def each(self, target):
self.results = dict(name=None,
files=[],
package=None,
permissions=[],
declared_permissions=[],
main_activity=None,
activities=[],
receivers=[],
services=[],
manifest=None,
libraries=[],
main_activity_content=None,
internal_classes=[])
try:
apk, vm, vm_analysis = AnalyzeAPK(target)
# First, get basic information about the APK
self.results['name'] = apk.get_app_name()
self.results['files'] = apk.get_files_types()
self.results['package'] = apk.get_package()
self.results['permissions'] = apk.get_details_permissions()
self.results[
'declared_permissions'] = apk.get_declared_permissions_details(
)
self.results['main_activity'] = apk.get_main_activity()
self.results['activities'] = apk.get_activities()
self.results['receivers'] = apk.get_receivers()
self.results['services'] = apk.get_services()
self.results['manifest'] = apk.get_android_manifest_axml().get_xml(
)
self.results['libraries'] = list(apk.get_libraries())
self.results['main_activity_content'] = None
self.results['internal_classes'] = []
try:
self.results['main_activity_content'] = self.results[
'main_activity_content'] = vm[0].get_class(
"L{};".format(self.results['main_activity']).replace(
'.', '/')).get_source()
except:
self.log('error', traceback.print_exc())
try:
self.results['internal_classes'] = self._get_internal_classes(
vm_analysis)
self._store_internal_classes()
except:
self.log('error', traceback.print_exc())
# Then, run all the APK Plugins in order to see if this is a known malware
for plugin in APKPlugin.__subclasses__():
plugin = plugin(target, apk, vm, vm_analysis)
plugin.apply(self)
except:
self.log('error', traceback.print_exc())
return True
def api_check(folder, APKname):
if os.path.exists("result/" + folder + APKname + 'data/'):
print(APKname + " Already scanned")
return
print("Starting apk:" + APKname)
apk_start_time = time.time()
RESULTdict = dict.fromkeys(RESULT_PARAMS, 0)
##отдельные словари для фич
OtherDict = dict.fromkeys(('obfuscation', 'database'), 0)
APIdict = dict.fromkeys((API_CALLS + API_ClASS), 0)
permission_dict = dict.fromkeys(PERMISSIONS, 0)
strings_dict = dict.fromkeys(API_SYSTEM_COMMANDS, 0)
groupAPI_dict = dict.fromkeys(APIGROUPS, 0)
##№№№
#a-APK d[0]-DalvikVMFormat dx-Analysis
try:
a, d, dx = AnalyzeAPK(folder + APKname)
except:
print(" ERROR: Androguard parse error, skipping file")
return
###
temp = a.get_details_permissions()
temp2 = a.get_declared_permissions_details()
temp3 = a.get_uses_implied_permission_list()
# ########TODO почитать про использование пермишинсов без запросов
####
RESULTdict["APP_Name"] = APKname
RESULTdict['folder'] = folder
#methods = []
#подозрительные строки
RESULTdict["warn_strings"] = []
strings = dx.get_strings_analysis()
#w=d[0].get_strings()
list_system_commands = read_system_commands(strings, API_SYSTEM_COMMANDS)
for i in list_system_commands:
#print(i)
RESULTdict["warn_strings"].append(i)
for i in list_system_commands:
strings_dict[i] += 1
### общая информация
RESULTdict['permissions'] = a.get_permissions()
RESULTdict['activities'] = a.get_activities()
RESULTdict['providers'] = a.get_providers()
RESULTdict['services'] = a.get_services()
RESULTdict['libraries'] = a.get_libraries()
RESULTdict['is_obfuscation'] = 1 if is_ascii_obfuscation(d[0]) else 0
RESULTdict['is_database'] = 1 if d[0].get_regex_strings(DB_REGEX) else 0
#TODO intents_analysis from new.py
OtherDict['obfuscation'] = RESULTdict['is_obfuscation']
OtherDict['database'] = RESULTdict['is_database']
#permissions
RESULTdict['warn_permissions'] = []
#RESULTdict['feature_vectors']['permissions'] = []
for permission in PERMISSIONS:
if permission in RESULTdict['permissions']:
RESULTdict['warn_permissions'].append(permission)
permission_dict[permission] = 1
###########################################################################
#TODO подсчет групп АПИ и системных команд для вектора фич
###########################################################################
#API
RESULTdict['API_groups'] = []
external_classes = dx.get_external_classes()
for i in external_classes:
class_name = i.get_vm_class()
methods_list = class_name.get_methods()
for method in methods_list:
a = '%s' % method.get_class_name().replace(';', '')
b = '%s' % method.get_name()
c = '%s' % method.get_descriptor()
#TODO permission_api_name https://androguard.readthedocs.io/en/latest/api/androguard.core.analysis.html?highlight=permission#androguard.core.analysis.analysis.ExternalMethod.permission_api_name
if b in API_CALLS:
APIdict[b] += 1
###TODO !!!нужна нормализация данных
if a in API_ClASS:
APIdict[a] += 1
temp = GroupAPI_Checker.checkAPIGroup(a.replace('/', '.')[1:], b)
if (temp != None):
groupAPI_dict[temp] += 1
RESULTdict['API_groups'].append(temp)
##запись общих параметров
with open("result/" + 'API_CALLS.csv', 'a', encoding='utf8') as csvfile:
fieldnames = (('APP_Name', 'folder') + API_CALLS + API_ClASS)
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
tempDict = APIdict.copy()
tempDict['APP_Name'] = APKname
tempDict['folder'] = folder
writer.writerow(tempDict)
with open("result/" + 'OtherDict.csv', 'a', encoding='utf8') as csvfile:
fieldnames = 'APP_Name', 'folder', 'obfuscation', 'database'
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
tempDict = OtherDict.copy()
tempDict['APP_Name'] = APKname
tempDict['folder'] = folder
writer.writerow(tempDict)
with open("result/" + 'permission_dict.csv', 'a',
encoding='utf8') as csvfile:
fieldnames = ('APP_Name', 'folder') + PERMISSIONS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
tempDict = permission_dict.copy()
tempDict['APP_Name'] = APKname
tempDict['folder'] = folder
writer.writerow(tempDict)
with open("result/" + 'strings_dict.csv', 'a', encoding='utf8') as csvfile:
fieldnames = ('APP_Name', 'folder') + API_SYSTEM_COMMANDS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
tempDict = strings_dict.copy()
tempDict['APP_Name'] = APKname
tempDict['folder'] = folder
writer.writerow(tempDict)
with open("result/" + 'groupAPI_dict.csv', 'a',
encoding='utf8') as csvfile:
fieldnames = ('APP_Name', 'folder') + APIGROUPS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
tempDict = groupAPI_dict.copy()
tempDict['APP_Name'] = APKname
tempDict['folder'] = folder
writer.writerow(tempDict)
with open("result/" + 'RESULTdict.csv', 'a', encoding='utf8') as csvfile:
fieldnames = RESULT_PARAMS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
#writer.writeheader()
writer.writerow(RESULTdict)
##запись параметров данного приложения
try:
if os.path.exists("result/" + folder):
os.mkdir('result/' + folder + APKname + 'data')
else:
os.mkdir('result/' + folder)
os.mkdir('result/' + folder + APKname + 'data')
except OSError:
print("Создать директорию %s не удалось" %
('result/' + folder + APKname + 'data'))
else:
with open("result/" + folder + APKname + 'data/RESULT.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = RESULT_PARAMS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(RESULTdict)
with open("result/" + folder + APKname + 'data/OtherDict.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = 'obfuscation', 'database'
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(OtherDict)
with open("result/" + folder + APKname + 'data/APIdict.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = API_CALLS + API_ClASS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(APIdict)
with open("result/" + folder + APKname + 'data/permission_dict.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = PERMISSIONS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(permission_dict)
with open("result/" + folder + APKname + 'data/strings_dict.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = API_SYSTEM_COMMANDS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(strings_dict)
with open("result/" + folder + APKname + 'data/groupAPI_dict.csv',
'w',
encoding='utf8') as csvfile:
fieldnames = APIGROUPS
writer = csv.DictWriter(csvfile,
fieldnames=fieldnames,
delimiter=";",
lineterminator="\n")
writer.writeheader()
writer.writerow(groupAPI_dict)
print("APK done:{} ".format(time.time() - apk_start_time))
apk.get_providers(),
'new_permissions':
extract_new_permissions(apk.get_permissions()),
'filters':
get_intent_filers(apk),
'certificate': {},
'wearable':
apk.is_wearable(),
'max_sdk_version': (apk.get_max_sdk_version()),
'min_sdk_version':
int(apk.get_min_sdk_version()),
'version_code':
apk.xml['AndroidManifest.xml'].get(
'{http://schemas.android.com/apk/res/android}versionCode'),
'libraries':
list(apk.get_libraries()),
'androidtv':
apk.is_androidtv(),
'target_sdk_version':
apk.get_target_sdk_version(),
'api_keys': {}, # TODO
'activities':
apk.get_activities(),
'main_activity':
apk.get_main_activity(),
'receivers':
apk.get_receivers(),
'signature_name':
apk.get_signature_name(),
'dexes': {},
'displayed_version':
