def get_params_info(nb, proto):
i_buffer = "# Parameters:\n"
ret = proto.split(')')
params = ret[0][1:].split()
if params:
i_buffer += "# - local registers: v%d...v%d\n" % (0, nb - len(params) - 1)
j = 0
for i in xrange(nb - len(params), nb):
i_buffer += "# - v%d:%s\n" % (i, dvm.get_type(params[j]))
j += 1
else:
i_buffer += "# local registers: v%d...v%d\n" % (0, nb - 1)
i_buffer += "#\n# - return:%s\n\n" % dvm.get_type(ret[1])
return i_buffer
def get_show_Permissions(vmx):
"""
Checks for functions that need permissions
:param vmx: Analysis object of vm
:return: dict of permissions {permission, XrefsFrom}
:rtype: dictionary
"""
permissions = {}
permission_dict = load_api_specific_resource_module(
"api_permission_mappings", 16)
mca_dict = dict()
for ca in vmx.get_classes():
for mca in ca.get_methods():
mca_dict["{}-{}-{}".format(
ca.orig_class.name,
mca.get_method().get_name(),
mca.get_method().get_descriptor())] = mca
methods = set(permission_dict.keys()) & set(mca_dict.keys())
for method in methods:
xrefs_from = list()
for ref_class, ref_method, offset in mca_dict[method].get_xref_from():
xrefs_from.append("%s %s->%s%s (0x%x) ---> %s->%s%s" % (
ref_method.get_access_flags_string(
), # Fixme: What was path access flag?
dvm.get_type(ref_method.get_class_name()),
dvm.get_type(ref_method.get_name()),
ref_method.get_descriptor(),
offset,
dvm.get_type(mca.get_method().get_class_name()),
dvm.get_type(mca.get_method().get_name()),
dvm.get_type(mca.get_method().get_descriptor())))
for permission in permission_dict[method]:
perm_key = permission.replace("android.permission.",
"").replace(".", "_")
if perm_key not in permissions:
permissions[perm_key] = list()
permissions[perm_key].extend(xrefs_from)
return permissions
def get_methods(vmx):
"""
This method gives us information about a methods in an apk.
:param vmx: androguard.core.analysis.analysis.Analysis
:return: list of dics of methods [{"class":value,"name":value,"params":value,"return":value}]
:rtype: list of dics
"""
methods = []
for vm in vmx.vms: # todo:Test for multiple dex files in one apk?
method = {}
for m in vm.get_methods():
method["class"] = dvm.get_type(
m.get_class_name()) # get rid of L in start of class
method["name"] = dvm.get_type(m.get_name())
info = m.get_information()
if "params" in info:
method["params"] = []
for param in info["params"]:
method["params"].append(param[1])
if "return" in info:
method["return"] = info["return"]
methods.append(method)
return methods
def search_methods(vmx, method_regex):
"""
Looks for all occurrences in which method specified by method_regex is called. It uses Xrefs.
:param vmx: Analysis object
:param method_regex: String for specifying method
:return: List of paths (caller --> callee)
"""
list_paths = []
for mca in vmx.find_methods(method_regex):
for ref_class, ref_method, offset in mca.get_xref_from():
list_paths.append("%s %s->%s%s (0x%x) ---> %s->%s%s" % (
ref_method.get_access_flags_string(
), # Fixme: What was path access flag?
dvm.get_type(ref_method.get_class_name()),
dvm.get_type(ref_method.get_name()),
dvm.get_type(ref_method.get_descriptor()),
offset,
dvm.get_type(mca.get_method().get_class_name()),
dvm.get_type(mca.get_method().get_name()),
dvm.get_type(mca.get_method().get_descriptor())))
return list_paths
def run(self):
if androconf.is_android_raw(self.raw) == "DEY":
dex_object = dvm.DalvikOdexVMFormat(self.raw)
else:
dex_object = dvm.DalvikVMFormat(self.raw)
ana_object = analysis.uVMAnalysis(dex_object)
gvm_object = ganalysis.GVMAnalysis(ana_object, None)
dex_object.set_vmanalysis(ana_object)
dex_object.set_gvmanalysis(gvm_object)
for i in androconf.CONF:
if is_setting(i):
androconf.CONF[i] = get_setting(i)
decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad")
if decompiler_option == "dex2jad":
dex_object.set_decompiler(decompiler.DecompilerDex2Jad(
dex_object,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_option == "ded":
dex_object.set_decompiler(decompiler.DecompilerDed(
dex_object,
androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
else:
dex_object.set_decompiler(decompiler.DecompilerDAD(dex_object, ana_object))
dex_object.create_xref()
dex_object.create_dref()
self.view.set_name("%s.ag" % (self.filename))
self.view.set_scratch(True)
edit = self.view.begin_edit()
self.view.sel().clear()
self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage")
by_package = {}
for current_class in dex_object.get_classes():
name = current_class.get_name()
try:
by_package[os.path.dirname(name)].append(current_class)
except KeyError:
by_package[os.path.dirname(name)] = []
by_package[os.path.dirname(name)].append(current_class)
b_buffer = ""
line = 0
AG_METHODS_LINE[self.view.id()] = {}
AG_CLASSES_LINE[self.view.id()] = {}
AG_FIELDS_LINE[self.view.id()] = {}
for key in sorted(by_package.iterkeys()):
b_buffer += "%s\n" % key
line += 1
for c_class in sorted(by_package[key], key=lambda k: k.get_name()):
b_buffer += "\t%s extends %s\n" % (c_class.get_name()[1:-1], c_class.get_superclassname()[1:-1])
AG_CLASSES_LINE[self.view.id()][line] = c_class
line += 1
for j in c_class.get_methods():
b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (j.get_name(), j.get_descriptor(), j.get_access_flags_string(), j.get_length())
AG_METHODS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
for j in c_class.get_fields():
b_buffer += "\t\tfield: %s %s [%s %s]" % (j.get_name(), j.get_descriptor(), j.get_access_flags_string(), dvm.get_type(j.get_descriptor()))
init_value = j.get_init_value()
if init_value != None:
b_buffer += " (%s)" % repr(str(init_value.get_value()))
b_buffer += "\n"
AG_FIELDS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
l = dex_object.print_classes_hierarchy()
h_buffer = ""
for i in l:
h_buffer += i + "\n"
b_buffer += h_buffer
self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer)
self.view.end_edit(edit)
self.view.set_read_only(True)
AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object)
FILENAMES[self.view.id()] = hashlib.sha1(dex_object.get_buff()).hexdigest()
def run(self):
if androconf.is_android_raw(self.raw) == "DEY":
dex_object = dvm.DalvikOdexVMFormat(self.raw)
else:
dex_object = dvm.DalvikVMFormat(self.raw)
ana_object = analysis.uVMAnalysis(dex_object)
gvm_object = ganalysis.GVMAnalysis(ana_object, None)
dex_object.set_vmanalysis(ana_object)
dex_object.set_gvmanalysis(gvm_object)
for i in androconf.CONF:
if is_setting(i):
androconf.CONF[i] = get_setting(i)
decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad")
if decompiler_option == "dex2jad":
dex_object.set_decompiler(
decompiler.DecompilerDex2Jad(dex_object,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_option == "ded":
dex_object.set_decompiler(
decompiler.DecompilerDed(dex_object,
androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
else:
dex_object.set_decompiler(
decompiler.DecompilerDAD(dex_object, ana_object))
dex_object.create_xref()
dex_object.create_dref()
self.view.set_name("%s.ag" % (self.filename))
self.view.set_scratch(True)
edit = self.view.begin_edit()
self.view.sel().clear()
self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage")
by_package = {}
for current_class in dex_object.get_classes():
name = current_class.get_name()
try:
by_package[os.path.dirname(name)].append(current_class)
except KeyError:
by_package[os.path.dirname(name)] = []
by_package[os.path.dirname(name)].append(current_class)
b_buffer = ""
line = 0
AG_METHODS_LINE[self.view.id()] = {}
AG_CLASSES_LINE[self.view.id()] = {}
AG_FIELDS_LINE[self.view.id()] = {}
for key in sorted(by_package.iterkeys()):
b_buffer += "%s\n" % key
line += 1
for c_class in sorted(by_package[key], key=lambda k: k.get_name()):
b_buffer += "\t%s extends %s\n" % (c_class.get_name(
)[1:-1], c_class.get_superclassname()[1:-1])
AG_CLASSES_LINE[self.view.id()][line] = c_class
line += 1
for j in c_class.get_methods():
b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(), j.get_length())
AG_METHODS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
for j in c_class.get_fields():
b_buffer += "\t\tfield: %s %s [%s %s]" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(),
dvm.get_type(j.get_descriptor()))
init_value = j.get_init_value()
if init_value != None:
b_buffer += " (%s)" % repr(str(init_value.get_value()))
b_buffer += "\n"
AG_FIELDS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
l = dex_object.get_classes_hierarchy()
h_buffer = ""
for i in l:
h_buffer += i + "\n"
b_buffer += h_buffer
self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer)
self.view.end_edit(edit)
self.view.set_read_only(True)
AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object)
FILENAMES[self.view.id()] = hashlib.sha1(
dex_object.get_buff()).hexdigest()
