コード例 #1
0
def extract_permissions(file):
    a = APK(file)
    d = DalvikVMFormat(a.get_dex())
    dx = VMAnalysis(d)
    vm = dvm.DalvikVMFormat(a.get_dex())
    vmx = analysis.uVMAnalysis(vm)
    d.set_vmanalysis(dx)
    d.set_decompiler(DecompilerDAD(d, dx))
    return a.get_permissions() 
コード例 #2
0
def extract_features(file_path):
    #result = []
    try:
        a = APK(file_path)
        d = DalvikVMFormat(a.get_dex())
        dx = Analysis(d)
        vm = dvm.DalvikVMFormat(a.get_dex())
        vmx = analysis.uAnalysis(vm)
        d.set_Analysis(dx)
        d.set_decompiler(DecompilerDAD(d, dx))
    except:
        return None
    return a.get_permissions()  #it will return permission
コード例 #3
0
    def on_complete(self):

        receivers = self.get_results("apkinfo", {}).get("manifest", {}).get("receivers", {})
        activities = self.get_results("apkinfo", {}).get("manifest", {}).get("activities", {})
        services = self.get_results("apkinfo", {}).get("manifest", {}).get("services", {})

        app_path = self.get_results("target",{}).get("file",{}).get("path", None)

        if not app_path:
            return False

        if not os.path.exists(app_path):
            return False

        app_apk = APK(app_path)
        dvm = DalvikVMFormat(app_apk.get_dex())
        classes = set()
        for cls in dvm.get_classes():
            classes.add(cls.name)
        for receiver in receivers:
            if self.convert_class(receiver) not in classes:
                return True

        for activity in activities:
            if self.convert_class(activity) not in classes:
                return True

        for service in services:
            if self.convert_class(service) not in classes:
                return True
コード例 #4
0
class ApkAnalysis:
    def __init__(self, apk_name):
        self.apk_name = apk_name
        self.apk = INPUT_APK_DIR + self.apk_name + ".apk"

        # analyze the dex file
        self.a = APK(self.apk)

        # get the vm analysis
        self.d = DalvikVMFormat(self.a.get_dex())
        self.dx = VMAnalysis(self.d)
        self.gx = GVMAnalysis(self.dx, None)

        self.d.set_vmanalysis(self.dx)
        self.d.set_gvmanalysis(self.gx)

        # create the cross reference
        self.d.create_xref()
        self.d.create_dref()

    def get_all_activities_results(self):
        activity_names = self.a.get_activities()
        return [
            StaticAnalysisResult(self.apk_name, None, a,
                                 VulnType.selected_activities.value, True)
            for a in activity_names
        ]

    def get_smart_input(self):
        return GetFieldType(self).analyze()
コード例 #5
0
class AndroguardAnalysis(object):
    def __init__(self, app_path):
        self.app_path = app_path
        from androguard.core.bytecodes.apk import APK
        self.a = APK(app_path)
        self.d = None
        self.dx = None

    def get_detailed_analysis(self):
        from androguard.misc import AnalyzeDex
        self.d, self.dx = AnalyzeDex(self.a.get_dex(), raw=True)

    def get_developer_name(self):
        developer = "Unknown"
        if (self.a.is_signed()):
            try:
                signatures = self.a.get_signature_names()
                for signature in signatures:
                    cert = self.a.get_certificate(signature)
                    issuer = get_certificate_name_string(cert.issuer)
                    attr_list = issuer.split(',')
                    for attr in attr_list:
                        if attr.startswith(
                                " organizationName") or attr.startswith(
                                    "organizationName"):
                            developer = attr.split('=')[1]
            except ValueError:
                print("certificat endommagée ... ")

        return developer
コード例 #6
0
def test(app_path):

    if not app_path:
        return False

    if not os.path.exists(app_path):
        return False

    app_apk = APK(app_path)
    dvm = DalvikVMFormat(app_apk.get_dex())

    receivers = app_apk.get_receivers()
    activities = app_apk.get_activities()
    services = app_apk.get_services()

    for activity in activities:
        if not check_class_in_dex(dvm, activity):
            return True

    for receiver in receivers:
        if not check_class_in_dex(dvm, receiver):
            return True
    for service in services:
        if not check_class_in_dex(dvm, service):
            return True

    return False
def get_apis(path):

    application = APK(path)
    application_dex = DalvikVMFormat(application.get_dex())
    application_x = Analysis(application_dex)

    methods = set()
    cs = [cc.get_name() for cc in application_dex.get_classes()]

    for method in application_dex.get_methods():
        g = application_x.get_method(method)

        if method.get_code() == None:
            continue

        for i in g.get_basic_blocks().get():
            for ins in i.get_instructions():

                output = ins.get_output()
                match = re.search(r'(L[^;]*;)->[^\(]*\([^\)]*\).*', output)
                if match and match.group(1) not in cs:
                    methods.add(match.group())

    methods = list(methods)
    return methods
コード例 #8
0
ファイル: apkinfo.py プロジェクト: LetMeR00t/cuckoo
    def run(self):
        """Run androguard to extract static android information
                @return: list of static features
        """
        self.key = "apkinfo"
        apkinfo = {}

        if "file" not in self.task["category"]:
            return

        from androguard.core.bytecodes.apk import APK
        from androguard.core.bytecodes.dvm import DalvikVMFormat
        from androguard.core.analysis.analysis import uVMAnalysis
        from androguard.core.analysis import analysis

        f = File(self.task["target"])
        if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
            if not os.path.exists(self.file_path):
                raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)

            try:
                a = APK(self.file_path)
                if a.is_valid_APK():
                    manifest = {}
                    apkinfo["files"] = self._apk_files(a)
                    manifest["package"] = a.get_package()
                    # manifest["permissions"]=a.get_details_permissions_new()
                    manifest["main_activity"] = a.get_main_activity()
                    manifest["activities"] = a.get_activities()
                    manifest["services"] = a.get_services()
                    manifest["receivers"] = a.get_receivers()
                    # manifest["receivers_actions"]=a.get__extended_receivers()
                    manifest["providers"] = a.get_providers()
                    manifest["libraries"] = a.get_libraries()
                    apkinfo["manifest"] = manifest
                    # apkinfo["certificate"] = a.get_certificate()
                    static_calls = {}
                    if self.check_size(apkinfo["files"]):
                        vm = DalvikVMFormat(a.get_dex())
                        vmx = uVMAnalysis(vm)

                        static_calls["all_methods"] = self.get_methods(vmx)
                        static_calls["is_native_code"] = analysis.is_native_code(vmx)
                        static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx)
                        static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx)

                        # static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
                        # static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
                        # static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
                        # static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
                        # static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
                    else:
                        log.warning("Dex size bigger than: %s",
                                    self.options.decompilation_threshold)
                    apkinfo["static_method_calls"] = static_calls
            except (IOError, OSError, zipfile.BadZipfile) as e:
                raise CuckooProcessingError("Error opening file %s" % e)

        return apkinfo
コード例 #9
0
    def run(self):
        """Run androguard to extract static android information
                @return: list of static features
        """
        self.key = "apkinfo"
        apkinfo = {}

        if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
            return

        f = File(self.task["target"])
        if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
            if not os.path.exists(self.file_path):
                raise CuckooProcessingError(
                    "Sample file doesn't exist: \"%s\"" % self.file_path)

            try:
                a = APK(self.file_path)
                if a.is_valid_APK():
                    manifest = {}
                    apkinfo["files"] = self._apk_files(a)
                    manifest["package"] = a.get_package()
                    # manifest["permissions"]=a.get_details_permissions_new()
                    manifest["main_activity"] = a.get_main_activity()
                    manifest["activities"] = a.get_activities()
                    manifest["services"] = a.get_services()
                    manifest["receivers"] = a.get_receivers()
                    # manifest["receivers_actions"]=a.get__extended_receivers()
                    manifest["providers"] = a.get_providers()
                    manifest["libraries"] = a.get_libraries()
                    apkinfo["manifest"] = manifest
                    # apkinfo["certificate"] = a.get_certificate()
                    static_calls = {}
                    if self.check_size(apkinfo["files"]):
                        vm = DalvikVMFormat(a.get_dex())
                        vmx = uVMAnalysis(vm)

                        static_calls["all_methods"] = self.get_methods(vmx)
                        static_calls[
                            "is_native_code"] = analysis.is_native_code(vmx)
                        static_calls["is_dynamic_code"] = analysis.is_dyn_code(
                            vmx)
                        static_calls[
                            "is_reflection_code"] = analysis.is_reflection_code(
                                vmx)

                        # static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
                        # static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
                        # static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
                        # static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
                        # static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
                    else:
                        log.warning("Dex size bigger than: %s",
                                    self.options.decompilation_threshold)
                    apkinfo["static_method_calls"] = static_calls
            except (IOError, OSError, BadZipfile) as e:
                raise CuckooProcessingError("Error opening file %s" % e)

        return apkinfo
コード例 #10
0
class GetFieldType:

    predictions = {}
    
    def __init__(self, args):
        
        
        self.apk = args.apk
        self.verbosity = args.verbosity
        self.output_location = args.output_location
        self.file_identifier = args.apk.split('.')[0]
        self.file_identifier = self.file_identifier[-24:]

        # print "Analyzing " + self.apk
        # print " Output Location " + self.output_location
        # print "File Identifier " + self.file_identifier
        
        

        
        # analyze the dex file
        print "From LOCATION = ",self.apk
        self.a = APK(self.apk)

        # get the vm analysis
        self.d = DalvikVMFormat(self.a.get_dex())
        self.dx = VMAnalysis(self.d)
        self.gx = GVMAnalysis(self.dx, None)

        self.d.set_vmanalysis(self.dx)
        self.d.set_gvmanalysis(self.gx)

        # create the cross reference
        self.d.create_xref()
        self.d.create_dref()
        
        print 'CWD: ', os.getcwd()
        predictor = Predict_Input(self.output_location,self.file_identifier)
        self.predictions = predictor.predict(self.apk, self.apk[:-4],self.output_location,self.file_identifier)

        

        try:
            # get the classes for this apk
            # store them in a dict
            self.classes = self.get_class_dict()

            # Find the R$layout class
            self.Rlayout = self.get_RLayout(self.d.get_classes())

            # Find the R$id class
            self.Rid = self.get_Rid(self.d.get_classes())

            # Store all fields referenced in R$id
            self.fields, self.field_refs = self.get_fields(self.Rid)
        except Exception, e:
            print e
コード例 #11
0
ファイル: graphs.py プロジェクト: umkhanqta/MLwakelockleak
class CFG():
    def __init__(self, filename):
        self.filename = filename
        try:
            self.a = APK(filename)
            self.d = DalvikVMFormat(self.a.get_dex())
            self.d.create_python_export()
            self.dx = Analysis(self.d)
        except zipfile.BadZipfile:
            # if file is not an APK, may be a dex object
            _, self.d, self.dx = AnalyzeDex(self.filename)

        self.d.set_vmanalysis(self.dx)
        self.dx.create_xref()
        self.cfg = self.build_cfg()

    def get_cg(self):
        return self.cfg

    def get_cfg(self):
        return self.dx.get_call_graph()

    def build_cfg(self):
        """ Using NX and Androguard, build a directed graph NX object so that:
            - node names are analysis.MethodClassAnalysis objects
            - each node has a label that encodes the method behavior
        """
        cfg = self.get_cfg()  ##/////////My changes///////////////
        for n in cfg.nodes:
            instructions = []
            # print(n)
            try:
                ops = n.get_instructions()
                for i in ops:
                    instructions.append(i.get_name())
                # print(ops)
                encoded_label = self.color_instructions(instructions)
                # print("No Exception")
            except AttributeError:
                encoded_label = np.array([0] * 15)
            cfg.node[n]["label"] = encoded_label
        return cfg

    def color_instructions(self, instructions):
        """ Node label based on coloring technique by Kruegel """

        h = [0] * len(INSTRUCTION_CLASS_COLOR)
        for i in instructions:
            h[INSTRUCTION_SET_COLOR[i]] = 1
        return np.array(h)

    def get_classes_from_label(self, label):
        classes = [
            INSTRUCTION_CLASSES[i] for i in range(len(label)) if label[i] == 1
        ]
        return classes
コード例 #12
0
def parse_apk(path):
    """
    Parse an apk file to my custom bytecode output
    :param path: the path to the
    :rtype: string
    """
    # Load our example APK
    a = APK(path)
    # Create DalvikVMFormat Object
    #d = DalvikVMFormat(a)
    return a.get_dex()
コード例 #13
0
def GetAnalyzedDex(sample_name):
    a = APK(sample_name)
    d = dvm.DalvikVMFormat(a.get_dex())
    dx = analysis.Analysis(d)

    if type(dx) is list:
        dx = dx[0]

    dx.create_xref()

    return dx
コード例 #14
0
class GetFieldType:

    predictions = {}

    def __init__(self, args):

        self.apk = args.apk
        self.verbosity = args.verbosity
        self.output_location = args.output_location
        self.file_identifier = args.apk.split('.')[0]
        self.file_identifier = self.file_identifier[-24:]

        # print "Analyzing " + self.apk
        # print " Output Location " + self.output_location
        # print "File Identifier " + self.file_identifier

        # analyze the dex file
        print "From LOCATION = ", self.apk
        self.a = APK(self.apk)

        # get the vm analysis
        self.d = DalvikVMFormat(self.a.get_dex())
        self.dx = VMAnalysis(self.d)
        self.gx = GVMAnalysis(self.dx, None)

        self.d.set_vmanalysis(self.dx)
        self.d.set_gvmanalysis(self.gx)

        # create the cross reference
        self.d.create_xref()
        self.d.create_dref()

        print 'CWD: ', os.getcwd()
        predictor = Predict_Input(self.output_location, self.file_identifier)
        self.predictions = predictor.predict(self.apk, self.apk[:-4],
                                             self.output_location,
                                             self.file_identifier)

        try:
            # get the classes for this apk
            # store them in a dict
            self.classes = self.get_class_dict()

            # Find the R$layout class
            self.Rlayout = self.get_RLayout(self.d.get_classes())

            # Find the R$id class
            self.Rid = self.get_Rid(self.d.get_classes())

            # Store all fields referenced in R$id
            self.fields, self.field_refs = self.get_fields(self.Rid)
        except Exception, e:
            print e
コード例 #15
0
ファイル: types.py プロジェクト: droidsec-cn/droidbot
class AndroguardAnalysis(object):
    """
    analysis result of androguard
    """
    def __init__(self, app_path):
        """
        :param app_path: local file path of app, should not be None
        analyse app specified by app_path
        """
        self.app_path = app_path
        from androguard.core.bytecodes.apk import APK
        self.a = APK(app_path)

    def get_detailed_analysis(self):
        from androguard.misc import AnalyzeDex
        self.d, self.dx = AnalyzeDex(self.a.get_dex(), raw=True)
コード例 #16
0
ファイル: droidbot_types.py プロジェクト: shugaoye/droidbot
class AndroguardAnalysis(object):
    """
    analysis result of androguard
    """
    def __init__(self, app_path):
        """
        :param app_path: local file path of app, should not be None
        analyse app specified by app_path
        """
        self.app_path = app_path
        from androguard.core.bytecodes.apk import APK
        self.a = APK(app_path)

    def get_detailed_analysis(self):
        from androguard.misc import AnalyzeDex
        self.d, self.dx = AnalyzeDex(self.a.get_dex(), raw=True)
コード例 #17
0
ファイル: apk.py プロジェクト: Rafiot/viper
        def analyze_apk(filename, raw=False, decompiler=None):
            """
            Analyze an android application and setup all stuff for a more quickly analysis !

            :param filename: the filename of the android application or a buffer which represents the application
            :type filename: string
            :param raw: True is you would like to use a buffer (optional)
            :type raw: boolean
            :param decompiler: ded, dex2jad, dad (optional)
            :type decompiler: string

            :rtype: return the :class:`APK`, :class:`DalvikVMFormat`, and :class:`VMAnalysis` objects
            """

            a = APK(filename, raw)
            d, dx = analyze_dex(a.get_dex(), raw=True, decompiler=decompiler)
            return a, d, dx
コード例 #18
0
ファイル: apk.py プロジェクト: geekscrapy/viper
        def analyze_apk(filename, raw=False, decompiler=None):
            """
            Analyze an android application and setup all stuff for a more quickly analysis !

            :param filename: the filename of the android application or a buffer which represents the application
            :type filename: string
            :param raw: True is you would like to use a buffer (optional)
            :type raw: boolean
            :param decompiler: ded, dex2jad, dad (optional)
            :type decompiler: string

            :rtype: return the :class:`APK`, :class:`DalvikVMFormat`, and :class:`VMAnalysis` objects
            """

            a = APK(filename, raw)
            d, dx = analyze_dex(a.get_dex(), raw=True, decompiler=decompiler)
            return a, d, dx
コード例 #19
0
 def perform_analysis(self):
     if self.apk_file and os.path.exists(self.apk_file):
         try:
             apk = APK(self.apk_file)
         except Exception, ex:
             print ex
             return
         
         # Intents
         self.intents = apk.get_elements('action', 'android:name')
         # Create DalvikFormat
         dalvik_vm_format = None
         try:
             dalvik_vm_format = DalvikVMFormat( apk.get_dex() )
         except Exception, ex:
             print ex
             return
コード例 #20
0
ファイル: get_field_type.py プロジェクト: jamella/SMVHunter
class GetFieldType:

    def __init__(self, args):
        self.apk = args.apk
        self.verbosity = args.verbosity

        print "Analyzing " + self.apk

        # analyze the dex file
        self.a = APK(self.apk)

        # get the vm analysis
        self.d = DalvikVMFormat(self.a.get_dex())
        self.dx = VMAnalysis(self.d)
        self.gx = GVMAnalysis(self.dx, None)

        self.d.set_vmanalysis(self.dx)
        self.d.set_gvmanalysis(self.gx)

        # create the cross reference
        self.d.create_xref()
        self.d.create_dref()

        try:
            # get the classes for this apk
            # store them in a dict
            self.classes = self.get_class_dict()

            # Find the R$layout class
            self.Rlayout = self.get_RLayout(self.d.get_classes())

            # Find the R$id class
            self.Rid = self.get_Rid(self.d.get_classes())

            # Store all fields referenced in R$id
            self.fields, self.field_refs = self.get_fields(self.Rid)
        except Exception, e:
            print e
コード例 #21
0
class GetFieldType:
    def __init__(self, args):
        self.apk = args.apk
        self.verbosity = args.verbosity

        print "Analyzing " + self.apk

        # analyze the dex file
        self.a = APK(self.apk)

        # get the vm analysis
        self.d = DalvikVMFormat(self.a.get_dex())
        self.dx = VMAnalysis(self.d)
        self.gx = GVMAnalysis(self.dx, None)

        self.d.set_vmanalysis(self.dx)
        self.d.set_gvmanalysis(self.gx)

        # create the cross reference
        self.d.create_xref()
        self.d.create_dref()

        try:
            # get the classes for this apk
            # store them in a dict
            self.classes = self.get_class_dict()

            # Find the R$layout class
            self.Rlayout = self.get_RLayout(self.d.get_classes())

            # Find the R$id class
            self.Rid = self.get_Rid(self.d.get_classes())

            # Store all fields referenced in R$id
            self.fields, self.field_refs = self.get_fields(self.Rid)
        except Exception, e:
            print e
コード例 #22
0
class PDG():
    def __init__(self, filename):
        """

        :type self: object
        """
        self.filename = filename
        try:
            self.a = APK(filename)
            self.d = DalvikVMFormat(self.a.get_dex())
            self.d.create_python_export()
            self.dx = Analysis(self.d)
        except zipfile.BadZipfile:
            # if file is not an APK, may be a dex object
            _, self.d, self.dx = AnalyzeDex(self.filename)

        self.d.set_vmanalysis(self.dx)
        self.dx.create_xref()
        self.fcg = self.dx.get_call_graph()
        self.icfg = self.build_icfg()

    def get_graph(self):
        return self.icfg

    def build_icfg(self):
        icfg = nx.DiGraph()
        methods = self.d.get_methods()
        for method in methods:
            for bb in self.dx.get_method(method).basic_blocks.get():
                children = []
                label = self.get_bb_label(bb)
                children = self.get_children(bb, self.dx)
                icfg.add_node(label)
                icfg.add_edges_from([(label, child) for child in children])
        return icfg

    def get_bb_label(self, bb):
        """ Return the descriptive name of a basic block
        """
        return self.get_method_label(bb.method) + (bb.name, )

    def get_method_label(self, method):
        """ Return the descriptive name of a method
        """
        return (method.get_class_name(), method.get_name(),
                method.get_descriptor())

    def get_children(self, bb, dx):
        """ Return the labels of the basic blocks that are children of the
        input basic block in and out of its method
        """
        return self.get_bb_intra_method_children(
            bb) + self.get_bb_extra_method_children(bb, dx)

    def get_bb_intra_method_children(self, bb):
        """ Return the labels of the basic blocks that are children of the
        input basic block within a method
        """
        child_labels = []
        for c_in_bb in bb.get_next():
            next_bb = c_in_bb[2]
            child_labels.append(self.get_bb_label(next_bb))
        return child_labels

    def get_bb_extra_method_children(self, bb, dx):
        """ Given a basic block, find the calls to external methods and
        return the label of the first basic block in these methods
        """

        call_labels = []
        # iterate over calls from bb method to external methods
        try:
            xrefs = dx.get_method_analysis(bb.method).get_xref_to()
        except AttributeError:
            return call_labels
        for xref in xrefs:
            remote_method_offset = xref[2]
            if self.call_in_bb(bb, remote_method_offset):
                try:
                    remote_method = dx.get_method(
                        self.d.get_method_by_idx(remote_method_offset))
                    if remote_method:
                        remote_bb = next(remote_method.basic_blocks.get())
                        call_labels.append(self.get_bb_label(remote_bb))
                except StopIteration:
                    pass
        return call_labels

    def call_in_bb(self, bb, idx):
        return bb.get_start() <= idx <= bb.get_end()
コード例 #23
0
ファイル: core.py プロジェクト: chongshq/malware-detection
def extract_features(file_path):
    result = {}
    try:
        a = APK(file_path)
        d = DalvikVMFormat(a.get_dex())
        dx = Analysis(d)
        vm = dvm.DalvikVMFormat(a.get_dex())
        vmx = analysis.Analysis(vm)
        d.set_vmanalysis(dx)
        d.set_decompiler(DecompilerDAD(d, dx))
    except Exception as e:
        print e
        return None

    result['android_version_code'] = a.get_androidversion_code()
    result['android_version_name'] = a.get_androidversion_name()
    result['max_sdk'] = a.get_max_sdk_version()
    result['min_sdk'] = a.get_min_sdk_version()
    result['libraries'] = a.get_libraries()
    result['filename'] = a.get_filename()
    result['target_sdk'] = a.get_target_sdk_version()
    result['md5'] = hashlib.md5(a.get_raw()).hexdigest()
    result['sha256'] = hashlib.sha256(a.get_raw()).hexdigest()
    result['permissions'] = a.get_permissions()
    result['activities'] = a.get_activities()
    result['providers'] = a.get_providers()
    result['services'] = a.get_services()
    result['strings'] = d.get_strings()
    result['class_names'] = [c.get_name() for c in d.get_classes()]
    result['method_names'] = [m.get_name() for m in d.get_methods()]
    result['field_names'] = [f.get_name() for f in d.get_fields()]
    # result['is_native_code'] = 1 if analysis.is_native_code(dx) else 0
    result['is_obfuscation'] = 1 if analysis.is_ascii_obfuscation(d) else 0
    # result['is_crypto_code'] = 1 if analysis.is_crypto_code(dx) else 0
    # result['is_dyn_code'] = 1 if analysis.is_dyn_code(dx) else 0
    # result['is_reflection_code'] = 1 if analysis.is_reflection_code(vmx) else 0
    result['is_database'] = 1 if d.get_regex_strings(DB_REGEX) else 0

    s_list = []
    s_list.extend(result['class_names'])
    s_list.extend(result['method_names'])
    s_list.extend(result['field_names'])
    result['entropy_rate'] = entropy_rate(s_list)

    result['feature_vectors'] = {}

    result['feature_vectors']['api_calls'] = []
    for call in API_CALLS:
        status = 1 if dx.get_method_by_name(".", call, ".") else 0
        result['feature_vectors']['api_calls'].append(status)

    result['feature_vectors']['permissions'] = []
    for permission in PERMISSIONS:
        status = 1 if permission in result['permissions'] else 0
        result['feature_vectors']['permissions'].append(status)

    result['feature_vectors']['special_strings'] = []
    for word in SPECIAL_STRINGS:
        status = 1 if d.get_regex_strings(word) else 0
        result['feature_vectors']['special_strings'].append(status)

    result['feature_vectors']['others'] = [
        # result['is_reflection_code'],
        # result['is_crypto_code'],
        # result['is_native_code'],
        result['is_obfuscation'],
        result['is_database'],
        # result['is_dyn_code']
    ]

    return result
コード例 #24
0
ファイル: graphs.py プロジェクト: umkhanqta/MLwakelockleak
class FCG():  ##/////////////Changed for testing/////////////////////
    def __init__(self, filename):
        self.filename = filename
        # print(os.path.exists(filename))
        # a,d,dx = AnalyzeAPK(filename)
        # print(dx.get_call_graph())

        try:
            self.a = APK(filename)
            self.d = DalvikVMFormat(self.a.get_dex())
            self.d.create_python_export()
            self.dx = Analysis(self.d)
        except zipfile.BadZipfile:
            # if file is not an APK, may be a dex object
            _, self.d, self.dx = AnalyzeDex(self.filename)

        self.d.set_vmanalysis(self.dx)
        self.dx.create_xref()
        self.fcg = self.build_fcg()

    def get_fcg(self):
        return self.fcg

    def get_lock_graph(self):
        graph_list = []
        # print("LockGraphs", self.dx)
        call_graph = self.dx.get_call_graph()
        # print("Call Graphs")
        for m in (self.dx.find_methods(
                classname='Landroid.os.PowerManager.WakeLock'
        )):  ##//////////Work fine but found 3 method so will use when done
            # print("Method=", m.get_method())
            ancestors = nx.ancestors(call_graph, m.get_method())
            ancestors.add(m.get_method())
            graph = call_graph.subgraph(ancestors)
            graph_list.append(graph)
        wake_graph = nx.compose_all(graph_list)
        return wake_graph

    def build_fcg(self):
        """ Using NX and Androguard, build a directed graph NX object so that:
            - node names are analysis.MethodClassAnalysis objects
            - each node has a label that encodes the method behavior
        """
        fcg = self.get_lock_graph()  ##/////////My changes///////////////

        for n in fcg.nodes:
            instructions = []
            try:
                ops = n.get_instructions()
                for i in ops:
                    instructions.append(i.get_name())
                encoded_label = self.color_instructions(instructions)
            except AttributeError:
                encoded_label = np.array([0] * 15)

            fcg.node[n]["label"] = encoded_label
        return fcg

    def color_instructions(self, instructions):
        """ Node label based on coloring technique by Kruegel """

        h = [0] * len(INSTRUCTION_CLASS_COLOR)
        for i in instructions:
            h[INSTRUCTION_SET_COLOR[i]] = 1
        return np.array(h)

    def get_classes_from_label(self, label):
        classes = [
            INSTRUCTION_CLASSES[i] for i in range(len(label)) if label[i] == 1
        ]
        return classes
コード例 #25
0
'''
Created on Jun 8, 2014

@author: lyx
'''
from androguard.core.bytecodes.apk import APK
from androguard.core.bytecodes import dvm
from androguard.core.analysis import analysis
from androguard.decompiler.decompiler import DecompilerDAD



if __name__ == '__main__':
    apk = APK('../sampleapk/MyTrojan.apk')
    d = dvm.DalvikVMFormat(apk.get_dex())
    dx = analysis.uVMAnalysis(d)
    d.set_decompiler( DecompilerDAD( d, dx ) )
    for current_class in d.get_classes():
        s = current_class#.source()
    print s
    print s.source()
    '''for current_method in d.get_methods():  # @IndentOk
        x = current_method.get_code()
    ins = x.get_bc().get_instructions()
    i = 0
    for s in ins:
        print s.show(i)
        i += 1
    #apk = analyzeAPK('./sampleapk/k9-4.409-release.apk')'''
コード例 #26
0
def get_apis(path):
    methods = set()
    error_file = open("error_files.txt", "w")

    """
    Get the APIs from an application.
    Parameters:
      path - The path of the application to be decompiled
    Returns:
      A sorted list of APIs with parameters
    """
    try:
        # You can see the documents of androguard to get the further details
        # of the decompilation procedures.
        # 获取APK文件对象
        # application:表示APK对象,在其中可以找到有关 APK 的信息,例如包名、权限、AndroidManifest.xml、resources
        # application_dex:DalvikVMFormat 对象数组,DalvikVMFormat 对应 apk 文件中的 dex 文件,从 dex 文件中我们可以获取类、方法和字符串。
        # application_x:表示 Analysis 对象,其包含链接了关于 classes.dex 信息的特殊的类,甚至可以一次处理许多 dex 文件。
        application = APK(path)
        application_dex = DalvikVMFormat(application.get_dex())
        application_x = Analysis(application_dex)

        # 获得class 对象
        classesList = [classes.get_name() for classes in application_dex.get_classes()]
        # print("classesList:", classesList)
        # 获得methods方法
        for method in application_dex.get_methods():
            methodAnalysis = application_x.get_method(method)
            if method.get_code() is None:
                continue

            for basicBlocks in methodAnalysis.get_basic_blocks().get():
                # 获得jvm指令
                for instructions in basicBlocks.get_instructions():
                    #  这是一个包含方法,变量或其他任何内容的字符串
                    output = instructions.get_output()
                    # print("output", output)

                    # Here we use regular expression to check if it is a function
                    # call. A function call comprises four parts: a class name, a
                    # function name, zero or more parameters, and a return type.
                    # The pattern is actually simple:
                    #
                    #      CLASS NAME: starts with a character L and ends in a right
                    #                  arrow.
                    #   FUNCTION NAME: starts with the right arrow and ends in a
                    #                  left parenthesis.
                    #      PARAMETERS: are between the parentheses.
                    #     RETURN TYPE: is the rest of the string.
                    #
                    # 这里拿到的classList是应用本身的类,第二个匹配的组(一个括号一个组)是调用的类不是应用本身的类,是系统的类
                    # 这里就是通过系统接口调用来做判断。
                    match = re.search(r'(L[^;]*;)->[^\(]*\([^\)]*\).*', output)
                    # print("----")
                    # if match:
                    #     log(match.group() + "----" + match.group(1), "->" + (match.group(1) not in classesList))
                    # print(match.group() + "----" + match.group(1), "->", (match.group(1) not in classesList))
                    # print("isInClassList:", match.group(1), "->", (match.group(1) not in classesList))

                    # match.group():Landroid/app/IntentService;-><init>(Ljava/lang/String;)V
                    # match.group(1):Landroid/app/IntentService;
                    if match and match.group(1) not in classesList:
                        # print(match.group() + "----" + match.group(1))
                        methods.add(match.group())
        methods = list(methods)

    except Exception as e:
        print(e)
        print("path", path)
        error_file.write(path)

    return methods
コード例 #27
0
def extract_features(file_path):
    result = {}
    try:
        a = APK(file_path)
        d = DalvikVMFormat(a.get_dex())
        dx = VMAnalysis(d)
        vm = dvm.DalvikVMFormat(a.get_dex())
        vmx = analysis.uVMAnalysis(vm)
        d.set_vmanalysis(dx)
        d.set_decompiler(DecompilerDAD(d, dx))
    except:
        return None

    result['android_version_code'] = a.get_androidversion_code()
    result['android_version_name'] = a.get_androidversion_name()
    result['max_sdk'] = a.get_max_sdk_version()
    result['min_sdk'] = a.get_min_sdk_version()
    result['libraries'] = a.get_libraries()
    result['filename'] = a.get_filename()
    result['target_sdk'] = a.get_target_sdk_version()
    result['md5'] = hashlib.md5(a.get_raw()).hexdigest()
    result['sha256'] = hashlib.sha256(a.get_raw()).hexdigest()
    result['permissions'] = a.get_permissions()
    result['activities'] = a.get_activities()
    result['providers'] = a.get_providers()
    result['services'] = a.get_services()
    #result['strings'] = d.get_strings()
    #result['class_names'] = [c.get_name() for c in d.get_classes()]
    #result['method_names'] = [m.get_name() for m in d.get_methods()]
    #result['field_names'] = [f.get_name() for f in d.get_fields()]
    class_names = [c.get_name() for c in d.get_classes()]
    method_names = [m.get_name() for m in d.get_methods()]
    field_names = [ f.get_name() for f in d.get_fields()]

    result['is_native_code'] = 1 if analysis.is_native_code(dx) else 0
    result['is_obfuscation'] = 1 if analysis.is_ascii_obfuscation(d) else 0
    result['is_crypto_code'] = 1 if analysis.is_crypto_code(dx) else 0
    result['is_dyn_code'] = 1 if analysis.is_dyn_code(dx) else 0
    result['is_reflection_code'] = 1 if analysis.is_reflection_code(vmx) else 0
    result['is_database'] = 1 if d.get_regex_strings(DB_REGEX) else 0

    s_list = []
    #s_list.extend(result['class_names'])
    #s_list.extend(result['method_names'])
    #s_list.extend(result['field_names'])
    s_list.extend(class_names)
    s_list.extend(method_names)
    s_list.extend(method_names)
    result['entropy_rate'] = entropy_rate(s_list)

    result['feature_vectors'] = {}

    # Search for the presence of api calls in a given apk
    result['feature_vectors']['api_calls'] = []
    for call in API_CALLS:
        status = 1 if dx.tainted_packages.search_methods(".", call, ".") else 0
        result['feature_vectors']['api_calls'].append(status)

    # Search for the presence of permissions in a given apk        
    result['feature_vectors']['permissions'] = []
    for permission in PERMISSIONS:
        status = 1 if permission in result['permissions'] else 0
        result['feature_vectors']['permissions'].append(status)

    result['feature_vectors']['special_strings'] = []
    for word in SPECIAL_STRINGS:
        status = 1 if d.get_regex_strings(word) else 0
        result['feature_vectors']['special_strings'].append(status)

    opt_seq = []
    for m in d.get_methods():
        for i in m.get_instructions():
            opt_seq.append(i.get_name())

    optngramlist = [tuple(opt_seq[i:i+NGRAM]) for i in xrange(len(opt_seq) - NGRAM)]
    optngram = Counter(optngramlist)
    optcodes = dict()
    tmpCodes = dict(optngram)
    #for k,v in optngram.iteritems():
    #    if v>=NGRAM_THRE:
            #optcodes[str(k)] = v
    #        optcodes[str(k)] = 1
    tmpCodes = sorted(tmpCodes.items(),key =lambda d:d[1],reverse=True) 
    for value in tmpCodes[:NGRAM_THRE]:
        optcodes[str(value[0])] = 1
    result['feature_vectors']['opt_codes'] = optcodes

    return result
def extract_features(file_path):
    result = {}
    try:
        a = APK(file_path)
        d = DalvikVMFormat(a.get_dex())
        dx = Analysis(d)
        vm = dvm.DalvikVMFormat(a.get_dex())
        #vmx = analysis.uVMAnalysis(vm)
        d.set_vmanalysis(dx)
        d.set_decompiler(DecompilerDAD(d, dx))
    except:
        return None

    result['android_version_code'] = a.get_androidversion_code()
    result['android_version_name'] = a.get_androidversion_name()
    result['max_sdk'] = a.get_max_sdk_version()
    result['min_sdk'] = a.get_min_sdk_version()
    #result['libraries'] = a.get_libraries()
    result['filename'] = a.get_filename()
    result['target_sdk'] = a.get_target_sdk_version()
    result['md5'] = hashlib.md5(a.get_raw()).hexdigest()
    result['sha256'] = hashlib.sha256(a.get_raw()).hexdigest()
    result['permissions'] = a.get_permissions()
    result['activities'] = a.get_activities()
    result['providers'] = a.get_providers()
    result['services'] = a.get_services()
    result['strings'] = d.get_strings()
    result['class_names'] = [c.get_name() for c in d.get_classes()]
    result['method_names'] = [m.get_name() for m in d.get_methods()]
    result['field_names'] = [f.get_name() for f in d.get_fields()]
    #result['is_native_code'] = 1 if analysis.is_native_code(dx) else 0
    result['is_obfuscation'] = 1 if analysis.is_ascii_obfuscation(d) else 0
    #result['is_crypto_code'] = 1 if analysis.is_crypto_code(dx) else 0
    '''result['is_dyn_code'] = 1 if analysis.is_dyn_code(dx) else 0
    result['is_reflection_code'] = 1 if analysis.is_reflection_code(vmx) else 0'''
    result['is_database'] = 1 if d.get_regex_strings(DB_REGEX) else 0
    arr = []
    s = a.get_elements("action", "name")
    for i in s:
        arr.append(i)

    result['intents'] = arr

    s_list = []
    s_list.extend(result['class_names'])
    s_list.extend(result['method_names'])
    s_list.extend(result['field_names'])
    result['entropy_rate'] = entropy_rate(s_list)

    result['feature_vectors'] = {}

    # Search for the presence of api calls in a given apk
    result['feature_vectors']['api_calls'] = []
    for call in API_CALLS:
        status = 1 if dx.get_method(call) else 0
        result['feature_vectors']['api_calls'].append(status)

    # Search for the presence of permissions in a given apk
    result['feature_vectors']['permissions'] = []
    for permission in PERMISSIONS:
        status = 1 if permission in result['permissions'] else 0
        result['feature_vectors']['permissions'].append(status)

    #Search for the presence of intents in a given apk
    result['feature_vectors']['intents'] = []
    n = len(INTENTS)
    m = len(result['intents'])
    for i in range(n):
        stri = INTENTS[i]
        flg = False
        for j in range(m):
            if stri in result['intents'][j]:
                flg = True
                break
        if flg:
            status = 1
        else:
            status = 0
        result['feature_vectors']['intents'].append(status)

    #Check for special strings in code
    result['feature_vectors']['special_strings'] = []
    for word in SPECIAL_STRINGS:
        status = 1 if d.get_regex_strings(word) else 0
        result['feature_vectors']['special_strings'].append(status)

    return result
コード例 #29
0
    def run(self):
        """Run androguard to extract static android information
                @return: list of static features
        """
        self.key = "apkinfo"
        apkinfo = {}

        if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
            return

        #f = File(self.task["target"])
        #if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
        if not os.path.exists(self.file_path):
            raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)

        apkinfo["APKiD"] = self._scan_APKiD(self.file_path)

        try:
            a = APK(self.file_path)
            if a.is_valid_APK():
                manifest = {}

                apkinfo["files"] = self._apk_files(a)
                apkinfo["encrypted_assets"] = self.find_encrypted_assets(a)
                manifest["package"] = a.get_package()
                apkinfo["hidden_payload"] = []

                for file in apkinfo["files"]:
                    if self.file_type_check(file):
                       apkinfo["hidden_payload"].append(file)

                apkinfo["files_flaged"] = self.files_name_map

                manifest["permissions"]= get_permissions(a)
                manifest["main_activity"] = a.get_main_activity()
                manifest["activities"] = a.get_activities()
                manifest["services"] = a.get_services()
                manifest["receivers"] = a.get_receivers()
                manifest["receivers_actions"] = get_extended_receivers(a)
                manifest["receivers_info"] = get_receivers_info(a)
                manifest["providers"] = a.get_providers()
                manifest["libraries"] = a.get_libraries()
                apkinfo["manifest"] = manifest

                apkinfo["icon"] = get_apk_icon(self.file_path)
                certificate = get_certificate(self.file_path)
                if certificate:
                    apkinfo["certificate"] = certificate


                #vm = DalvikVMFormat(a.get_dex())
                #strings = vm.get_strings()

                strings = self._get_strings(self.file_path)
                for subdir, dirs, files in os.walk(self.dropped_path):
                    for file in files:
                        path = os.path.join(subdir, file)
                        try:
                            extra_strings = self._get_strings(path)
                            strings = list(set(extra_strings + strings))
                        except:
                            pass

                apkinfo["dex_strings"] = strings

                static_calls = {}
                if self.options.decompilation:
                    if self.check_size(apkinfo["files"]):
                        vm = DalvikVMFormat(a.get_dex())
                        vmx = uVMAnalysis(vm)
                        # Be less verbose about androguard logging messages.
                        logging.getLogger("andro.runtime").setLevel(logging.CRITICAL)

                        static_calls["all_methods"] = get_methods(vmx)
                        static_calls["is_native_code"] = analysis.is_native_code(vmx)
                        static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx)
                        static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx)
                        static_calls["is_crypto_code"] = is_crypto_code(vmx)

                        static_calls["dynamic_method_calls"] = get_show_DynCode(vmx)
                        static_calls["reflection_method_calls"] = get_show_ReflectionCode(vmx)
                        static_calls["permissions_method_calls"] = get_show_Permissions(vmx)
                        static_calls["crypto_method_calls"] = get_show_CryptoCode(vmx)
                        static_calls["native_method_calls"] = get_show_NativeMethods(vmx)

                        classes = list()
                        for cls in vm.get_classes():
                            classes.append(cls.name)

                        static_calls["classes"] = classes

                else:
                    log.warning("Dex size bigger than: %s",
                                self.options.decompilation_threshold)

                apkinfo["static_method_calls"] = static_calls

        except (IOError, OSError, BadZipfile) as e:
            raise CuckooProcessingError("Error opening file %s" % e)

        return apkinfo
コード例 #30
0
    #toReturn += "]\n}"
    toReturn += "]"
    return toReturn





# cattura del percorso del file apk
apkToBeAnalyzed = sys.argv[1]

#variabile che rappresenta il file apk
a = APK(apkToBeAnalyzed)

#variabile che rappresenta il file dex
dexFile = DalvikVMFormat(a.get_dex())

#variabile che rappresenta il file dex dopo essere stato analizzato
dexAnalyzed = analysis.uVMAnalysis(dexFile)

#print a.show()
#print "package name " + a.get_package()
#print a.get_permissions()
#analysis.show_Permissions(dexAnalyzed)
#print "\n"

# mostra dove vengono usati i permessi
permissions = dexAnalyzed.get_permissions([])

permissionDictionary = toDictionary(dexFile, permissions)
コード例 #31
0
ファイル: get_dex.py プロジェクト: un0rthodox/analyst-scripts
def get_dex(apk_path):
    """
    Extract the package name of an APK
    """
    a = APK(apk_path)
    return a.get_dex()
コード例 #32
0
ファイル: apkinfo.py プロジェクト: HuSunMyan/CodeForAndroid
    def run(self):
        """Run androguard to extract static android information
                @return: list of static features
        """
        self.key = "apkinfo"
        apkinfo = {}

        if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
            return

        f = File(self.task["target"])
        #if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
        if not os.path.exists(self.file_path):
            raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)

        try:
            a = APK(self.file_path)
            if a.is_valid_APK():
                manifest = {}

                apkinfo["files"] = self._apk_files(a)
                manifest["package"] = a.get_package()
                apkinfo["hidden_payload"] = []

                for file in apkinfo["files"]:
                    if self.file_type_check(file):
                       apkinfo["hidden_payload"].append(file)

                apkinfo["files_flaged"] = self.files_name_map

                manifest["permissions"]= get_permissions(a)
                manifest["main_activity"] = a.get_main_activity()
                manifest["activities"] = a.get_activities()
                manifest["services"] = a.get_services()
                manifest["receivers"] = a.get_receivers()
                manifest["receivers_actions"] = get_extended_receivers(a)
                manifest["providers"] = a.get_providers()
                manifest["libraries"] = a.get_libraries()
                apkinfo["manifest"] = manifest

                apkinfo["icon"] = get_apk_icon(self.file_path)
                certificate = get_certificate(self.file_path)
                if certificate:
                    apkinfo["certificate"] = certificate


                #vm = DalvikVMFormat(a.get_dex())
                #strings = vm.get_strings()
                strings = self._get_strings(self.file_path)
                apkinfo["interesting_strings"] = find_strings(strings)
                apkinfo["dex_strings"] = strings

                static_calls = {}
                if self.options.decompilation:
                    if self.check_size(apkinfo["files"]):
                        vm = DalvikVMFormat(a.get_dex())
                        vmx = uVMAnalysis(vm)

                        static_calls["all_methods"] = get_methods(vmx)
                        static_calls["is_native_code"] = analysis.is_native_code(vmx)
                        static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx)
                        static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx)
                        static_calls["is_crypto_code"] = is_crypto_code(vmx)

                        static_calls["dynamic_method_calls"] = get_show_DynCode(vmx)
                        static_calls["reflection_method_calls"] = get_show_ReflectionCode(vmx)
                        static_calls["permissions_method_calls"] = get_show_Permissions(vmx)
                        static_calls["crypto_method_calls"] = get_show_CryptoCode(vmx)
                        static_calls["native_method_calls"] = get_show_NativeMethods(vmx)

                        classes = list()
                        for cls in vm.get_classes():
                            classes.append(cls.name)

                        static_calls["classes"] = classes

                else:
                    log.warning("Dex size bigger than: %s",
                                self.options.decompilation_threshold)

                apkinfo["static_method_calls"] = static_calls

        except (IOError, OSError, BadZipfile) as e:
            raise CuckooProcessingError("Error opening file %s" % e)

        return apkinfo
コード例 #33
0
    def run(self):
        """Run androguard to extract static android information
                @return: list of static features
        """
        self.key = "apkinfo"
        apkinfo = {}

        if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
            return

        f = File(self.task["target"])
        #if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
        if not os.path.exists(self.file_path):
            raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" %
                                        self.file_path)

        try:
            a = APK(self.file_path)
            if a.is_valid_APK():
                manifest = {}

                apkinfo["files"] = self._apk_files(a)
                manifest["package"] = a.get_package()
                apkinfo["hidden_payload"] = []

                for file in apkinfo["files"]:
                    if self.file_type_check(file):
                        apkinfo["hidden_payload"].append(file)

                apkinfo["files_flaged"] = self.files_name_map

                manifest["permissions"] = get_permissions(a)
                manifest["main_activity"] = a.get_main_activity()
                manifest["activities"] = a.get_activities()
                manifest["services"] = a.get_services()
                manifest["receivers"] = a.get_receivers()
                manifest["receivers_actions"] = get_extended_receivers(a)
                manifest["providers"] = a.get_providers()
                manifest["libraries"] = list(a.get_libraries())
                apkinfo["manifest"] = manifest

                apkinfo["icon"] = get_apk_icon(self.file_path)
                certificate = get_certificate(self.file_path)
                if certificate:
                    apkinfo["certificate"] = certificate

                #vm = DalvikVMFormat(a.get_dex())
                #strings = vm.get_strings()
                strings = self._get_strings(self.file_path)
                apkinfo["interesting_strings"] = find_strings(strings)
                apkinfo["dex_strings"] = strings

                static_calls = {}
                if self.options.decompilation:
                    if self.check_size(apkinfo["files"]):
                        vm = DalvikVMFormat(a.get_dex())
                        vmx = Analysis(vm)
                        vmx.create_xref()

                        static_calls["all_methods"] = get_methods(vmx)
                        static_calls[
                            "permissions_method_calls"] = get_show_Permissions(
                                vmx)

                        static_calls[
                            "native_method_calls"] = get_show_NativeMethods(
                                vmx)
                        static_calls["is_native_code"] = bool(
                            static_calls["native_method_calls"]
                        )  # True if not empty, False if empty

                        static_calls[
                            "dynamic_method_calls"] = get_show_DynCode(vmx)
                        static_calls["is_dynamic_code"] = bool(
                            static_calls["dynamic_method_calls"])

                        static_calls[
                            "reflection_method_calls"] = get_show_ReflectionCode(
                                vmx)
                        static_calls["is_reflection_code"] = bool(
                            static_calls["reflection_method_calls"])

                        static_calls[
                            "crypto_method_calls"] = get_show_CryptoCode(vmx)
                        static_calls["is_crypto_code"] = bool(
                            static_calls["crypto_method_calls"])

                        classes = list()
                        for cls in vm.get_classes():
                            classes.append(cls.name)

                        static_calls["classes"] = classes

                    else:
                        log.warning(
                            "Aborted decompilation, static extraction of calls not perforemd",
                        )

                apkinfo["static_method_calls"] = static_calls

        except (IOError, OSError, BadZipfile) as e:
            raise CuckooProcessingError("Error opening file %s" % e)
        return apkinfo
コード例 #34
0
from androguard.core.analysis.analysis import VMAnalysis
from androguard.core.bytecodes.apk import APK
from androguard.core.bytecodes.dvm import DalvikVMFormat
from core.analysis import *
if __name__ == '__main__':
    a = APK("1_1.apk")
    print len(a.get_activities())
    print a.get_main_activity()
    d = DalvikVMFormat(a.get_dex())
    dx = VMAnalysis(d)
    print dx.get_method_signature()
コード例 #35
0
        ):  # inserisce la virgola fin tanto che non � l'ultimo oggetto
            toReturn += ","

    #toReturn += "]\n}"
    toReturn += "]"
    return toReturn


# cattura del percorso del file apk
apkToBeAnalyzed = sys.argv[1]

#variabile che rappresenta il file apk
a = APK(apkToBeAnalyzed)

#variabile che rappresenta il file dex
dexFile = DalvikVMFormat(a.get_dex())

#variabile che rappresenta il file dex dopo essere stato analizzato
dexAnalyzed = analysis.uVMAnalysis(dexFile)

#print a.show()
#print "package name " + a.get_package()
#print a.get_permissions()
#analysis.show_Permissions(dexAnalyzed)
#print "\n"

# mostra dove vengono usati i permessi
permissions = dexAnalyzed.get_permissions([])

permissionDictionary = toDictionary(dexFile, permissions)
コード例 #36
0
ファイル: yaradex.py プロジェクト: un0rthodox/analyst-scripts
import argparse
from androguard.core.bytecodes.apk import APK
from androguard.core import androconf


if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument("YARARULE", help="Path of the yara rule file")
    parser.add_argument("PATH", help="Path of the executable to check")
    args = parser.parse_args()


    if not os.path.isfile(args.PATH):
        print("Invalid snoopdroid dump path")
        sys.exit(-1)
    if not os.path.isfile(args.YARARULE):
        print("Invalid path for yara rule")
        sys.exit(-1)

    if androconf.is_android(args.PATH) != "APK":
        print("This is not an APK file")
        sys.exit(-1)

    rules = yara.compile(filepath=args.YARARULE)

    apk = APK(args.PATH)
    dex = apk.get_dex()
    res = rules.match(data=dex)
    if len(res) > 0:
        print("Matches: {}".format(", ".join([r.rule for r in res])))