def each(self, target):
self.results = dict(name=None,
files=[],
package=None,
permissions=[],
declared_permissions=[],
main_activity=None,
activities=[],
receivers=[],
services=[],
manifest=None,
libraries=[],
main_activity_content=None,
internal_classes=[])
try:
apk, vm, vm_analysis = AnalyzeAPK(target)
# First, get basic information about the APK
self.results['name'] = apk.get_app_name()
self.results['files'] = apk.get_files_types()
self.results['package'] = apk.get_package()
self.results['permissions'] = apk.get_details_permissions()
self.results[
'declared_permissions'] = apk.get_declared_permissions_details(
)
self.results['main_activity'] = apk.get_main_activity()
self.results['activities'] = apk.get_activities()
self.results['receivers'] = apk.get_receivers()
self.results['services'] = apk.get_services()
self.results['manifest'] = apk.get_android_manifest_axml().get_xml(
)
self.results['libraries'] = list(apk.get_libraries())
self.results['main_activity_content'] = None
self.results['internal_classes'] = []
try:
self.results['main_activity_content'] = self.results[
'main_activity_content'] = vm[0].get_class(
"L{};".format(self.results['main_activity']).replace(
'.', '/')).get_source()
except:
self.log('error', traceback.print_exc())
try:
self.results['internal_classes'] = self._get_internal_classes(
vm_analysis)
self._store_internal_classes()
except:
self.log('error', traceback.print_exc())
# Then, run all the APK Plugins in order to see if this is a known malware
for plugin in APKPlugin.__subclasses__():
plugin = plugin(target, apk, vm, vm_analysis)
plugin.apply(self)
except:
self.log('error', traceback.print_exc())
return True
def main(file_name):
#apk_file="com.coloros.gallery3d.apk"
if (len(file_name) < 2):
apk_file = "BackupAndRestore.apk"
else:
apk_file = file_name
#apk_file="BackupAndRestore.apk"
a, d, dalvik_ctx = AnalyzeAPK(apk_file)
#print("[+] %s init Done" %(apk_file))
signed_flag = True
for cert in a.get_certificates():
# cert.sha1 # the sha1 fingerprint
# cert.sha256 # the sha256 fingerprint
# cert.issuer.human_friendly # issuer
# cert.subject.human_friendly # subject, usually the same
# cert.hash_algo # hash algorithm
# cert.signature_algo # Signature algorithm
# cert.serial_number # Serial number
# cert.contents # The DER coded bytes of the certificate itself
finger_print = "9C A5 17 0F 38 19 19 DF E0 44 6F CD AB 18 B1 9A 14 3B 31 63"
if (str(finger_print) == str(cert.sha1_fingerprint)):
signed_flag = True
print("----------------------------------------------------")
print("[+] %s init Done" % (apk_file))
print("[+] is priv-app [True] ")
break
else:
signed_flag = False
#print("[-] is priv-app [False]")
break
if (signed_flag == False):
sys.exit(1)
if (not a.is_signed_v2() or not a.is_signed_v3()):
print("[!] APK [%s] is not signed from v2, v3" % (apk_file))
service_lists = a.get_services()
manifestData = str(a.get_android_manifest_axml().get_xml())
soup = BeautifulSoup(manifestData, 'html.parser')
for service_name in service_lists:
tmpData = ""
intent_filter = []
permission = ""
exported = False
has_ifilter = False
service_name = service_name.split(".")[-1]
services = soup.find_all("service")
for service in services:
if (service.has_attr('android:name')):
if (service_name in service['android:name']): pass
else: continue
if (service.has_attr('android:permission')):
permission = service['android:permission']
else:
permission = ""
if (service.has_attr('android:exported')):
if (service['android:exported'] == "true"): exported = True
else: exported = False
# intent filter
if (len(service.find_all('intent-filter')) > 0):
has_ifilter = True
intents = service.find_all('intent-filter')
for intent in intents:
actions = intent.find_all('action')
#print(actions)
for action in actions:
#print(action)
intent_filter.append(action['android:name'])
if (exported == True or has_ifilter == True):
print("[!] (exported=[%s]) ->" % (exported), end=' ')
print(service_name, end='')
print(" (perm:[%s])" % permission, end="->")
import subprocess
if (permission != ""):
command_string = 'adb shell "pm list permissions -f |grep %s -A 10 |grep protection | head -n 1"' % (
permission)
output = subprocess.check_output(command_string, shell=True)
output = output.decode("utf-8").strip()
if (len(str(output)) < 2):
print("[can not find permission]")
else:
print("[%s]" % (output))
else:
print("[no permission]")
for intent in intent_filter:
print("\t[->]intent-filter action: [%s] " % intent)
receivers = a.get_receivers()
for receive_name in receivers:
print("[+] Receiver : " + receive_name)
def apkGetManifest(i):
# variables
hardware = set()
permission = set()
activity = set()
service = set()
receiver = set()
provider = set()
intentfilter = set()
dom = None
# extracting AndroidManifest.xml
a, d, dx = AnalyzeAPK(join(apkpath, i))
try:
# axml
dom = minidom.parseString(a.get_android_manifest_axml().get_xml())
except:
try:
# xml
dom = minidom.parseString(a.get_android_manifest_xml().get_xml())
except Exception as e:
print("e: " + i +
" : Failed to extract Manifest from APK with error:\n" + e)
# open manifest file
fout = open(join(manifestpath, i), 'w')
domCollection = dom.documentElement
# hardware feature extraction
for _ in domCollection.getElementsByTagName("uses-feature"):
if _.hasAttribute("android:name"):
hardware.add(_.getAttribute("android:name"))
if len(hardware):
fout.write('\n'.join(("hardware::" + _) for _ in hardware))
fout.write("\n")
# permission feature extraction
for _ in domCollection.getElementsByTagName("uses-permission"):
if _.hasAttribute("android:name"):
permission.add(_.getAttribute("android:name"))
if len(permission):
fout.write('\n'.join(("permission::" + _) for _ in permission))
fout.write("\n")
# activity feature extraction
for _ in domCollection.getElementsByTagName("activity"):
if _.hasAttribute("android:name"):
activity.add(_.getAttribute("android:name"))
if len(activity):
fout.write('\n'.join(("activity::" + _) for _ in activity))
fout.write("\n")
# service feature extraction
for _ in domCollection.getElementsByTagName("service"):
if _.hasAttribute("android:name"):
service.add(_.getAttribute("android:name"))
if len(service):
fout.write('\n'.join(("service::" + _) for _ in service))
fout.write("\n")
# receiver feature extraction
for _ in domCollection.getElementsByTagName("receiver"):
if _.hasAttribute("android:name"):
receiver.add(_.getAttribute("android:name"))
if len(receiver):
fout.write('\n'.join(("receiver::" + _) for _ in receiver))
fout.write("\n")
# provider feature extraction
for _ in domCollection.getElementsByTagName("provider"):
if _.hasAttribute("android:name"):
provider.add(_.getAttribute("android:name"))
if len(provider):
fout.write('\n'.join(("provider::" + _) for _ in provider))
fout.write("\n")
# intent-filter action & category feature extraction
for _ in domCollection.getElementsByTagName("action"):
if _.hasAttribute("android:name"):
intentfilter.add(_.getAttribute("android:name"))
for _ in dom.getElementsByTagName("category"):
if _.hasAttribute("android:name"):
intentfilter.add(_.getAttribute("android:name"))
if len(intentfilter):
fout.write('\n'.join(("intent-filter::" + _) for _ in intentfilter))
fout.write("\n")
fout.close()
print("[+] %s init Done" % (apk_file))
print("[+] is priv-app [True] ")
break
else:
signed_flag = False
#print("[-] is priv-app [False]")
break
if (signed_flag == False):
sys.exit(1)
if (not a.is_signed_v2() or not a.is_signed_v3()):
print("[!] APK [%s] is not signed from v2, v3" % (apk_file))
service_lists = a.get_services()
manifestData = str(a.get_android_manifest_axml().get_xml())
soup = BeautifulSoup(manifestData, 'html.parser')
for service_name in service_lists:
tmpData = ""
intent_filter = []
permission = ""
exported = False
has_ifilter = False
service_name = service_name.split(".")[-1]
services = soup.find_all("service")
for service in services:
if (service.has_attr('android:name')):
if (service_name in service['android:name']): pass
else: continue
