def main(options, arguments): if options.input != None: if androconf.is_android(options.input) == "APK": ri = risk.RiskIndicator() a = apk.APK(options.input) print options.input, ri.with_apk(a) elif options.directory != None: ri = risk.RiskIndicator() for root, dirs, files in os.walk(options.directory, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f if androconf.is_android(real_filename) == "APK": try: a = apk.APK(real_filename) print ri.with_apk( a), real_filename #, ri.with_apk( a ) except Exception, e: print e
def main(options, arguments): if options.database == None or options.config == None: return s = msign.MSignature(options.database, options.config) if options.verbose: s.set_debug() s.load() if options.input != None: ret_type = androconf.is_android(options.input) print os.path.basename(options.input), ":", if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): display(s.check_apk(a), options.verbose) else: print "INVALID" elif ret_type == "DEX": display(s.check_dex(open(options.input, "rb").read()), options.verbose) elif options.directory != None: for root, dirs, files in os.walk(options.directory, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f ret_type = androconf.is_android(real_filename) if ret_type == "APK": print os.path.basename(real_filename), ":", a = apk.APK(real_filename) if a.is_valid_APK(): display(s.check_apk(a), options.verbose) else: print "INVALID APK" elif ret_type == "DEX": try: print os.path.basename(real_filename), ":", display( s.check_dex(open(real_filename, "rb").read()), options.verbose) except Exception, e: print "ERROR", e
def main(options, arguments): for root, dirs, files in os.walk(options.input): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f file_type = androconf.is_android(real_filename) if file_type != None: try: if file_type == "APK": a = apk.APK(real_filename) if a.is_valid_APK() == False: print "FAILED", real_filename, file_type continue raw = a.get_dex() elif file_type == "DEX": raw = open(real_filename, "rb").read() d = open_dex(raw) print "PASSED", real_filename, file_type except Exception, e: print "FAILED", real_filename, file_type import traceback traceback.print_exc() else: print "BAD FILE FORMAT", real_filename
def readManifest(apkfile): if (androconf.is_android(apkfile) != "APK"): print "Unknow file type" return "" a=apk.APK(apkfile) buff = a.xml[ "AndroidManifest.xml" ].toprettyxml() return buff
def _analyze(self) : for i in self.__files : #print "processing ", i if ".class" in i : bc = jvm.JVMFormat( self.__orig_raw[ i ] ) elif ".jar" in i : x = jvm.JAR( i ) bc = x.get_classes() elif ".dex" in i : bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] ) elif ".apk" in i : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) else : if androconf.is_android( i ) == "APK" : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) else : raise( "Unknown bytecode" ) if isinstance(bc, list) : for j in bc : self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) ) else : self.__bc.append( (i, BC( bc )) )
def _analyze(self) : for i in self.__files : #print "processing ", i if ".class" in i : bc = jvm.JVMFormat( self.__orig_raw[ i ] ) elif ".jar" in i : x = jvm.JAR( i ) bc = x.get_classes() elif ".dex" in i : bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] ) elif ".apk" in i : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) else : ret_type = androconf.is_android( i ) if ret_type == "APK" : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) elif ret_type == "DEX" : bc = dvm.DalvikVMFormat( open(i, "rb").read() ) else : raise( "Unknown bytecode" ) if isinstance(bc, list) : for j in bc : self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) ) else : self.__bc.append( (i, BC( bc )) )
def main(options, arguments) : for root, dirs, files in os.walk( options.input ) : if files != [] : for f in files : real_filename = root if real_filename[-1] != "/" : real_filename += "/" real_filename += f file_type = androconf.is_android( real_filename ) if file_type != None : try : if file_type == "APK" : a = apk.APK( real_filename ) if a.is_valid_APK() == False : print "FAILED", real_filename, file_type continue raw = a.get_dex() elif file_type == "DEX" : raw = open(real_filename, "rb").read() d = open_dex( raw ) print "PASSED", real_filename, file_type except Exception, e : print "FAILED", real_filename, file_type import traceback traceback.print_exc() else : print "BAD FILE FORMAT", real_filename
def main(options, arguments) : if options.database == None or options.config == None : return s = msign.MSignature( options.database, options.config ) if options.verbose : s.set_debug() s.load() if options.input != None : ret_type = androconf.is_android( options.input ) print os.path.basename(options.input), ":", if ret_type == "APK" : a = apk.APK( options.input ) if a.is_valid_APK() : display( s.check_apk( a ), options.verbose ) else : print "INVALID" elif ret_type == "DEX" : display( s.check_dex( open(options.input, "rb").read() ), options.verbose ) elif options.directory != None : for root, dirs, files in os.walk( options.directory, followlinks=True ) : if files != [] : for f in files : real_filename = root if real_filename[-1] != "/" : real_filename += "/" real_filename += f ret_type = androconf.is_android( real_filename ) if ret_type == "APK" : print os.path.basename( real_filename ), ":", a = apk.APK( real_filename ) if a.is_valid_APK() : display( s.check_apk( a ), options.verbose ) else : print "INVALID APK" elif ret_type == "DEX" : try : print os.path.basename( real_filename ), ":", display( s.check_dex( open(real_filename, "rb").read() ), options.verbose ) except Exception, e : print "ERROR", e
def main(options, arguments) : if options.database == None : return if options.input != None : s = msign.MSignature( options.database ) ret_type = androconf.is_android( options.input ) if ret_type == "APK" : a = apk.APK( options.input ) if a.is_valid_APK() : s.check_apk( a ) elif ret_type == "DEX" : vm = dvm.DalvikVMFormat( open(options.input, "rb").read() ) s.check_dex( open(options.input, "rb").read() ) elif options.directory != None : s = msign.MSignature( options.database ) for root, dirs, files in os.walk( options.directory, followlinks=True ) : if files != [] : for f in files : real_filename = root if real_filename[-1] != "/" : real_filename += "/" real_filename += f ret_type = androconf.is_android( real_filename ) if ret_type == "APK" : print real_filename, "--->", try : a = apk.APK( real_filename ) if a.is_valid_APK() : s.check_apk( a ) else : print "INVALID" except Exception, e : print "ERROR" elif ret_type == "DEX" : try : print real_filename, "--->", s.check_dex( open(real_filename, "rb").read() ) except Exception, e : print "ERROR"
def main(options, arguments) : if options.input != None : if androconf.is_android( options.input ) == "APK" : ri = risk.RiskIndicator() a = apk.APK( options.input ) print options.input, ri.with_apk( a ) elif options.directory != None : ri = risk.RiskIndicator() for root, dirs, files in os.walk( options.directory, followlinks=True ) : if files != [] : for f in files : real_filename = root if real_filename[-1] != "/" : real_filename += "/" real_filename += f if androconf.is_android( real_filename ) == "APK" : try : a = apk.APK( real_filename ) print ri.with_apk(a), real_filename#, ri.with_apk( a ) except Exception, e : print e
def main(options, arguments) : if options.input != None and options.output != None : buff = "" ret_type = androconf.is_android( options.input ) if ret_type == "APK" : a = apk.APK( options.input ) buff = a.xml[ "AndroidManifest.xml" ].toprettyxml() elif ".xml" in options.input : ap = apk.AXMLPrinter( open(options.input, "rb").read() ) buff = minidom.parseString( ap.getBuff() ).toprettyxml() else : print "Unknown file type" return fd = codecs.open(options.output, "w", "utf-8") fd.write( buff ) fd.close() elif options.version != None : print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments): if options.input != None and options.output != None: buff = "" ret_type = androconf.is_android(options.input) if ret_type == "APK": a = apk.APK(options.input) buff = a.xml["AndroidManifest.xml"].toprettyxml() elif ".xml" in options.input: ap = apk.AXMLPrinter(open(options.input, "rb").read()) buff = minidom.parseString(ap.getBuff()).toprettyxml() else: print "Unknown file type" return fd = codecs.open(options.output, "w", "utf-8") fd.write(buff) fd.close() elif options.version != None: print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments) : if options.input != None and options.output != None : ret_type = androconf.is_android( options.input ) vm = None a = None if ret_type == "APK" : a = apk.APK( options.input ) if a.is_valid_APK() : vm = dvm.DalvikVMFormat( a.get_dex() ) else : print "INVALID APK" elif ret_type == "DEX" : try : vm = dvm.DalvikVMFormat( open(options.input, "rb").read() ) except Exception, e : print "INVALID DEX", e vmx = analysis.VMAnalysis( vm ) gvmx = ganalysis.GVMAnalysis( vmx, a ) gvmx.export_to_gexf( options.output )
def check(db, dbconf, TESTS) : s = msign.MSignature( db, dbconf ) s.load() s.set_debug() for i in TESTS : ret_type = androconf.is_android( i ) if ret_type == "APK" : print os.path.basename( i ), ":", sys.stdout.flush() a = apk.APK( i ) if a.is_valid_APK() : test( s.check_apk( a )[0], TESTS[i] ) else : print "INVALID APK" elif ret_type == "DEX" : try : print os.path.basename( i ), ":", sys.stdout.flush() test( s.check_dex( open(i, "rb").read() )[0], TESTS[i] ) except Exception, e : print "ERROR", e
def check(db, dbconf, TESTS): s = msign.MSignature(db, dbconf) s.load() s.set_debug() for i in TESTS: ret_type = androconf.is_android(i) if ret_type == "APK": print os.path.basename(i), ":", sys.stdout.flush() a = apk.APK(i) if a.is_valid_APK(): test(s.check_apk(a)[0], TESTS[i]) else: print "INVALID APK" elif ret_type == "DEX": try: print os.path.basename(i), ":", sys.stdout.flush() test(s.check_dex(open(i, "rb").read())[0], TESTS[i]) except Exception, e: print "ERROR", e
def add_file(self, srules) : l = [] rules = json.loads( srules ) ret_type = androconf.is_android( rules[0]["SAMPLE"] ) if ret_type == "APK" : a = apk.APK( rules[0]["SAMPLE"] ) classes_dex = a.get_dex() elif ret_type == "DEX" : classes_dex = open( rules[0]["SAMPLE"], "rb" ).read() elif ret_type == "ELF" : elf_file = open( rules[0]["SAMPLE"], "rb" ).read() else : return None if ret_type == "APK" or ret_type == "DEX" : vm = dvm.DalvikVMFormat( classes_dex ) vmx = VMAnalysis( vm ) for i in rules[1:] : x = { i["NAME"] : [] } n = 0 sign = [] for j in i["SIGNATURE"] : z = [] if j["TYPE"] == "METHSIM" : z.append( METHSIM ) m = vm.get_method_descriptor( j["CN"], j["MN"], j["D"] ) if m == None : print "impossible to find", j["CN"], j["MN"], j["D"] raise("ooo") #print m.get_length() z_tmp = create_entropies( vmx, m ) z_tmp[0] = base64.b64encode( z_tmp[0] ) z.extend( z_tmp ) elif j["TYPE"] == "CLASSHASH" : buff = "" for c in vm.get_classes() : if j["CN"] == c.get_name() : z.append( CLASSHASH ) class_data = c.get_class_data() buff += "%d%d%d%d%d" % ( c.get_access_flags(), class_data.static_fields_size, class_data.instance_fields_size, class_data.direct_methods_size, class_data.virtual_methods_size ) for m in c.get_methods() : buff += "%d%s" % (m.get_access_flags(), m.get_descriptor()) for f in c.get_fields() : buff += "%d%s" % (f.get_access_flags(), f.get_descriptor()) z.append( hashlib.sha256( buff ).hexdigest() ) elif j["TYPE"] == "CLASSSIM" : for c in vm.get_classes() : if j["CN"] == c.get_name() : z.append( CLASSSIM ) value = "" value_entropy = 0.0 android_entropy = 0.0 java_entropy = 0.0 hex_entropy = 0.0 exception_entropy = 0.0 nb_methods = 0 for m in c.get_methods() : z_tmp = create_entropies( vmx, m ) value += z_tmp[0] value_entropy += z_tmp[1] android_entropy += z_tmp[2] java_entropy += z_tmp[3] hex_entropy += z_tmp[4] exception_entropy += z_tmp[5] nb_methods += 1 z.extend( [ base64.b64encode(value), value_entropy/nb_methods, android_entropy/nb_methods, java_entropy/nb_methods, hex_entropy/nb_methods, exception_entropy/nb_methods ] ) elif j["TYPE"] == "BINHASH" : z.append( BINHASH ) z.extend( [ base64.b64encode(elf_file[j["START"]:j["END"]]) ] ) #elif j["TYPE"] == "MPSM" : # z.append( 1 ) # z.append( j["STYPE"] ) # z.append( vmx.get_method_signature( vm.get_method_descriptor( j["CN"], j["MN"], j["D"] ), predef_sign = j["STYPE"] ).get_string() ) sign.append( z ) x[ i["NAME"] ].append( sign ) x[ i["NAME"] ].append( i["BF"] ) l.append( x ) print l return l