def lookForComponentInManifest(apkfile, node, attrib): result = list() outputManifestFile = "AndroidManifest.xml.tmp" manifestFile = open(outputManifestFile, "w") manifestFile.write( manifestDecoder.extractManifest(apkfile).encode('utf-8')) manifestFile.close() command = "cat " + outputManifestFile + " | grep manifest | sed -nE 's/.*package=\"([^\"]+)\".*/\\1/p'" package = subprocess.check_output(command, shell=True).replace("\n", "") command = "cat " + outputManifestFile + " | grep " + node + " | sed -nE 's/.*" + attrib + "=\"([^\"]+)\".*/\\1/p'" elements = subprocess.check_output(command, shell=True) for element in elements.split("\n"): if element and element.strip(): if (element.startswith(".")): result.append(package + element) else: result.append(element) os.remove(outputManifestFile) return result
def lookForComponentInManifest(apkFile, node, attrib): result = list() outputManifestFile = "AndroidManifest.xml.tmp" manifestFile = open(outputManifestFile, "w") manifestFile.write(manifestDecoder.extractManifest(apkFile).encode('utf-8')) manifestFile.close() command = "cat " + outputManifestFile + " | grep manifest | sed -nE 's/.*package=\"([^\"]+)\".*/\\1/p'" package = subprocess.check_output(command, shell=True).replace("\n", "") command = "cat " + outputManifestFile + " | grep " + node + " | sed -nE 's/.*" + attrib + "=\"([^\"]+)\".*/\\1/p'" elements = subprocess.check_output(command, shell=True) for element in elements.split("\n"): if element and element.strip(): if(element.startswith(".")): result.append(package + element) else: result.append(element) os.remove(outputManifestFile) return result
def extractGeneralUseInformation(): os.makedirs(outputInfoDir) printTitle("unzip APK content") genericFunctions.unzipFileIntoDir(sample, outputZipDir) printTitle("decoding with apktool") os.system( APKTOOL_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputApktoolDir)) printTitle("decoding with jadx") os.system( JADX_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputJadxDir)) printTitle("decoding AndroidManifest.xml") manifestFile = open(outputManifestFile, "w") manifestFile.write(manifestDecoder.extractManifest(sample).encode('utf-8')) manifestFile.close() printTitle("extracting cert info") os.system("keytool -printcert -file " + outputZipDir + "/META-INF/*.RSA > " + outputInfoDir + "/cert.txt") printTitle("identifing file timestamps") os.system("unzip -l " + sample + " | awk '{print $2,$3,$4;}' | egrep '[0-9]{4}-' | sort > " + outputZipFile) printTitle("looking for file extensions") findAndReportExtension("apk") findAndReportExtension("jar") findAndReportExtension("class") findAndReportExtension("java") findAndReportExtension("so") findAndReportExtension("js") findAndReportExtension("html") printTitle("looking for strings") if os.path.exists(classesFile): findAndReportBinaryString(classesFile, "https?:") findAndReportBinaryString(classesFile, "aHR0cDo|aHR0cHM6L") # base64 findAndReportBinaryString( classesFile, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa findAndReportBinaryString(classesFile, "L[^;]+?;") findAndReportString(outputZipDir, "https?:") findAndReportString(outputZipDir, "aHR0cDo|aHR0cHM6L") # base64 findAndReportString( outputZipDir, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa
def extractGeneralUseInformation(): os.makedirs(outputInfoDir) printTitle("unzip APK content") genericFunctions.unzipFileIntoDir(sample, outputZipDir) printTitle("decoding with apktool") os.system(APKTOOL_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputApktoolDir)) printTitle("decoding with jadx") os.system(JADX_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputJadxDir)) printTitle("decoding AndroidManifest.xml") manifestFile = open(outputManifestFile, "w") manifestFile.write(manifestDecoder.extractManifest(sample).encode('utf-8')) manifestFile.close() printTitle("extracting cert info") os.system("keytool -printcert -file " + outputZipDir + "/META-INF/*.RSA > " + outputInfoDir + "/cert.txt") printTitle("identifing file timestamps") os.system("unzip -l " + sample + " | awk '{print $2,$3,$4;}' | egrep '[0-9]{4}-' | sort > " + outputZipFile) printTitle("looking for file extensions") findAndReportExtension("apk") findAndReportExtension("jar") findAndReportExtension("class") findAndReportExtension("java") findAndReportExtension("so") findAndReportExtension("js") findAndReportExtension("html") printTitle("looking for strings") if os.path.exists(classesFile): findAndReportBinaryString(classesFile, "https?:") findAndReportBinaryString(classesFile, "aHR0cDo|aHR0cHM6L") # base64 findAndReportBinaryString(classesFile, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa findAndReportBinaryString(classesFile, "L[^;]+?;") findAndReportString(outputZipDir, "https?:") findAndReportString(outputZipDir, "aHR0cDo|aHR0cHM6L") # base64 findAndReportString(outputZipDir, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa