def get_params_info(nb, proto): i_buffer = "# Parameters:\n" ret = proto.split(')') params = ret[0][1:].split() if params: i_buffer += "# - local registers: v%d...v%d\n" % (0, nb - len(params) - 1) j = 0 for i in xrange(nb - len(params), nb): i_buffer += "# - v%d:%s\n" % (i, dvm.get_type(params[j])) j += 1 else: i_buffer += "# local registers: v%d...v%d\n" % (0, nb - 1) i_buffer += "#\n# - return:%s\n\n" % dvm.get_type(ret[1]) return i_buffer
def get_show_Permissions(vmx): """ Checks for functions that need permissions :param vmx: Analysis object of vm :return: dict of permissions {permission, XrefsFrom} :rtype: dictionary """ permissions = {} permission_dict = load_api_specific_resource_module( "api_permission_mappings", 16) mca_dict = dict() for ca in vmx.get_classes(): for mca in ca.get_methods(): mca_dict["{}-{}-{}".format( ca.orig_class.name, mca.get_method().get_name(), mca.get_method().get_descriptor())] = mca methods = set(permission_dict.keys()) & set(mca_dict.keys()) for method in methods: xrefs_from = list() for ref_class, ref_method, offset in mca_dict[method].get_xref_from(): xrefs_from.append("%s %s->%s%s (0x%x) ---> %s->%s%s" % ( ref_method.get_access_flags_string( ), # Fixme: What was path access flag? dvm.get_type(ref_method.get_class_name()), dvm.get_type(ref_method.get_name()), ref_method.get_descriptor(), offset, dvm.get_type(mca.get_method().get_class_name()), dvm.get_type(mca.get_method().get_name()), dvm.get_type(mca.get_method().get_descriptor()))) for permission in permission_dict[method]: perm_key = permission.replace("android.permission.", "").replace(".", "_") if perm_key not in permissions: permissions[perm_key] = list() permissions[perm_key].extend(xrefs_from) return permissions
def get_methods(vmx): """ This method gives us information about a methods in an apk. :param vmx: androguard.core.analysis.analysis.Analysis :return: list of dics of methods [{"class":value,"name":value,"params":value,"return":value}] :rtype: list of dics """ methods = [] for vm in vmx.vms: # todo:Test for multiple dex files in one apk? method = {} for m in vm.get_methods(): method["class"] = dvm.get_type( m.get_class_name()) # get rid of L in start of class method["name"] = dvm.get_type(m.get_name()) info = m.get_information() if "params" in info: method["params"] = [] for param in info["params"]: method["params"].append(param[1]) if "return" in info: method["return"] = info["return"] methods.append(method) return methods
def search_methods(vmx, method_regex): """ Looks for all occurrences in which method specified by method_regex is called. It uses Xrefs. :param vmx: Analysis object :param method_regex: String for specifying method :return: List of paths (caller --> callee) """ list_paths = [] for mca in vmx.find_methods(method_regex): for ref_class, ref_method, offset in mca.get_xref_from(): list_paths.append("%s %s->%s%s (0x%x) ---> %s->%s%s" % ( ref_method.get_access_flags_string( ), # Fixme: What was path access flag? dvm.get_type(ref_method.get_class_name()), dvm.get_type(ref_method.get_name()), dvm.get_type(ref_method.get_descriptor()), offset, dvm.get_type(mca.get_method().get_class_name()), dvm.get_type(mca.get_method().get_name()), dvm.get_type(mca.get_method().get_descriptor()))) return list_paths
def run(self): if androconf.is_android_raw(self.raw) == "DEY": dex_object = dvm.DalvikOdexVMFormat(self.raw) else: dex_object = dvm.DalvikVMFormat(self.raw) ana_object = analysis.uVMAnalysis(dex_object) gvm_object = ganalysis.GVMAnalysis(ana_object, None) dex_object.set_vmanalysis(ana_object) dex_object.set_gvmanalysis(gvm_object) for i in androconf.CONF: if is_setting(i): androconf.CONF[i] = get_setting(i) decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad") if decompiler_option == "dex2jad": dex_object.set_decompiler(decompiler.DecompilerDex2Jad( dex_object, androconf.CONF["PATH_DEX2JAR"], androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"], androconf.CONF["BIN_JAD"], androconf.CONF["TMP_DIRECTORY"])) elif decompiler_option == "ded": dex_object.set_decompiler(decompiler.DecompilerDed( dex_object, androconf.CONF["PATH_DED"], androconf.CONF["BIN_DED"], androconf.CONF["TMP_DIRECTORY"])) else: dex_object.set_decompiler(decompiler.DecompilerDAD(dex_object, ana_object)) dex_object.create_xref() dex_object.create_dref() self.view.set_name("%s.ag" % (self.filename)) self.view.set_scratch(True) edit = self.view.begin_edit() self.view.sel().clear() self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage") by_package = {} for current_class in dex_object.get_classes(): name = current_class.get_name() try: by_package[os.path.dirname(name)].append(current_class) except KeyError: by_package[os.path.dirname(name)] = [] by_package[os.path.dirname(name)].append(current_class) b_buffer = "" line = 0 AG_METHODS_LINE[self.view.id()] = {} AG_CLASSES_LINE[self.view.id()] = {} AG_FIELDS_LINE[self.view.id()] = {} for key in sorted(by_package.iterkeys()): b_buffer += "%s\n" % key line += 1 for c_class in sorted(by_package[key], key=lambda k: k.get_name()): b_buffer += "\t%s extends %s\n" % (c_class.get_name()[1:-1], c_class.get_superclassname()[1:-1]) AG_CLASSES_LINE[self.view.id()][line] = c_class line += 1 for j in c_class.get_methods(): b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (j.get_name(), j.get_descriptor(), j.get_access_flags_string(), j.get_length()) AG_METHODS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 for j in c_class.get_fields(): b_buffer += "\t\tfield: %s %s [%s %s]" % (j.get_name(), j.get_descriptor(), j.get_access_flags_string(), dvm.get_type(j.get_descriptor())) init_value = j.get_init_value() if init_value != None: b_buffer += " (%s)" % repr(str(init_value.get_value())) b_buffer += "\n" AG_FIELDS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 l = dex_object.print_classes_hierarchy() h_buffer = "" for i in l: h_buffer += i + "\n" b_buffer += h_buffer self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer) self.view.end_edit(edit) self.view.set_read_only(True) AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object) FILENAMES[self.view.id()] = hashlib.sha1(dex_object.get_buff()).hexdigest()
def run(self): if androconf.is_android_raw(self.raw) == "DEY": dex_object = dvm.DalvikOdexVMFormat(self.raw) else: dex_object = dvm.DalvikVMFormat(self.raw) ana_object = analysis.uVMAnalysis(dex_object) gvm_object = ganalysis.GVMAnalysis(ana_object, None) dex_object.set_vmanalysis(ana_object) dex_object.set_gvmanalysis(gvm_object) for i in androconf.CONF: if is_setting(i): androconf.CONF[i] = get_setting(i) decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad") if decompiler_option == "dex2jad": dex_object.set_decompiler( decompiler.DecompilerDex2Jad(dex_object, androconf.CONF["PATH_DEX2JAR"], androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"], androconf.CONF["BIN_JAD"], androconf.CONF["TMP_DIRECTORY"])) elif decompiler_option == "ded": dex_object.set_decompiler( decompiler.DecompilerDed(dex_object, androconf.CONF["PATH_DED"], androconf.CONF["BIN_DED"], androconf.CONF["TMP_DIRECTORY"])) else: dex_object.set_decompiler( decompiler.DecompilerDAD(dex_object, ana_object)) dex_object.create_xref() dex_object.create_dref() self.view.set_name("%s.ag" % (self.filename)) self.view.set_scratch(True) edit = self.view.begin_edit() self.view.sel().clear() self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage") by_package = {} for current_class in dex_object.get_classes(): name = current_class.get_name() try: by_package[os.path.dirname(name)].append(current_class) except KeyError: by_package[os.path.dirname(name)] = [] by_package[os.path.dirname(name)].append(current_class) b_buffer = "" line = 0 AG_METHODS_LINE[self.view.id()] = {} AG_CLASSES_LINE[self.view.id()] = {} AG_FIELDS_LINE[self.view.id()] = {} for key in sorted(by_package.iterkeys()): b_buffer += "%s\n" % key line += 1 for c_class in sorted(by_package[key], key=lambda k: k.get_name()): b_buffer += "\t%s extends %s\n" % (c_class.get_name( )[1:-1], c_class.get_superclassname()[1:-1]) AG_CLASSES_LINE[self.view.id()][line] = c_class line += 1 for j in c_class.get_methods(): b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % ( j.get_name(), j.get_descriptor(), j.get_access_flags_string(), j.get_length()) AG_METHODS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 for j in c_class.get_fields(): b_buffer += "\t\tfield: %s %s [%s %s]" % ( j.get_name(), j.get_descriptor(), j.get_access_flags_string(), dvm.get_type(j.get_descriptor())) init_value = j.get_init_value() if init_value != None: b_buffer += " (%s)" % repr(str(init_value.get_value())) b_buffer += "\n" AG_FIELDS_LINE[self.view.id()][line] = j line += 1 b_buffer += "\n" line += 1 l = dex_object.get_classes_hierarchy() h_buffer = "" for i in l: h_buffer += i + "\n" b_buffer += h_buffer self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer) self.view.end_edit(edit) self.view.set_read_only(True) AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object) FILENAMES[self.view.id()] = hashlib.sha1( dex_object.get_buff()).hexdigest()