def analyze_apk(self, data): ''' start analyzing apk logic (r2p timeout = 10) for all dex files add description to strings, get words and wordsstripped from the packed files ''' data["APK"] = { "General": {}, "Permissions": [], "_General": {}, "_Permissions": ["Permission", "Description"] } for index, item in enumerate(data["Packed"]["Files"]): if item["Name"].lower() == "androidmanifest.xml": #self.readpepackage(v["Path"]) data["APK"]["Permissions"] = self.read_permissions( data, item["Path"]) if "classes" in item["Name"].lower() and item["Name"].lower( ).endswith(".dex"): r2p = r2open(item["Path"], flags=['-2']) r2p.cmd("e anal.timeout = 5") r2p.cmd("aaaa;") self.dex_wrapper(data, r2p, 'APK_DEX_{}'.format(index)) add_description("AndroidPermissions", data["APK"]["Permissions"], "Permission") get_words_multi_files(data, data["Packed"]["Files"]) r2p.quit()
def check_sig(self, data): ''' start unknown files logic, this file is not detected by otehr modules if file is archive, then unpack and get words, wordsstripped otherwise get words, wordsstripped from the file only ''' if data["Details"]["Properties"]["mime"] == "application/java-archive" or \ data["Details"]["Properties"]["mime"] == "application/zip" or \ data["Details"]["Properties"]["mime"] == "application/zlib": unpack_file(data, data["Location"]["File"]) get_words_multi_files(data, data["Packed"]["Files"]) else: get_words(data, data["Location"]["File"])
def analyze(self, data): ''' start analyzing office logic, get office meta informations add description to strings, get words and wordsstripped from the packed files ''' data["Office"] = deepcopy(self.datastruct) data["Office"]["General"] = self.office_meta_info(data) data["Office"]["Text"] = self.extract_text(data) data["Office"]["DDE"] = self.extract_dde(data) data["Office"]["Macro"] = self.extract_macros(data["Location"]["File"]) data["Office"].update(self.office_analysis(data)) self.office_read_bin(data) get_words_multi_files(data, data["Packed"]["Files"])
def analyze_dmg(self, data): ''' start analyzing dmg file, loop over packed file and extract info.plist and shells ''' data["DMG"] = {"General": {}, "_General": {}} for i, v in enumerate(data["Packed"]["Files"]): if v["Path"].lower().endswith("info.plist"): data["DMG"]["General"] = self.get_plist(v["Path"]) break for i, v in enumerate(data["Packed"]["Files"]): if v["Type"] == "text/x-shellscript": k = 'DMG_Shellscript_{}'.format(i) data[k] = {"Shell": "", "_Shell": ""} data[k]["Shell"] = open(v["Path"], "r").read() get_words_multi_files(data, data["Packed"]["Files"])
def analyze_apk(self, data): ''' start analyzing apk logic (r2p timeout = 10) for all dex files add description to strings, get words and wordsstripped from the packed files ''' data["APK"] = { "General": {}, "Permissions": [], "_General": {}, "_Permissions": ["Permission", "Description"] } for i, v in enumerate(data["Packed"]["Files"]): if v["Name"].lower() == "androidmanifest.xml": #self.readpepackage(v["Path"]) data["APK"]["Permissions"] = self.read_permissions( data, v["Path"]) if "classes" in v["Name"].lower() and v["Name"].lower().endswith( ".dex"): r2p = r2open(v["Path"], flags=['-2']) r2p.cmd("e anal.timeout = 5") r2p.cmd("aaaa;") k = 'APK_DEX_{}'.format(i) data[k] = { "Classes": [], "Externals": [], "Symbols": [], "Bigfunctions": [], "Suspicious": [], "_Classes": ["Type", "Name"], "_Externals": ["Type", "Name"], "_Symbols": ["Type", "Address", "X", "Name"], "_Bigfunctions": ["Size", "Name"], "_Suspicious": ["Location", "Function", "Xrefs"] } data[k]["Classes"] = self.get_all_classes(r2p) data[k]["Externals"] = self.get_all_externals(r2p) data[k]["Symbols"] = self.get_all_symbols(r2p) data[k]["Bigfunctions"] = self.big_functions(r2p) data[k]["Suspicious"] = self.check_sus(r2p) add_description("AndroidPermissions", data["APK"]["Permissions"], "Permission") get_words_multi_files(data, data["Packed"]["Files"]) #future plan; force closing - try,except r2p.quit()