idx(path.src_idx)
i = method.get_instruction(0,path.idx)
index = method.code.get_bc().off_to_pos(path.idx)
intent = i.get_output().split(",")[1].strip()
back_index = index
while back_index > 0:
back_index -= 1
i2 = method.get_instruction(back_index)
if intent in i2.get_output() and i2.get_op_value() in [0xC] :#12 is move-result-object
action = track_method_call_action(method,back_index,intent)
intent = IntentAnalysis(action.strip())
intents.append(intent)
back_index = -1
if i2.get_op_value() == 0x1A and intent in i2.get_output(): #const-string
action = i2.get_output().split(",")[1].strip()
intent = IntentAnalysis(action[1:-1].strip())
intents.append(intent)
back_index = -1
return intents
def get_shared_preferences_reads(apk, d, dx, include_support=None):
shared_preferences = []
sharedprefs_instruction_paths = dx.tainted_packages.search_methods(
".", "getSharedPreferences",
"\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;")
context_instruction_paths = dx.tainted_packages.search_methods(
".", "createPackageContext", ".")
for path in sharedprefs_instruction_paths:
src_class_name, src_method_name, src_descriptor = path.get_src(
d.get_class_manager())
if should_analyze(src_class_name, include_support):
method = d.get_method_by_idx(path.src_idx)
i = method.get_instruction(0, path.idx)
index = get_instruction_offset(i, method)
new_var = ""
if i.get_op_value() in [
0x6E, 0x6F, 0x72
]: #invoke-virtual { parameters }, methodtocall
new_var = i.get_output().split(",")[1].strip()
file_mode_var = i.get_output().split(",")[2].strip()
elif i.get_op_value(
) == 0x74: #invoke-virtual/range {vx..vy},methodtocall
new_var = i.get_output().split(",")[0].split(
".")[-1].strip()[1:]
num = int(new_var) - 1
new_var = "v" + ` num `
file_mode_var = "v" + new_var
else:
print "Not Controlled"
# we look the position of the method in
file_mode = track_int_value(method, index - 1, file_mode_var)
if file_mode != 0:
pref_file = track_string_value(method, index - 1, new_var)
context_path = get_path_of_method(src_class_name,
src_method_name,
context_instruction_paths, d)
if context_path:
context_method = d.get_method_by_idx(context_path.src_idx)
c_i = context_method.get_instruction(0, context_path.idx)
c_index = get_instruction_offset(c_i, context_method)
c_name_var = c_i.get_output().split(",")[1].strip()
package = track_string_value(context_method, c_index - 1,
c_name_var)
else:
package = apk.get_package()
sharedprefs = SharedPreferencesAnalysis(
package, pref_file, "read")
shared_preferences.append(sharedprefs)
return shared_preferences
