def run(self):
"""Runs the process"""
c = 0
for d in self.dirs:
log.info("%s %d/%d Parsing %s ... " % (self.name, c, len(self.dirs), d))
# Parse directory
parser = SmaliParser(d, self.suffix)
parser.run()
# Get and save results
res = parser.get_results()
self.result_queue.put(res)
c += 1
def make_parser(app_home):
app = SmaliscaApp()
app.setup()
location = app_home + '/smali_code'
suffix = 'smali'
parser = SmaliParser(location, suffix)
parser.run()
results = parser.get_results()
results_json = json.dumps(results, sort_keys=True, indent=4)
with open(app_home + "/smali_parser.json", "w") as f:
f.write(results_json)
f.close()
return results
def parser():
printflag = 0
print(Fore.YELLOW +
"\n\n--------------------------------------------------")
print(Fore.GREEN + "[INFO] " + Fore.BLUE +
"SCANNING FOR VULNERABILITIES\n")
filename = None
app = SmaliscaApp()
app.setup()
location = '.'
suffix = 'smali'
parser = SmaliParser(location, suffix)
parser.run()
results = parser.get_results()
for i in results:
for key, values in i.items():
if key == "path":
filename = values
if key == "const-strings":
search_ecb(filename, values)
elif key == "methods":
for j in values:
for mkey, mvalue in j.items():
if mkey == "calls":
pattern_receiver(filename, mvalue)
else:
pass
print(
Fore.BLUE +
"\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'"
)
def parser():
receiver_set = set()
printflag = 0
print(Fore.YELLOW +
"\n\n--------------------------------------------------")
print(Fore.GREEN + "[INFO] " + Fore.BLUE +
"SCANNING FOR VULNERABILITIES\n")
filename = None
app = SmaliscaApp()
app.setup()
location = './Bytecode'
suffix = 'smali'
parser = SmaliParser(location, suffix)
parser.run()
results = parser.get_results()
for i in results:
for key, values in i.items():
if key == "path":
filename = values
if key == "const-strings":
search_ecb(filename, values)
elif key == "methods":
for j in values:
for mkey, mvalue in j.items():
if mkey == "calls":
receiver_set = pattern_receiver(filename, mvalue)
for i in receiver_set:
for x in i:
if 'JAVASCRIPT' in x:
set_of_js.update(i)
if 'ECB' in x:
set_of_ecb.update(i)
if 'DYNAMIC_RECEIVER' in x:
set_of_search_dynamic.update(i)
if 'EMPTY_PENDING_INTENT' in x:
set_of_empty_pend_list.update(i)
if 'SYSTEM_BROADCAST_RECEIVER' in x:
set_of_sys_broadcast_list.update(i)
if 'TLS_VALIDTY' in x:
set_of_tls_validity_list.update(i)
if 'INSECURE_SOCKET' in x:
set_of_insecure_socket_list.update(i)
if 'UNENCRYPTED_COMMUNICATION' in x:
set_of_list_of_unenc_soc.update(i)
if 'UNSAFE_INTENT' in x:
set_of_unsafe_intent_list.update(i)
if 'COOKIE_OVERWRITE' in x:
set_of_list_of_cookie_overwrite.update(
i)
if 'FILE_FROM_URL' in x:
set_of_url_allowed_list.update(i)
if 'CONTENT_FROM_URL' in x:
set_of_content_allowed_list.update(i)
if 'DYNAMIC_WEAK_CHECKS' in x:
set_of_weak_checks_list.update(i)
else:
pass
set_updater(set_of_js, 'JAVASCRIPT')
set_updater(set_of_ecb, 'ECB')
set_updater(set_of_search_dynamic, 'DYNAMIC_RECEIVER')
set_updater(set_of_empty_pend_list, 'EMPTY_PENDING_INTENT')
set_updater(set_of_sys_broadcast_list, 'SYSTEM_BROADCAST_RECEIVER')
set_updater(set_of_tls_validity_list, 'TLS_VALIDTY')
set_updater(set_of_insecure_socket_list, 'INSECURE_SOCKET')
set_updater(set_of_list_of_unenc_soc, 'UNENCRYPTED_COMMUNICATION')
set_updater(set_of_unsafe_intent_list, 'UNSAFE_INTENT')
set_updater(set_of_list_of_cookie_overwrite, 'COOKIE_OVERWRITE')
set_updater(set_of_url_allowed_list, 'FILE_FROM_URL')
set_updater(set_of_content_allowed_list, 'CONTENT_FROM_URL')
set_updater(set_of_weak_checks_list, 'DYNAMIC_WEAK_CHECKS')
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Javascript is enabled \n")
printer(set_of_js)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"ECB cipher usage instance found \n")
printer(set_of_ecb)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"Broadcast Receiver Exported \n")
printer(set_of_search_dynamic)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Empty Pending Intent Found \n")
printer(set_of_empty_pend_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Sticky Broadcast Found \n")
printer(set_of_sys_broadcast_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"Certificate Validity Checks Not Found\n")
printer(set_of_tls_validity_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"Insecure Hostname Verification Routine Found\n")
printer(set_of_insecure_socket_list)
# print(Fore.RED + "\n\t\t[!] " + Fore.RED + "HTTP URLs Found\n")
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"SetCookie is Enabled. Cookie overwrite possible \n")
printer(set_of_list_of_cookie_overwrite)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"File Access from URLs Allowed \n")
printer(set_of_url_allowed_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"Content Access from URLs Allowed \n")
printer(set_of_content_allowed_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED +
"Usage of 'Call' for ContentProvider! \n")
printer(set_of_weak_checks_list)
add_to_db()
print(
Fore.BLUE +
"\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'"
)
def default(self):
"""Default command"""
if self.app.pargs.location and self.app.pargs.suffix:
self.location = self.app.pargs.location
self.suffix = self.app.pargs.suffix
# Create new parser
parser = SmaliParser(self.location, self.suffix)
parser.run()
# Output results
if (self.app.pargs.output) and (self.app.pargs.fileformat):
results = parser.get_results()
app = App(__name__)
# Add additional info
app.add_location(self.location)
app.add_parser("%s - %s" %
(config.PROJECT_NAME, config.PROJECT_VERSION))
# Append classes
for c in results:
app.add_class_obj(c)
# Write results to JSON
if self.app.pargs.fileformat == 'json':
log.info("Exporting results to JSON")
app.write_json(self.app.pargs.output)
log.info("\tWrote results to %s" % self.app.pargs.output)
# Write results to sqlite
elif self.app.pargs.fileformat == 'sqlite':
appSQL = AppSQLModel(self.app.pargs.output)
try:
log.info("Exporting results to SQLite")
# Add classes
log.info("\tExtract classes ...")
for c in app.get_classes():
appSQL.add_class(c)
# Add properties
log.info("\tExtract class properties ...")
for p in app.get_properties():
appSQL.add_property(p)
# Add const-strings
log.info("\tExtract class const-strings ...")
for c in app.get_const_strings():
appSQL.add_const_string(c)
# Add methods
log.info("\tExtract class methods ...")
for m in app.get_methods():
appSQL.add_method(m)
# Add calls
log.info("\tExtract calls ...")
for c in app.get_calls():
appSQL.add_call(c)
# Commit changes
log.info("\tCommit changes to SQLite DB")
appSQL.commit()
log.info("\tWrote results to %s" %
self.app.pargs.output)
finally:
log.info("Finished scanning")
from smalisca.modules.module_static_analysis import ProgramSlicing
import json
# Specify the location where your APK has been dumped
location = 'smalisca/modules/com.badminton.free-313913/smali_classes2/com/ironsource/mediationsdk/utils'
# location = r'D:\UCalgary\CPSC502.04\all_apks\com.badminton.free-313913'
# location = r'D:\UCalgary\CPSC502.04\com.sina.weibo-8.10.3-3767'
# Specify file name suffix
suffix = 'smali'
# debug mode
debug = False
# Create a new parser
parser = SmaliParser(location, suffix, debug)
parser.run()
# Get results
res = parser.get_results()
# All the method with Crypto call inside it
for r in res:
# create analyzer
slicer = ProgramSlicing(location, r['crypto_methods'], debug)
file_path = location + "/" + r['name'].split('/')[-1] + r'.' + suffix
slicer.read_file(file_path)
slicer.read_all_method()
def parser(hash_of_apk):
receiver_set = set()
printflag = 0
print(Fore.YELLOW + "\n\n--------------------------------------------------")
print(Fore.GREEN + "[INFO] " + Fore.BLUE + "SCANNING FOR VULNERABILITIES\n")
path = hash_of_apk
os.chdir(path)
filename = None
app = SmaliscaApp()
app.setup()
location = './Bytecode'
suffix = 'smali'
parser = SmaliParser(location, suffix)
parser.run()
results = parser.get_results()
for i in results:
for key, values in i.items():
if key == "path":
filename = values
if key == "const-strings":
search_ecb(filename, values)
elif key == "methods":
for j in values:
for mkey, mvalue in j.items():
if mkey == "calls":
receiver_set = pattern_receiver(filename, mvalue)
for i in receiver_set:
for x in i:
if 'JAVASCRIPT' in x:
set_of_js.update(i)
if 'ECB' in x:
set_of_ecb.update(i)
if 'DYNAMIC_RECEIVER' in x:
set_of_search_dynamic.update(i)
if 'EMPTY_PENDING_INTENT' in x:
set_of_empty_pend_list.update(i)
if 'SYSTEM_BROADCAST_RECEIVER' in x:
set_of_sys_broadcast_list.update(i)
if 'TLS_VALIDTY' in x:
set_of_tls_validity_list.update(i)
if 'INSECURE_SOCKET' in x:
set_of_insecure_socket_list.update(i)
if 'UNENCRYPTED_COMMUNICATION' in x:
set_of_list_of_unenc_soc.update(i)
if 'UNSAFE_INTENT' in x:
set_of_unsafe_intent_list.update(i)
if 'COOKIE_OVERWRITE' in x:
set_of_list_of_cookie_overwrite.update(i)
if 'FILE_FROM_URL' in x:
set_of_url_allowed_list.update(i)
if 'CONTENT_FROM_URL' in x:
set_of_content_allowed_list.update(i)
if 'DYNAMIC_WEAK_CHECKS' in x:
set_of_weak_checks_list.update(i)
if 'EXECSQL_USAGE' in x:
set_of_execsql_used.update(i)
if 'SHAREDPREFS_USAGE' in x:
set_of_sharedprefs_used.update(i)
if 'SQLITE_USAGE' in x:
set_of_sqli_used.update(i)
if 'INT_STORAGE_USAGE' in x:
set_of_int_storage_used.update(i)
if 'KEYSTORE_USAGE' in x:
set_of_keystore_used.update(i)
else:
pass
set_updater(set_of_js, 'JAVASCRIPT')
set_updater(set_of_ecb, 'ECB')
set_updater(set_of_search_dynamic, 'DYNAMIC_RECEIVER')
set_updater(set_of_empty_pend_list, 'EMPTY_PENDING_INTENT')
set_updater(set_of_sys_broadcast_list, 'SYSTEM_BROADCAST_RECEIVER')
set_updater(set_of_tls_validity_list, 'TLS_VALIDTY')
set_updater(set_of_insecure_socket_list, 'INSECURE_SOCKET')
set_updater(set_of_list_of_unenc_soc, 'UNENCRYPTED_COMMUNICATION')
set_updater(set_of_unsafe_intent_list, 'UNSAFE_INTENT')
set_updater(set_of_list_of_cookie_overwrite, 'COOKIE_OVERWRITE')
set_updater(set_of_url_allowed_list, 'FILE_FROM_URL')
set_updater(set_of_content_allowed_list, 'CONTENT_FROM_URL')
set_updater(set_of_weak_checks_list, 'DYNAMIC_WEAK_CHECKS')
set_updater(set_of_execsql_used, 'EXECSQL_USAGE')
set_updater(set_of_sharedprefs_used, 'SHAREDPREFS_USAGE')
set_updater(set_of_sqli_used, 'SQLITE_USAGE')
set_updater(set_of_int_storage_used, 'INT_STORAGE_USAGE')
set_updater(set_of_keystore_used, 'KEYSTORE_USAGE')
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Javascript is enabled \n")
printer(set_of_js)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "ECB cipher usage instance found \n")
printer(set_of_ecb)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Broadcast Receiver Exported \n")
printer(set_of_search_dynamic)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Empty Pending Intent Found \n")
printer(set_of_empty_pend_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Sticky Broadcast Found \n")
printer(set_of_sys_broadcast_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Certificate Validity Checks Not Found\n")
printer(set_of_tls_validity_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Insecure Hostname Verification Routine Found\n")
printer(set_of_insecure_socket_list)
# print(Fore.RED + "\n\t\t[!] " + Fore.RED + "HTTP URLs Found\n")
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "SetCookie is Enabled. Cookie overwrite possible \n")
printer(set_of_list_of_cookie_overwrite)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "File Access from URLs Allowed \n")
printer(set_of_url_allowed_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Content Access from URLs Allowed \n")
printer(set_of_content_allowed_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Usage of 'Call' for ContentProvider! \n")
printer(set_of_weak_checks_list)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Usage of 'execSQL'! \n")
printer(set_of_execsql_used)
print(Fore.YELLOW + "\n\t\t[!] " + Fore.RED + "SharedPreference has been used \n")
printer(set_of_sharedprefs_used)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "SQLite DB used\n")
printer(set_of_sqli_used)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Internal storage used\n")
printer(set_of_int_storage_used)
print(Fore.RED + "\n\t\t[!] " + Fore.RED + "Keystore used\n")
printer(set_of_keystore_used)
path = os.getcwd() + '/..'
os.chdir(path)
add_to_db(hash_of_apk)
print(Fore.BLUE + "\n\t\t[INFO] Vulnerability References written to 'Vulnerabilities.txt'")
#--------------------------------
dbname = "adhrit.db"
dbconstatus = dbconnection(dbname)
query = f"UPDATE StatusDB SET Bytecode = 'complete' WHERE Hash='{hash_of_apk}';"
addedornot = insert_statustable(dbconstatus, query)