def testXrefs(self): """Test if XREFs produce the correct results""" with open("examples/android/TestsAndroguard/bin/classes.dex", "rb") as fd: d = dvm.DalvikVMFormat(fd.read()) dx = analysis.Analysis(d) dx.create_xref() testcls = dx.classes['Ltests/androguard/TestActivity;'] self.assertIsInstance(testcls, analysis.ClassAnalysis) testmeth = list(filter(lambda x: x.name == 'onCreate', testcls.get_methods()))[0] self.assertEqual(len(list(dx.find_methods(testcls.name, '^onCreate$'))), 1) self.assertEqual(list(dx.find_methods(testcls.name, '^onCreate$'))[0], testmeth) self.assertIsInstance(testmeth, analysis.MethodClassAnalysis) self.assertFalse(testmeth.is_external()) self.assertIsInstance(testmeth.method, dvm.EncodedMethod) self.assertEquals(testmeth.name, 'onCreate') xrefs = list(map(lambda x: x.full_name, map(itemgetter(1), sorted(testmeth.get_xref_to(), key=itemgetter(2))))) self.assertEqual(len(xrefs), 5) # First, super is called: self.assertEquals(xrefs.pop(0), 'Landroid/app/Activity; onCreate (Landroid/os/Bundle;)V') # then setContentView (which is in the current class but the method is external) self.assertEquals(xrefs.pop(0), 'Ltests/androguard/TestActivity; setContentView (I)V') # then getApplicationContext (inside the Toast) self.assertEquals(xrefs.pop(0), 'Ltests/androguard/TestActivity; getApplicationContext ()Landroid/content/Context;') # then Toast.makeText self.assertEquals(xrefs.pop(0), 'Landroid/widget/Toast; makeText (Landroid/content/Context; Ljava/lang/CharSequence; I)Landroid/widget/Toast;') # then show() self.assertEquals(xrefs.pop(0), 'Landroid/widget/Toast; show ()V') # Now, test if the reverse is true other = list(dx.find_methods('^Landroid/app/Activity;$', '^onCreate$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertTrue(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Ltests/androguard/TestActivity;$', '^setContentView$')) # External because not overwritten in class: self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertFalse(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Ltests/androguard/TestActivity;$', '^getApplicationContext$')) # External because not overwritten in class: self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertFalse(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Landroid/widget/Toast;$', '^makeText$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertTrue(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Landroid/widget/Toast;$', '^show$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertTrue(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) # Next test internal calls testmeth = list(filter(lambda x: x.name == 'testCalls', testcls.get_methods()))[0] self.assertEqual(len(list(dx.find_methods(testcls.name, '^testCalls$'))), 1) self.assertEqual(list(dx.find_methods(testcls.name, '^testCalls$'))[0], testmeth) self.assertIsInstance(testmeth, analysis.MethodClassAnalysis) self.assertFalse(testmeth.is_external()) self.assertIsInstance(testmeth.method, dvm.EncodedMethod) self.assertEquals(testmeth.name, 'testCalls') xrefs = list(map(lambda x: x.full_name, map(itemgetter(1), sorted(testmeth.get_xref_to(), key=itemgetter(2))))) self.assertEqual(len(xrefs), 4) self.assertEquals(xrefs.pop(0), 'Ltests/androguard/TestActivity; testCall2 (J)V') self.assertEquals(xrefs.pop(0), 'Ltests/androguard/TestIfs; testIF (I)I') self.assertEquals(xrefs.pop(0), 'Ljava/lang/Object; getClass ()Ljava/lang/Class;') self.assertEquals(xrefs.pop(0), 'Ljava/io/PrintStream; println (Ljava/lang/Object;)V') other = list(dx.find_methods('^Ltests/androguard/TestActivity;$', '^testCall2$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertFalse(other[0].is_external()) self.assertFalse(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Ltests/androguard/TestIfs;$', '^testIF$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertFalse(other[0].is_external()) self.assertFalse(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from())) other = list(dx.find_methods('^Ljava/lang/Object;$', '^getClass$')) self.assertEquals(len(other), 1) self.assertIsInstance(other[0], analysis.MethodClassAnalysis) self.assertTrue(other[0].is_external()) self.assertTrue(other[0].is_android_api()) self.assertIn(testmeth.method, map(itemgetter(1), other[0].get_xref_from()))
''' Created on Jun 8, 2014 @author: lyx ''' from androguard.core.bytecodes.apk import APK from androguard.core.bytecodes import dvm from androguard.core.analysis import analysis from androguard.decompiler.decompiler import DecompilerDAD if __name__ == '__main__': apk = APK('../sampleapk/MyTrojan.apk') d = dvm.DalvikVMFormat(apk.get_dex()) dx = analysis.uVMAnalysis(d) d.set_decompiler( DecompilerDAD( d, dx ) ) for current_class in d.get_classes(): s = current_class#.source() print s print s.source() '''for current_method in d.get_methods(): # @IndentOk x = current_method.get_code() ins = x.get_bc().get_instructions() i = 0 for s in ins: print s.show(i) i += 1 #apk = analyzeAPK('./sampleapk/k9-4.409-release.apk')'''
def testDex(self): with open("examples/android/TestsAndroguard/bin/classes.dex", "rb") as fd: d = dvm.DalvikVMFormat(fd.read()) dx = analysis.Analysis(d) self.assertIsInstance(dx, analysis.Analysis)
def __init__(self, apk): self.__dvm = dvm.DalvikVMFormat(apk.get_dex()) self.__string_rules = RULES self.__vmx = analysis.VMAnalysis(self.__dvm)
#!/usr/bin/env python import sys, random, string PATH_INSTALL = "./" sys.path.append(PATH_INSTALL) from androguard.core.bytecodes import dvm TEST = "./examples/dalvik/test/bin/classes.dex" TEST_OUTPUT = "./examples/dalvik/test/bin/classes_output.dex" j = dvm.DalvikVMFormat(open(TEST).read()) # Modify the name of each field #for field in j.get_fields() : # field.set_name( random.choice( string.letters ) + ''.join([ random.choice(string.letters + string.digits) for i in range(10 - 1) ] ) ) # Modify the name of each method (minus the constructor (<init>) and a extern called method (go)) #for method in j.get_methods() : # if method.get_name() != "go" and method.get_name() != "<init>" : # method.set_name( random.choice( string.letters ) + ''.join([ random.choice(string.letters + string.digits) for i in range(10 - 1) ] ) ) # SAVE CLASS fd = open(TEST_OUTPUT, "w") fd.write(j.save()) fd.close()
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True): d2 = None ret_type = androconf.is_android(file_input) if ret_type == "APK": a = apk.APK(file_input) d2 = dvm.DalvikVMFormat(a.get_dex()) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat(read(file_input)) if d2 == None: return dx2 = analysis.VMAnalysis(d2) el = elsim.Elsim(ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library) el.show() print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new) if options.display: print "SIMILAR methods:" diff_methods = el.get_similar_elements() for i in diff_methods: el.show_element(i) print "IDENTICAL methods:" new_methods = el.get_identical_elements() for i in new_methods: el.show_element(i) print "NEW methods:" new_methods = el.get_new_elements() for i in new_methods: el.show_element(i, False) print "DELETED methods:" del_methods = el.get_deleted_elements() for i in del_methods: el.show_element(i) print "SKIPPED methods:" skipped_methods = el.get_skipped_elements() for i in skipped_methods: el.show_element(i) if view_strings: els = elsim.Elsim(ProxyDalvikStringMultiple(d1, dx1), ProxyDalvikStringMultiple(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library) #els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1), # ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) els.show() print "\t--> strings: %f%% of similarities" % els.get_similarity_value( new) if options.display: print "SIMILAR strings:" diff_strings = els.get_similar_elements() for i in diff_strings: els.show_element(i) print "IDENTICAL strings:" new_strings = els.get_identical_elements() for i in new_strings: els.show_element(i) print "NEW strings:" new_strings = els.get_new_elements() for i in new_strings: els.show_element(i, False) print "DELETED strings:" del_strings = els.get_deleted_elements() for i in del_strings: els.show_element(i) print "SKIPPED strings:" skipped_strings = els.get_skipped_elements() for i in skipped_strings: els.show_element(i)
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True): d2 = None ret_type = androconf.is_android( file_input ) if ret_type == "APK": a = apk.APK( file_input ) d2 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat( read(file_input) ) if d2 == None: return dx2 = analysis.VMAnalysis( d2 ) el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library ) el.show() print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new) if options.dump: print '\nDumping smali code...' tmp1 = options.input[1].split('/') jarname = tmp1[len(tmp1)-1] if not os.path.exists('smali'): os.makedirs('smali') os.system('apktool d ' + options.input[1]) if jarname[len(jarname)-4:len(jarname)] == '.apk': os.system('mv -f ' + jarname[0:len(jarname)-4] + ' smali') else: os.system('mv -f ' + jarname + '.out ' + 'smali') classes = Set([]) diff_methods = el.get_similar_elements() for i in diff_methods: x = el.show_similar_class_name( i ) for j in range(0, len(x)): classes.add(x.pop()) new_methods = el.get_new_elements() for i in new_methods: y = el.show_new_class_name( i ) classes.add(y) if not os.path.exists('codedump'): os.makedirs('codedump') os.chdir('codedump') if os.path.exists(jarname): os.system('rm -rf ' + jarname) os.makedirs(jarname) os.chdir('..') for i in range(0,len(classes)): #os.makedirs('codedump/' + jarname) filepath = classes.pop() filename = filepath.replace('/','.') shutil.copy2('smali/' + jarname + '.out/smali/' + filepath, 'codedump/' + jarname + '/' + filename) os.system('rmdir codedump/' + jarname) classes1 = Set([]) for i in diff_methods: x = el.show_similar_method_name( i ) for j in range(0, len(x)): classes1.add(x.pop()) for i in new_methods: y = el.show_new_method_name( i ) classes1.add(y) start = '' end = '.end method' if not os.path.exists('methoddump'): os.makedirs('methoddump') for i in range(0,len(classes1)): x1 = classes1.pop() xx = x1.split(' ', 1) if not os.path.exists('methoddump/' + jarname): os.makedirs('methoddump/' + jarname) with open('codedump/' + jarname + '/' + xx[0]) as infile: for line in infile: if xx[1] in line: start = line.replace('\n','') break med = xx[1].split('(', 1)[0] with open('codedump/' + jarname + '/' + xx[0]) as infile, open('methoddump/' + jarname + '/' + xx[0] + '.' + med + '.method', 'w+') as outfile: copy = False outfile.write(start + '\n') for line1 in infile: if line1.strip() == start: copy = True elif line1.strip() == end: copy = False elif copy: outfile.write(line1) outfile.write(end) print 'DUMP SMALI CODE SUCCESSFULLY.' if options.display: print "SIMILAR methods:" diff_methods = el.get_similar_elements() for i in diff_methods: el.show_element( i ) print "IDENTICAL methods:" new_methods = el.get_identical_elements() for i in new_methods: el.show_element( i ) print "NEW methods:" new_methods = el.get_new_elements() for i in new_methods: el.show_element( i, False ) print "DELETED methods:" del_methods = el.get_deleted_elements() for i in del_methods: el.show_element( i ) print "SKIPPED methods:" skipped_methods = el.get_skipped_elements() for i in skipped_methods: el.show_element( i ) if view_strings: els = elsim.Elsim( ProxyDalvikStringMultiple(d1, dx1), ProxyDalvikStringMultiple(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) #els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1), # ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) els.show() print "\t--> strings: %f%% of similarities" % els.get_similarity_value(new) if options.display: print "SIMILAR strings:" diff_strings = els.get_similar_elements() for i in diff_strings: els.show_element( i ) print "IDENTICAL strings:" new_strings = els.get_identical_elements() for i in new_strings: els.show_element( i ) print "NEW strings:" new_strings = els.get_new_elements() for i in new_strings: els.show_element( i, False ) print "DELETED strings:" del_strings = els.get_deleted_elements() for i in del_strings: els.show_element( i ) print "SKIPPED strings:" skipped_strings = els.get_skipped_elements() for i in skipped_strings: els.show_element( i )
def __init__(self, file_path): self.a = apk.APK(file_path) self.d = dvm.DalvikVMFormat(self.a.get_dex()) self.x = analysis.VMAnalysis(self.d) self.pkg_class_dict = {}
def do_build_apk_report(self, a): output = StringIO() a.get_files_types() output.write("[FILES] \n") for i in a.get_files(): try: output.write("\t%s %s %x\n" % ( i, a.files[i], a.files_crc32[i], )) except KeyError: output.write("\t%s %x\n" % ( i, a.files_crc32[i], )) output.write("\n[PERMISSIONS] \n") details_permissions = a.get_details_permissions() for i in details_permissions: output.write("\t%s %s\n" % ( i, details_permissions[i], )) output.write("\n[MAIN ACTIVITY]\n\t%s\n" % (a.get_main_activity(), )) output.write("\n[ACTIVITIES] \n") activities = a.get_activities() for i in activities: filters = a.get_intent_filters("activity", i) output.write("\t%s %s\n" % ( i, filters or "", )) output.write("\n[SERVICES] \n") services = a.get_services() for i in services: filters = a.get_intent_filters("service", i) output.write("\t%s %s\n" % ( i, filters or "", )) output.write("\n[RECEIVERS] \n") receivers = a.get_receivers() for i in receivers: filters = a.get_intent_filters("receiver", i) output.write("\t%s %s\n" % ( i, filters or "", )) output.write("\n[PROVIDERS]\n\t%s\n\n" % (a.get_providers(), )) vm = dvm.DalvikVMFormat(a.get_dex()) vmx = analysis.uVMAnalysis(vm) output.write("Native code : %s\n" % (analysis.is_native_code(vmx), )) output.write("Dynamic code : %s\n" % (analysis.is_dyn_code(vmx), )) output.write("Reflection code : %s\n" % (analysis.is_reflection_code(vmx), )) output.write("ASCII Obfuscation: %s\n\n" % (analysis.is_ascii_obfuscation(vm), )) for i in vmx.get_methods(): i.create_tags() if not i.tags.empty(): output.write("%s %s %s\n" % ( i.method.get_class_name(), i.method.get_name(), i.tags, )) return output
def gen_dict(list_path): file = open("error_files.txt", "w") external_api_dict = {} for path1 in list_path: count = 0 for f in os.listdir(path1): # print count count += 1 if (count == 300): break path = os.path.join(path1, f) print(path) try: if path.endswith('.apk'): app = apk.APK(path) app_dex = dvm.DalvikVMFormat(app.get_dex()) else: app_dex = dvm.DalvikVMFormat(open(path, "rb").read()) app_x = analysis.newVMAnalysis(app_dex) methods = [] cs = [cc.get_name() for cc in app_dex.get_classes()] ctr = 0 # print len(app_dex.get_methods()) for method in app_dex.get_methods(): g = app_x.get_method(method) if method.get_code() == None: continue for i in g.get_basic_blocks().get(): for ins in i.get_instructions(): # This is a string that contains methods, variables, or # anything else. output = ins.get_output() match = re.search(r'(L[^;]*;)->[^\(]*\([^\)]*\).*', output) if match and match.group(1) not in cs: methods.append(match.group()) # print "instruction : ", ins.get_basic_blocks() # print "external api detected: ", match.group() if (not external_api_dict.has_key( match.group())): external_api_dict[match.group()] = len( external_api_dict) except: file.write(path) file.close() return external_api_dict
#!/usr/bin/env python import sys PATH_INSTALL = "./" sys.path.append(PATH_INSTALL) from androguard.core.bytecodes import dvm from androguard.core.bytecodes import apk TEST = "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" a = apk.APK(TEST) j = dvm.DalvikVMFormat(a.get_dex()) for m in j.get_methods(): print m.get_class_name(), m.get_name(), m.get_descriptor() code_debug = m.get_debug() if code_debug != None: print code_debug.get_line_start(), code_debug.get_parameters_size( ), code_debug.get_parameter_names( ), code_debug.get_translated_parameter_names() for i in code_debug.get_bytecodes(): print i.get_op_value(), i.get_format(), i.get_value()
#!/usr/bin/env python from __future__ import print_function import sys PATH_INSTALL = "./" sys.path.append(PATH_INSTALL) from androguard.core.bytecodes import dvm from androguard.core.analysis import analysis from androguard.decompiler import decompiler from androguard.util import read TEST = "examples/android/TestsAndroguard/bin/classes.dex" j = dvm.DalvikVMFormat(read(TEST, binary=False)) jx = analysis.VMAnalysis(j) #d = decompiler.DecompilerDex2Jad( j ) #d = decompiler.DecompilerDed( j ) d = decompiler.DecompilerDAD(j, jx) j.set_decompiler(d) # SHOW METHODS for i in j.get_methods(): if i.get_name() == "onCreate": print(i.get_class_name(), i.get_name()) i.source() # if i.get_name() == "testWhileTrue":
def visit_cond_expression(self, op, arg1, arg2): arg1 = arg1.visit(self) if not isinstance(arg1, int): arg1 = ord(arg1) arg2 = arg2.visit(self) if not isinstance(arg2, int): arg2 = ord(arg2) return eval('%s %s %s' % (arg1, op, arg2)) def visit_get_static(self, cls, name): return self.mem[name] TEST = './apks/pacsec/magicspiral.apk' vm = dvm.DalvikVMFormat(apk.APK(TEST).get_dex()) vma = uVMAnalysis(vm) method = vm.get_method('crypt')[0] amethod = vma.get_method(method) dvmethod = DvMethod(amethod) dvmethod.process() # build IR Form / control flow... graph = dvmethod.graph visitor = DemoEmulator(graph) l = [ 94, 42, 93, 88, 3, 2, 95, 2, 13, 85, 11, 2, 19, 1, 125, 19, 0, 102, 30, 24, 19, 99, 76, 21, 102, 22, 26, 111, 39, 125, 2, 44, 80, 10, 90, 5, 119, 100, 119, 60, 4, 87, 79, 42, 52
def main(options, arguments): details = False if options.display != None: details = True if options.input != None: ret_type = androconf.is_android(options.input[0]) if ret_type == "APK": a = apk.APK(options.input[0]) d1 = dvm.DalvikVMFormat(a.get_dex()) elif ret_type == "DEX": d1 = dvm.DalvikVMFormat(open(options.input[0], "rb").read()) dx1 = analysis.VMAnalysis(d1) ret_type = androconf.is_android(options.input[1]) if ret_type == "APK": a = apk.APK(options.input[1]) d2 = dvm.DalvikVMFormat(a.get_dex()) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat(open(options.input[1], "rb").read()) dx2 = analysis.VMAnalysis(d2) print d1, dx1, d2, dx2 sys.stdout.flush() threshold = None if options.threshold != None: threshold = float(options.threshold) FS = FILTERS_DALVIK_SIM FS[elsim.FILTER_SKIPPED_METH].set_regexp(options.exclude) FS[elsim.FILTER_SKIPPED_METH].set_size(options.size) el = elsim.Elsim(ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor) el.show() e1 = elsim.split_elements(el, el.get_similar_elements()) for i in e1: j = e1[i] elb = elsim.Elsim(ProxyDalvikMethod(i), ProxyDalvikMethod(j), FILTERS_DALVIK_BB, threshold, options.compressor) #elb.show() eld = elsim.Eldiff(ProxyDalvikBasicBlock(elb), FILTERS_DALVIK_DIFF_BB) #eld.show() ddm = DiffDalvikMethod(i, j, elb, eld) ddm.show() print "NEW METHODS" enew = el.get_new_elements() for i in enew: el.show_element(i, False) print "DELETED METHODS" edel = el.get_deleted_elements() for i in edel: el.show_element(i) elif options.version != None: print "Androdiff version %s" % androconf.ANDROGUARD_VERSION
def __init__(self, classes_dex): self.dvm = dvm.DalvikVMFormat(classes_dex) self.vma = uVMAnalysis(self.dvm) self.tree = {} self.files = {}
def main(options, args) : print options.input if options.input == None or options.output == None : print "static_analysis.py -i <inputfile> -o <outputfolder>" sys.exit(2) elif db.static_features.find({"_id": hashfile(options.input)}, limit=1).count() == 1 : print "static analysis found.. skipping.." sys.exit(0) elif db.virustotal_features.find({"sha1": hashfile(options.input)}).count() == 0 : print "virus total metadata not found.. skipping.." sys.exit(0) elif db.virustotal_features.find({ "$or": [ { "positives": 0 }, { "positives": { "$gte": 35 } } ], "sha1": hashfile(options.input) }).count() == 0 : print "not clear enough benign or malicious.. skipping.." sys.exit(0) t_beginning = time.time() ret_type = androconf.is_android( options.input ) if ret_type == "APK" : try : a = apk.APK(options.input, zipmodule=2) if a.is_valid_APK() : vm = dvm.DalvikVMFormat(a.get_dex()) vmx = analysis.uVMAnalysis(vm) data = { '_id' : hashfile(options.input), 'validApk' : True, 'mainActivity' : a.get_main_activity(), 'activities' : a.get_activities(), 'providers' : a.get_providers(), 'receivers' : a.get_receivers(), 'services' : a.get_services(), 'androidVersion' : a.get_androidversion_code(), 'maxSdkVersion' : a.get_max_sdk_version(), 'minSdkVersion' : a.get_min_sdk_version(), 'targetSdkVersion' : a.get_target_sdk_version(), 'package' : a.get_package(), 'libraries' : a.get_libraries(), 'isCryptoCode' : analysis.is_crypto_code(vmx), 'isDynamicCode' : analysis.is_dyn_code(vmx), 'isNativeCode' : analysis.is_native_code(vmx), 'nativeMethodCount' : native_method_count(vm), 'isReflectionCode' : analysis.is_reflection_code(vmx), 'reflectionCount' : len(vmx.get_tainted_packages().search_methods("Ljava/lang/reflect/Method;", ".", ".")), 'isAsciiObfuscation' : analysis.is_ascii_obfuscation(vm), 'permissions' : a.get_permissions(), 'actualPermissions' : actual_permissions(vm, vmx), 'internalMethodCalls' : get_methods(vm.get_class_manager(), vmx.get_tainted_packages().get_internal_packages(), {}), 'externalMethodCalls' : get_methods(vm.get_class_manager(), vmx.get_tainted_packages().get_external_packages(), {}) } data['duration'] = time.time() - t_beginning db.static_features.insert(data) else : print "INVALID APK" data = { '_id' : hashfile(options.input), 'validApk' : False } db.static_features.insert(data) except Exception, e : print "ERROR", e import traceback traceback.print_exc()