'displayed_version': apk.xml['AndroidManifest.xml'].get( '{http://schemas.android.com/apk/res/android}versionName'), 'services': apk.get_services(), 'permissions': apk.get_permissions(), 'cordova': None, #What is this ? 'functionalities': {}, 'urls': get_urls(apk), } # Certificate if len(apk.get_certificates()) > 0: cert = apk.get_certificates()[0] res['certificate']['sha1'] = cert.sha1_fingerprint.replace(' ', '') res['certificate']['serial'] = '{:X}'.format(cert.serial_number) res['certificate']['issuerDN'] = convert_x509_name(cert.issuer) res['certificate']['subjectDN'] = convert_x509_name(cert.subject) res['certificate']['not_before'] = cert['tbs_certificate']['validity'][ 'not_before'].native.strftime('%b %-d %X %Y %Z') res['certificate']['not_after'] = cert['tbs_certificate']['validity'][ 'not_after'].native.strftime('%b %-d %X %Y %Z') # Dexes dex_names = list(apk.get_dex_names()) dex_values = list(apk.get_all_dex()) for dex in range(len(dex_names)): m = hashlib.sha256()
def main(file_name): #apk_file="com.coloros.gallery3d.apk" if (len(file_name) < 2): apk_file = "BackupAndRestore.apk" else: apk_file = file_name #apk_file="BackupAndRestore.apk" a, d, dalvik_ctx = AnalyzeAPK(apk_file) #print("[+] %s init Done" %(apk_file)) signed_flag = True for cert in a.get_certificates(): # cert.sha1 # the sha1 fingerprint # cert.sha256 # the sha256 fingerprint # cert.issuer.human_friendly # issuer # cert.subject.human_friendly # subject, usually the same # cert.hash_algo # hash algorithm # cert.signature_algo # Signature algorithm # cert.serial_number # Serial number # cert.contents # The DER coded bytes of the certificate itself finger_print = "9C A5 17 0F 38 19 19 DF E0 44 6F CD AB 18 B1 9A 14 3B 31 63" if (str(finger_print) == str(cert.sha1_fingerprint)): signed_flag = True print("----------------------------------------------------") print("[+] %s init Done" % (apk_file)) print("[+] is priv-app [True] ") break else: signed_flag = False #print("[-] is priv-app [False]") break if (signed_flag == False): sys.exit(1) if (not a.is_signed_v2() or not a.is_signed_v3()): print("[!] APK [%s] is not signed from v2, v3" % (apk_file)) service_lists = a.get_services() manifestData = str(a.get_android_manifest_axml().get_xml()) soup = BeautifulSoup(manifestData, 'html.parser') for service_name in service_lists: tmpData = "" intent_filter = [] permission = "" exported = False has_ifilter = False service_name = service_name.split(".")[-1] services = soup.find_all("service") for service in services: if (service.has_attr('android:name')): if (service_name in service['android:name']): pass else: continue if (service.has_attr('android:permission')): permission = service['android:permission'] else: permission = "" if (service.has_attr('android:exported')): if (service['android:exported'] == "true"): exported = True else: exported = False # intent filter if (len(service.find_all('intent-filter')) > 0): has_ifilter = True intents = service.find_all('intent-filter') for intent in intents: actions = intent.find_all('action') #print(actions) for action in actions: #print(action) intent_filter.append(action['android:name']) if (exported == True or has_ifilter == True): print("[!] (exported=[%s]) ->" % (exported), end=' ') print(service_name, end='') print(" (perm:[%s])" % permission, end="->") import subprocess if (permission != ""): command_string = 'adb shell "pm list permissions -f |grep %s -A 10 |grep protection | head -n 1"' % ( permission) output = subprocess.check_output(command_string, shell=True) output = output.decode("utf-8").strip() if (len(str(output)) < 2): print("[can not find permission]") else: print("[%s]" % (output)) else: print("[no permission]") for intent in intent_filter: print("\t[->]intent-filter action: [%s] " % intent) receivers = a.get_receivers() for receive_name in receivers: print("[+] Receiver : " + receive_name)
import binascii import sys from bs4 import BeautifulSoup from androguard.misc import AnalyzeAPK #apk_file="com.coloros.gallery3d.apk" if (len(sys.argv) < 2): apk_file = "BackupAndRestore.apk" else: apk_file = sys.argv[1] #apk_file="BackupAndRestore.apk" a, d, dalvik_ctx = AnalyzeAPK(apk_file) #print("[+] %s init Done" %(apk_file)) signed_flag = True for cert in a.get_certificates(): # cert.sha1 # the sha1 fingerprint # cert.sha256 # the sha256 fingerprint # cert.issuer.human_friendly # issuer # cert.subject.human_friendly # subject, usually the same # cert.hash_algo # hash algorithm # cert.signature_algo # Signature algorithm # cert.serial_number # Serial number # cert.contents # The DER coded bytes of the certificate itself #oppo_finger ="57 AA BE 69 96 0A 90 8A 74 68 28 45 67 94 FB FB 66 64 0B A2" oppo_finger = "28 3D 60 DD CD 20 C5 6E A1 71 9C E9 05 27 F1 23 5A E8 0E FA" #print(oppo_finger) print(str(cert.sha1_fingerprint)) if (str(oppo_finger) == str(cert.sha1_fingerprint)): signed_flag = True print("----------------------------------------------------")