def base64_decode(args):
    """Decode Base64 Automatically."""
    decoded = ''
    args_list = python_list(args)
    if not is_base64(args_list[0]):
        return decoded
    try:
        decoded = base64.b64decode(args_list[0]).decode('ISO-8859-1')
    except Exception:
        pass
    return decoded
예제 #2
0
def api_analysis(package, location):
    """API Analysis."""
    api_analysis_result = {}
    logger.info('Dynamic API Analysis')
    dat = ''
    api_base64 = []
    api_fileio = []
    api_reflect = []
    api_sysprop = []
    api_cntvl = []
    api_binder = []
    api_crypto = []
    api_acntmnger = []
    api_deviceinfo = []
    api_net = []
    api_dexloader = []
    api_cmd = []
    api_sms = []
    try:
        with open(location, 'r', encoding='utf-8') as flip:
            dat = flip.readlines()
        res_id = 'Droidmon-apimonitor-' + package + ':'
        for line in dat:
            if res_id in line:
                _, value = line.split(res_id, 1)
                try:
                    apis = json.loads(value, strict=False)
                    ret = ''
                    args = ''
                    mtd = str(apis['method'])
                    clss = str(apis['class'])
                    if apis.get('return'):
                        ret = str(apis['return'])
                    else:
                        ret = 'No Return Data'
                    if apis.get('args'):
                        args = str(apis['args'])
                    else:
                        args = 'No Arguments Passed'
                    # XSS Safe
                    call_data = ('</br>METHOD: {}'
                                 '</br>ARGUMENTS: {}'
                                 '</br>RETURN DATA: {}').format(
                                     escape(mtd), escape(args), escape(ret))

                    if re.findall('android.util.Base64', clss):
                        # Base64 Decode
                        if 'decode' in mtd:
                            args_list = python_list(args)
                            if is_base64(args_list[0]):
                                call_data += ('</br><span class='
                                              '"label label - info">'
                                              'Decoded String'
                                              ':</span> {}').format(
                                                  escape(
                                                      base64.b64decode(
                                                          args_list[0])))
                        api_base64.append(call_data)
                    if re.findall(
                            'libcore.io|'
                            'android.app.SharedP'
                            'referencesImpl\\$EditorImpl', clss):
                        api_fileio.append(call_data)
                    if re.findall('java.lang.reflect', clss):
                        api_reflect.append(call_data)
                    if re.findall(
                            'android.content.ContentResolver|'
                            'android.location.Location|'
                            'android.media.AudioRecord|'
                            'android.media.MediaRecorder|'
                            'android.os.SystemProperties', clss):
                        api_sysprop.append(call_data)
                    if re.findall(
                            'android.app.Activity|'
                            'android.app.ContextImpl|'
                            'android.app.ActivityThread', clss):
                        api_binder.append(call_data)
                    if re.findall(
                            'javax.crypto.spec.SecretKeySpec|'
                            'javax.crypto.Cipher|'
                            'javax.crypto.Mac', clss):
                        api_crypto.append(call_data)
                    if re.findall(
                            'android.accounts.AccountManager|'
                            'android.app.ApplicationPackageManager|'
                            'android.app.NotificationManager|'
                            'android.net.ConnectivityManager|'
                            'android.content.BroadcastReceiver', clss):
                        api_acntmnger.append(call_data)
                    if re.findall(
                            'android.telephony.TelephonyManager|'
                            'android.net.wifi.WifiInfo|'
                            'android.os.Debug', clss):
                        api_deviceinfo.append(call_data)
                    if re.findall(
                            'dalvik.system.BaseDexClassLoader|'
                            'dalvik.system.DexFile|'
                            'dalvik.system.DexClassLoader|'
                            'dalvik.system.PathClassLoader', clss):
                        api_dexloader.append(call_data)
                    if re.findall(
                            'java.lang.Runtime|java.lang.ProcessBuilder|'
                            'java.io.FileOutputStream|'
                            'java.io.FileInputStream|'
                            'android.os.Process', clss):
                        api_cmd.append(call_data)
                    if re.findall('android.content.ContentValues', clss):
                        api_cntvl.append(call_data)
                    if re.findall('android.telephony.SmsManager', clss):
                        api_sms.append(call_data)
                    if re.findall(
                            'java.net.URL|org.apache.http.'
                            'impl.client.AbstractHttpClient', clss):
                        api_net.append(call_data)
                except Exception:
                    logger.exception('Parsing JSON Failed for: %s', value)
    except Exception:
        logger.exception('Dynamic API Analysis')
    api_analysis_result['api_net'] = list(set(api_net))
    api_analysis_result['api_base64'] = list(set(api_base64))
    api_analysis_result['api_fileio'] = list(set(api_fileio))
    api_analysis_result['api_binder'] = list(set(api_binder))
    api_analysis_result['api_crypto'] = list(set(api_crypto))
    api_analysis_result['api_deviceinfo'] = list(set(api_deviceinfo))
    api_analysis_result['api_cntvl'] = list(set(api_cntvl))
    api_analysis_result['api_sms'] = list(set(api_sms))
    api_analysis_result['api_sysprop'] = list(set(api_sysprop))
    api_analysis_result['api_dexloader'] = list(set(api_dexloader))
    api_analysis_result['api_reflect'] = list(set(api_reflect))
    api_analysis_result['api_acntmnger'] = list(set(api_acntmnger))
    api_analysis_result['api_cmd'] = list(set(api_cmd))
    return api_analysis_result