def _analyze(self):
for i in self.__files:
ret_type = androconf.is_android( i )
if ret_type == "APK":
x = apk.APK( i )
bc = dvm.DalvikVMFormat( x.get_dex() )
n = 1
if x.get_dex2() != '':
# bc2 = dvm.DalvikOdexVMFormat( x.get_dex2() )
bc2 = dvm.DalvikVMFormat( x.get_dex2() )
n = 2
elif ret_type == "DEX":
bc = dvm.DalvikVMFormat( read(i) )
elif ret_type == "DEY":
bc = dvm.DalvikOdexVMFormat( read(i) )
elif ret_type == "ELF":
from androguard.core.binaries import elf
bc = elf.ELF( read(i) )
else:
raise( "Unknown format" )
self.__bc.append( (i, BC( bc )) )
if n == 2:
self.__bc.append( (i, BC( bc2 )) )
self.__bc.append( n )
def auto_vm(filename):
ret = androconf.is_android(filename)
if ret == 'APK':
return dvm.DalvikVMFormat(apk.APK(filename).get_dex())
elif ret == 'DEX':
return dvm.DalvikVMFormat(read(filename))
elif ret == 'DEY':
return dvm.DalvikOdexVMFormat(read(filename))
raise Exception("unsupported file %s" % filename)
def auto_vm(filename):
ret = androconf.is_android(filename)
if ret == 'APK':
return dvm.DalvikVMFormat(apk.APK(filename).get_dex())
elif ret == 'DEX':
return dvm.DalvikVMFormat(read(filename))
elif ret == 'DEY':
return dvm.DalvikOdexVMFormat(read(filename))
return None
def create_dey(self, log, deyraw):
"""
This method is called in order to create a DalvikOdexVMFormat object
:param log: an object which corresponds to a unique app
:param dexraw: the raw odex file (a string)
:rtype: a :class:`DalvikOdexVMFormat` object
"""
return dvm.DalvikOdexVMFormat(deyraw)
def parse_input_file(self):
"""This function will analyze the file given as input"""
extension = self.get_type(self.filename)
if extension == ".apk":
if not self.quiet:
print "[*] Opening APK..."
try:
self.application = apk.APK(self.filename)
self.dalvik_executable = dvm.DalvikVMFormat(self.application.get_dex())
except:
return None
elif extension == ".odex":
if not self.quiet:
print "[*] Opening .odex file..."
self.dalvik_executable = dvm.DalvikOdexVMFormat(open(self.filename, "r").read())
elif extension == ".dex":
if not self.quiet:
print "[*] Opening .dex file"
self.dalvik_executable = dvm.DalvikVMFormat(open(self.filename, "r").read())
else:
if not self.quiet:
print "[!] Invalid type for %s...skipping" % (self.filename)
return None
if not self.quiet:
#print "[*] This application uses the following permissions :"
#print self.application.get_permissions()
print "[*] Analyzing dex file..."
self.analyzed_dex = analysis.VMAnalysis(self.dalvik_executable)
self.gx = ganalysis.GVMAnalysis(self.analyzed_dex, None)
self.dalvik_executable.set_vmanalysis(self.analyzed_dex)
self.dalvik_executable.set_gvmanalysis(self.gx)
if not self.quiet:
print "[*] Creating xrefs..."
self.dalvik_executable.create_xref()
self.dalvik_executable.create_python_export()
def __init__(self, name):
"""
:param name: filename to load
"""
self.vma = analysis.Analysis()
# Proper detection which supports multidex inside APK
ftype = androconf.is_android(name)
if ftype == 'APK':
for d in apk.APK(name).get_all_dex():
self.vma.add(dvm.DalvikVMFormat(d))
elif ftype == 'DEX':
self.vma.add(dvm.DalvikVMFormat(read(name)))
elif ftype == 'DEY':
self.vma.add(dvm.DalvikOdexVMFormat(read(name)))
else:
raise ValueError("Format not recognised for filename '%s'" % name)
self.classes = {dvclass.orig_class.get_name(): dvclass.orig_class for dvclass in self.vma.get_classes()}
def _analyze(self):
for i in self.__files:
ret_type = androconf.is_android(i)
if ret_type == "APK":
x = apk.APK(i)
bc = dvm.DalvikVMFormat(x.get_dex())
elif ret_type == "DEX":
bc = dvm.DalvikVMFormat(open(i, "rb").read())
elif ret_type == "DEY":
bc = dvm.DalvikOdexVMFormat(open(i, "rb").read())
elif ret_type == "ELF":
from androguard.core.binaries import elf
bc = elf.ELF(open(i, "rb").read())
else:
raise ("Unknown format")
if isinstance(bc, list):
for j in bc:
self.__bc.append((j[0], BC(jvm.JVMFormat(j[1]))))
else:
self.__bc.append((i, BC(bc)))
def run(self):
if androconf.is_android_raw(self.raw) == "DEY":
dex_object = dvm.DalvikOdexVMFormat(self.raw)
else:
dex_object = dvm.DalvikVMFormat(self.raw)
ana_object = analysis.uVMAnalysis(dex_object)
gvm_object = ganalysis.GVMAnalysis(ana_object, None)
dex_object.set_vmanalysis(ana_object)
dex_object.set_gvmanalysis(gvm_object)
for i in androconf.CONF:
if is_setting(i):
androconf.CONF[i] = get_setting(i)
decompiler_option = get_setting("DEFAULT_DECOMPILER", "dad")
if decompiler_option == "dex2jad":
dex_object.set_decompiler(
decompiler.DecompilerDex2Jad(dex_object,
androconf.CONF["PATH_DEX2JAR"],
androconf.CONF["BIN_DEX2JAR"],
androconf.CONF["PATH_JAD"],
androconf.CONF["BIN_JAD"],
androconf.CONF["TMP_DIRECTORY"]))
elif decompiler_option == "ded":
dex_object.set_decompiler(
decompiler.DecompilerDed(dex_object,
androconf.CONF["PATH_DED"],
androconf.CONF["BIN_DED"],
androconf.CONF["TMP_DIRECTORY"]))
else:
dex_object.set_decompiler(
decompiler.DecompilerDAD(dex_object, ana_object))
dex_object.create_xref()
dex_object.create_dref()
self.view.set_name("%s.ag" % (self.filename))
self.view.set_scratch(True)
edit = self.view.begin_edit()
self.view.sel().clear()
self.view.set_syntax_file("Packages/ag-st/ag.tmLanguage")
by_package = {}
for current_class in dex_object.get_classes():
name = current_class.get_name()
try:
by_package[os.path.dirname(name)].append(current_class)
except KeyError:
by_package[os.path.dirname(name)] = []
by_package[os.path.dirname(name)].append(current_class)
b_buffer = ""
line = 0
AG_METHODS_LINE[self.view.id()] = {}
AG_CLASSES_LINE[self.view.id()] = {}
AG_FIELDS_LINE[self.view.id()] = {}
for key in sorted(by_package.iterkeys()):
b_buffer += "%s\n" % key
line += 1
for c_class in sorted(by_package[key], key=lambda k: k.get_name()):
b_buffer += "\t%s extends %s\n" % (c_class.get_name(
)[1:-1], c_class.get_superclassname()[1:-1])
AG_CLASSES_LINE[self.view.id()][line] = c_class
line += 1
for j in c_class.get_methods():
b_buffer += "\t\tmethod: %s %s [%s] size:%d\n" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(), j.get_length())
AG_METHODS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
for j in c_class.get_fields():
b_buffer += "\t\tfield: %s %s [%s %s]" % (
j.get_name(), j.get_descriptor(),
j.get_access_flags_string(),
dvm.get_type(j.get_descriptor()))
init_value = j.get_init_value()
if init_value != None:
b_buffer += " (%s)" % repr(str(init_value.get_value()))
b_buffer += "\n"
AG_FIELDS_LINE[self.view.id()][line] = j
line += 1
b_buffer += "\n"
line += 1
l = dex_object.get_classes_hierarchy()
h_buffer = ""
for i in l:
h_buffer += i + "\n"
b_buffer += h_buffer
self.view.replace(edit, sublime.Region(0, self.view.size()), b_buffer)
self.view.end_edit(edit)
self.view.set_read_only(True)
AG_DEX_VIEW[self.view.id()] = (dex_object, ana_object)
FILENAMES[self.view.id()] = hashlib.sha1(
dex_object.get_buff()).hexdigest()
