コード例 #1
0
    def analyze_dex(self, data):
        '''
        start analyzing dex logic (r2p timeout = 10) for individual dex
        add description to strings, get words and wordsstripped from the dex 
        '''
        r2p = r2open(data["Location"]["File"], flags=['-2'])
        r2p.cmd("e anal.timeout = 5")
        r2p.cmd("aaaa;")
        k = 'APK_DEX_1'
        data[k] = {
            "Classes": [],
            "Externals": [],
            "Symbols": [],
            "Bigfunctions": [],
            "Suspicious": [],
            "_Classes": ["Type", "Name"],
            "_Externals": ["Type", "Name"],
            "_Symbols": ["Type", "Address", "X", "Name"],
            "_Bigfunctions": ["Size", "Name"],
            "_Suspicious": ["Location", "Function", "Xrefs"]
        }
        data[k]["Classes"] = self.get_all_classes(r2p)
        data[k]["Externals"] = self.get_all_externals(r2p)
        data[k]["Symbols"] = self.get_all_symbols(r2p)
        data[k]["Bigfunctions"] = self.big_functions(r2p)
        data[k]["Suspicious"] = self.check_sus(r2p)
        get_words(data, data["Location"]["File"])

        #future plan; force closing - try,except
        r2p.quit()
コード例 #2
0
 def analyze_apk(self, data):
     '''
     start analyzing apk logic (r2p timeout = 10) for all dex files
     add description to strings, get words and wordsstripped from the packed files
     '''
     data["APK"] = {
         "General": {},
         "Permissions": [],
         "_General": {},
         "_Permissions": ["Permission", "Description"]
     }
     for index, item in enumerate(data["Packed"]["Files"]):
         if item["Name"].lower() == "androidmanifest.xml":
             #self.readpepackage(v["Path"])
             data["APK"]["Permissions"] = self.read_permissions(
                 data, item["Path"])
         if "classes" in item["Name"].lower() and item["Name"].lower(
         ).endswith(".dex"):
             r2p = r2open(item["Path"], flags=['-2'])
             r2p.cmd("e anal.timeout = 5")
             r2p.cmd("aaaa;")
             self.dex_wrapper(data, r2p, 'APK_DEX_{}'.format(index))
     add_description("AndroidPermissions", data["APK"]["Permissions"],
                     "Permission")
     get_words_multi_files(data, data["Packed"]["Files"])
     r2p.quit()
コード例 #3
0
 def analyze_dex(self, data):
     '''
     start analyzing dex logic (r2p timeout = 10) for individual dex
     add description to strings, get words and wordsstripped from the dex
     '''
     r2p = r2open(data["Location"]["File"], flags=['-2'])
     r2p.cmd("e anal.timeout = 5")
     r2p.cmd("aaaa;")
     self.dex_wrapper(data, r2p, 'APK_DEX_1')
     get_words(data, data["Location"]["File"])
     r2p.quit()
コード例 #4
0
    def analyze_apk(self, data):
        '''
        start analyzing apk logic (r2p timeout = 10) for all dex files
        add description to strings, get words and wordsstripped from the packed files 
        '''
        data["APK"] = {
            "General": {},
            "Permissions": [],
            "_General": {},
            "_Permissions": ["Permission", "Description"]
        }
        for i, v in enumerate(data["Packed"]["Files"]):
            if v["Name"].lower() == "androidmanifest.xml":
                #self.readpepackage(v["Path"])
                data["APK"]["Permissions"] = self.read_permissions(
                    data, v["Path"])
            if "classes" in v["Name"].lower() and v["Name"].lower().endswith(
                    ".dex"):
                r2p = r2open(v["Path"], flags=['-2'])
                r2p.cmd("e anal.timeout = 5")
                r2p.cmd("aaaa;")
                k = 'APK_DEX_{}'.format(i)
                data[k] = {
                    "Classes": [],
                    "Externals": [],
                    "Symbols": [],
                    "Bigfunctions": [],
                    "Suspicious": [],
                    "_Classes": ["Type", "Name"],
                    "_Externals": ["Type", "Name"],
                    "_Symbols": ["Type", "Address", "X", "Name"],
                    "_Bigfunctions": ["Size", "Name"],
                    "_Suspicious": ["Location", "Function", "Xrefs"]
                }
                data[k]["Classes"] = self.get_all_classes(r2p)
                data[k]["Externals"] = self.get_all_externals(r2p)
                data[k]["Symbols"] = self.get_all_symbols(r2p)
                data[k]["Bigfunctions"] = self.big_functions(r2p)
                data[k]["Suspicious"] = self.check_sus(r2p)
        add_description("AndroidPermissions", data["APK"]["Permissions"],
                        "Permission")
        get_words_multi_files(data, data["Packed"]["Files"])

        #future plan; force closing - try,except
        r2p.quit()
コード例 #5
0
ファイル: qbd3generator.py プロジェクト: Helios94/analyzer
    def create_d3_ref(self, data):
        '''
        get cross references from file using radare2 
        '''
        data["XREFS"] = {
            "GRAPH": {
                "nodes": [],
                "links": []
            },
            "TEXT": [],
            "_TEXT": ["From", "To"]
        }
        r2p = r2open(data["Location"]["File"], flags=['-2'])
        r2p.cmd("e anal.timeout = 10")
        r2p.cmd("aaaa")
        x = r2p.cmd("axtj@@ sym.*")
        x = "[" + (x.replace('\n', '').replace("][", "],[")) + "]"
        sym = ' '.join(r2p.cmd("is~[6]").split())
        x = literal_eval(x)
        _node = []
        _links = []
        _list = []
        _temp = []
        for funcs in x:
            for func in funcs:
                if "opcode" in func and "fcn_name" in func:
                    match = search(r'\[(.*?)\]', func["opcode"])
                    if match is not None:
                        if len(r2p.cmd("pd 1 @ " + match.group(1))) > 0:
                            _list.append({
                                "From": func["fcn_name"],
                                "To": match.group(1)
                            })
                    else:
                        funcfromopcode = ''.join(
                            func["opcode"].split(' ')[-1:])
                        _list.append({
                            "From": func["fcn_name"],
                            "To": funcfromopcode
                        })

        for xfunc in _list:
            if self.check_func(xfunc["From"], sym):
                if xfunc["From"] not in _temp:
                    _temp.append(xfunc["From"])
                    _node.append({"func": xfunc["From"]})
                if xfunc["To"] not in _temp:
                    _temp.append(xfunc["To"])
                    _node.append({"func": xfunc["To"]})

        for xfunc in _list:
            try:
                S = _temp.index(xfunc["From"])
                T = _temp.index(xfunc["To"])
                if next((item for item in _links
                         if item["source"] == S and item["target"] == T),
                        False) == False:
                    _links.append({"source": S, "target": T})
            except:
                pass

        if len(_node) > 0 and len(_links) > 0:
            data["XREFS"]["GRAPH"]["nodes"] = _node
            data["XREFS"]["GRAPH"]["links"] = _links
            data["XREFS"]["TEXT"] = _list
コード例 #6
0
ファイル: windowspe.py プロジェクト: telolet347/analyzer
 def analyze(self, data):
     '''
     start analyzing exe logic, add descriptions and get words and wordsstripped from the file
     '''
     data["PE"] = deepcopy(self.datastruct)
     data["ICONS"] = {"ICONS": []}
     pe_info = PE(data["Location"]["File"])
     ep_info = pe_info.OPTIONAL_HEADER.AddressOfEntryPoint
     section = self.find_entry_point_function(pe_info, ep_info)
     singinhex = "UnKnown"
     en_section_name = "UnKnown"
     sig_instructions = "UnKnown"
     with ignore_excpetion(Exception):
         sig = section.get_data(ep_info, 52)
         singinhex = "".join("{:02x}".format(x) for x in sig)
         r2p = r2open("-", flags=['-2'])
         r2p.cmd("e anal.timeout = 5")
         temp_sig_instructions = r2p.cmd(
             "pad {}".format(singinhex)).split("\n")[:8]
         sig_instructions = "\n".join(temp_sig_instructions)
     with ignore_excpetion(Exception):
         en_section_name = section.Name.decode("utf-8",
                                               errors="ignore").strip("\00")
     data["PE"]["General"] = {
         "PE Type":
         self.what_type(pe_info),
         "Entrypoint":
         pe_info.OPTIONAL_HEADER.AddressOfEntryPoint,
         "Entrypoint Section":
         en_section_name,
         "Header checksum":
         hex(pe_info.OPTIONAL_HEADER.CheckSum),
         "Verify checksum":
         hex(pe_info.generate_checksum()),
         "Match checksum":
         pe_info.verify_checksum(),
         "Sig":
         singinhex,
         "imphash":
         pe_info.get_imphash(),
         "warning":
         pe_info.get_warnings()
         if len(pe_info.get_warnings()) > 0 else "None",
         "Timestamp":
         datetime.fromtimestamp(pe_info.FILE_HEADER.TimeDateStamp).strftime(
             '%Y-%m-%d %H:%M:%S')
     }
     data["PE"]["Characteristics"] = self.get_characteristics(pe_info)
     data["PE"]["Singed"], data["PE"][
         "SignatureExtracted"] = self.check_if_singed(pe_info)
     data["PE"]["Stringfileinfo"] = self.get_string_file_info(pe_info)
     data["PE"]["Sections"] = self.get_sections(pe_info)
     data["PE"]["Dlls"] = self.get_dlls(pe_info)
     data["PE"]["Resources"], data["PE"]["Manifest"], data["ICONS"][
         "ICONS"] = self.get_recourse(pe_info)
     data["PE"]["Imported functions"] = self.get_imported_functions(pe_info)
     data["PE"]["Exported functions"] = self.get_exported_functions(pe_info)
     data["PE"]["Entrypoint"] = sig_instructions
     add_description("WinApis", data["PE"]["Imported functions"],
                     "Function")
     add_description("ManHelp", data["PE"]["Imported functions"],
                     "Function")
     add_description("WinDlls", data["PE"]["Dlls"], "Dll")
     add_description("WinSections", data["PE"]["Sections"], "Section")
     add_description("WinResources", data["PE"]["Resources"], "Resource")
     get_words(data, data["Location"]["File"])