Exemplo n.º 1
0
def extraction(apk_path, file):
    t = "<sep>"
    apkf = APK(apk_path)
    f = open("train.csv", 'a')
    f.write(file + t)
    f.write(str(apkf.cert_text) + t)
    f.write(str(apkf.file_md5) + t)
    f.write(str(apkf.cert_md5) + t)
    f.write(str(apkf.file_size) + t)
    f.write(str(apkf.androidversion) + t)
    f.write(str(apkf.package) + t)
    f.write(str(apkf.get_android_manifest_xml()) + t)
    f.write(str(apkf.get_android_manifest_axml()) + t)
    f.write(str(apkf.is_valid_APK()) + t)
    f.write(str(apkf.get_filename()) + t)
    f.write(str(apkf.get_package()) + t)
    f.write(str(apkf.get_androidversion_code()) + t)
    f.write(str(apkf.get_androidversion_name()) + t)
    f.write(str(apkf.get_max_sdk_version()) + t)
    f.write(str(apkf.get_min_sdk_version()) + t)
    f.write(str(apkf.get_target_sdk_version()) + t)
    f.write(str(apkf.get_libraries()) + t)
    f.write(str(apkf.get_files()) + t)
    f.write(str(apkf.get_files_types()) + t)
    f.write(str(apkf.get_main_activity()) + t)
    f.write(str(apkf.get_activities()) + t)
    f.write(str(apkf.get_services()) + t)
    f.write(str(apkf.get_receivers()) + t)
    f.write(str(apkf.get_providers()) + t)
    f.write(str(apkf.get_permissions()))
    f.write("<new>")
Exemplo n.º 2
0
def test():
    if len(sys.argv) == 1:
        print('Usage: %s app.apk' % sys.argv[0])
        sys.exit(1)

    apk_path = sys.argv[1]
    apkf = APK(apk_path)
    print(apkf.cert_text)
    print(apkf.cert_pem)
    print(apkf.file_md5)
    print(apkf.cert_md5)
    print(apkf.file_size)
    print(apkf.androidversion)
    print(apkf.package)
    print(apkf.get_android_manifest_xml())
    print(apkf.get_android_manifest_axml())
    print(apkf.is_valid_APK())
    print(apkf.get_filename())
    print(apkf.get_package())
    print(apkf.get_androidversion_code())
    print(apkf.get_androidversion_name())
    print(apkf.get_max_sdk_version())
    print(apkf.get_min_sdk_version())
    print(apkf.get_target_sdk_version())
    print(apkf.get_libraries())
    print(apkf.get_files())
    # pip install python-magic
    print(apkf.get_files_types())
    # print(apkf.get_dex())
    print(apkf.get_main_activity())
    print(apkf.get_activities())
    print(apkf.get_services())
    print(apkf.get_receivers())
    print(apkf.get_providers())
    print(apkf.get_permissions())
    print(binascii.hexlify(apkf.get_signature()))
    print(apkf.get_signature_name())

    print apkf.show()
Exemplo n.º 3
0
        print("Failed to download " + package_name + " from store.")
        sys.exit()
elif file_path:
    apk_file = file_path

report["package"] = package_name

if apk_file is not None:
    # generate info
    print("[*] Collecting app info")
    apk_info = APK(apk_file)
    report["app_info"] = {
        "md5": apk_info.file_md5,
        "cert_md5": apk_info.cert_md5,
        "file_size": apk_info.file_size,
        "version_name": apk_info.get_androidversion_name(),
        "version_code": apk_info.get_androidversion_code(),
        "main_activity": apk_info.get_main_activity(),
        "activities": apk_info.get_activities(),
        "services": apk_info.get_services(),
        "receivers": apk_info.get_receivers(),
        "providers": apk_info.get_providers(),
        "permissions": apk_info.get_permissions(),
        "certificates": []
    }

    report["app_info"]["certificates"].append(apk_info.cert_text)

    if cli is not None:
        store_info = cli.get_package_info(package_name)
        report["store_info"] = {
Exemplo n.º 4
0
def main():
    path = sys.argv[1]
    malicious = sys.argv[2]
    result = {}
    if not os.path.exists(path):
        return False, "File is not exists"
    apk = APK(path)
    if not apk.is_valid_APK():
        return False, "APK file is wrong"
    result = {}
    ### APK File Info
    result['Apk'] = {}
    result['Apk']['path'] = path
    result['Apk']['malicious'] = malicious
    result['Apk']['md5'] = apk.file_md5
    result['Apk']['sha256'] = apk.file_sha256
    result['Apk']['size'] = apk.file_size
    result['Apk']['magic'] = magic.Magic().from_file(path)
    result['Apk']['icon_files'] = apk.get_icon_files()

    ### Certificate Information
    result['Certificate'] = {}
    result['Certificate']['md5'] = apk.cert_md5
    result['Certificate']['text'] = apk.cert_text

    ### AndroidManifiest.xml Information
    result['AndroidManifest'] = {}
    result['AndroidManifest'][
        'androidversion_code'] = apk.get_androidversion_code()
    result['AndroidManifest'][
        'androidversion_name'] = apk.get_androidversion_name()
    result['AndroidManifest']['min_sdk_version'] = apk.get_min_sdk_version()
    result['AndroidManifest'][
        'target_sdk_version'] = apk.get_target_sdk_version()
    result['AndroidManifest']['libraries'] = apk.get_libraries()
    result['AndroidManifest']['main_activitiy'] = apk.get_main_activity()
    result['AndroidManifest']['activities'] = {}
    for activity in apk.get_activities():
        result['AndroidManifest']['activities'][
            activity] = apk.get_intent_filters('activity', activity)
    result['AndroidManifest']['services'] = {}
    for service in apk.get_services():
        result['AndroidManifest']['services'][
            service] = apk.get_intent_filters('service', service)
    result['AndroidManifest']['receivers'] = {}
    for receiver in apk.get_receivers():
        result['AndroidManifest']['receivers'][
            receiver] = apk.get_intent_filters('receiver', receiver)
    result['AndroidManifest']['permissions'] = {}
    for permission in apk.get_permissions():
        result['AndroidManifest']['permissions'][
            permission] = apk.get_intent_filters('permission', permission)
    result['AndroidManifest']['providers'] = apk.get_providers()

    ### APK File Information and File Magic Data
    result['Files'] = {}
    image_extension_list = ['png', 'jpeg', 'jpg', 'gif']
    image_magic_list = ['PNG image data', 'JPEG image data']
    for file in apk.get_files():
        result['Files'][file] = {}
        fileData = apk.get_file(filename=file)
        result['Files'][file]['icon'] = False
        result['Files'][file]['size'] = len(fileData)
        result['Files'][file]['md5'] = hashlib.md5(fileData).hexdigest()
        result['Files'][file]['sha256'] = hashlib.sha256(fileData).hexdigest()
        result['Files'][file]['magic'] = magic.Magic().from_buffer(fileData)
        result['Files'][file]['file_name'] = None
        result['Files'][file]['file_extension'] = None
        result['Files'][file]['image_resource'] = False
        if '/' in file:
            result['Files'][file]['file_name'] = file.split('/')[-1]
        else:
            result['Files'][file]['file_name'] = file

        if '.' in result['Files'][file]['file_name']:
            result['Files'][file]['file_extension'] = result['Files'][file][
                'file_name'].split('.')[-1].lower()
        if file in apk.get_icon_files():
            result['Files'][file]['icon'] = True
        if result['Files'][file]['file_extension'] in image_extension_list:
            result['Files'][file]['image_resource'] = get_image_resource(
                file_magic=result['Files'][file]['magic'],
                image_magic_list=image_magic_list)
        if get_image_resource(
                file_magic=result['Files'][file]['magic'],
                image_magic_list=image_magic_list) and result['Files'][file][
                    'file_extension'] not in image_extension_list:
            continue
            #print "[+] This file is strange %s %s" % (file, result['Files'][file]['magic'])
            fd = open('./temp/' + file.replace('/', '_'), 'wb')
            fd.write(apk.get_file(file))
            fd.close()

    ### decompile
    proc = subprocess.Popen(['java', '-jar', 'apktool_2.3.0.jar', 'd', path],
                            stdout=subprocess.PIPE,
                            stderr=subprocess.PIPE)
    out, err = proc.communicate()
    if '/' in path:
        path = path.split('/')[-1]
    result['Class'] = {}
    for root, dirs, files in os.walk('./' + path + '.out' + os.sep + 'smali'):
        for file in files:
            filepath = root + os.sep + file
            className = filepath.split('/smali/')[-1].split(
                '.smali')[0].replace('/', '.')
            result['Class'][className] = {}
            result['Class'][className]['Method'] = {}
            result['Class'][className]['interfaces'] = []
            result['Class'][className]['Fields'] = []
            fd = open(filepath, 'rb')
            data = fd.read()
            fd.close()
            index = 0
            for line in data.split('\n'):
                if not line:
                    continue
                line = line.strip()
                if line.startswith('.super '):
                    result['Class'][className]['super_class'] = line[
                        8:-1].replace('/', '.')
                    #print result['Class'][className]['super_class']
                elif line.startswith('.method '):
                    ### Method Info
                    try:
                        methodName, parameters, returnType = re.search(
                            '\.method\s.+\s(.+)\((.*)\)(.+)', line).groups()
                    except AttributeError:
                        methodName, parameters, returnType = re.search(
                            '\.method\s(.+)\((.*)\)(.+)', line).groups()
                    result['Class'][className]['Method'][methodName] = {}
                    result['Class'][className]['Method'][methodName][
                        'parameters'] = []
                    result['Class'][className]['Method'][methodName][
                        'strings'] = []
                    result['Class'][className]['Method'][methodName][
                        'call-api'] = []
                    result['Class'][className]['Method'][methodName][
                        'returnType'] = None
                    result['Class'][className]['Method'][methodName][
                        'flags'] = None
                    #if returnType not in ['Z','B','C','D','F','I','J','V']:
                    #    print line, returnType
                    #    raw_input()
                    ### Method Parameter
                    for parameter in parameters.split(';'):
                        result['Class'][className]['Method'][methodName][
                            'parameters'].append(parameter[1:].replace(
                                '/', '.'))
                    if returnType == 'Z':
                        returnType = 'boolean'
                    elif returnType == 'B':
                        returnType = 'byte'
                    elif returnType == 'C':
                        returnType = 'char'
                    elif returnType == 'D':
                        returnType = 'double'
                    elif returnType == 'F':
                        returnType = 'float'
                    elif returnType == 'I':
                        returnType = 'int'
                    elif returnType == 'J':
                        returnType == 'long'
                    elif returnType == 'V':
                        returnType = 'void'
                    elif returnType.startswith('L') and returnType.endswith(
                            ';'):
                        returnType = returnType[1:-1].replace('/', '.')
                    result['Class'][className]['Method'][methodName][
                        'returnType'] = returnType
                    #if '[' in returnType:
                elif line.startswith('const-string'):
                    result['Class'][className]['Method'][methodName][
                        'strings'].append(
                            re.search('\"(.*)\"', line).groups()[0])
                ### target = {'class', 'method', 'parameters' = []}
                elif line.startswith('invoke-virtual') or line.startswith(
                        'invoke-static') or line.startswith(
                            'invoke-interfaces'):
                    targetClass, targetMethod, targetMethodParameters, targetMethodReturnType = re.search(
                        'invoke\-.+\s\{.*\}\,\sL(.+)\-\>(.+)\((.*)\)(.*)',
                        line).groups()
                    target = {}
                    target['class'] = targetClass
                    target['mehtod'] = targetMethod
                    target['parameters'] = []
                    if targetMethodParameters.count(';') > 1:
                        for parameter in targetMethodParameters.split(';'):
                            target['parameters'].append(parameter[1:].replace(
                                '/', '.'))
                    else:
                        target['parameters'].append(
                            targetMethodParameters.replace('/', '.'))
                    result['Class'][className]['Method'][methodName][
                        'call-api'].append(target)
                index += 1
        shutil.rmtree('./' + path + '.out')
    return True, ""
Exemplo n.º 5
0
def main():
    banner()
    for i in range(start, end):
        target = "bot/" + str(i)
        try:
            apkf = APK(target)
            md5 = apkf.file_md5
            package = apkf.get_package()
            file_size = apkf.file_size
            andro_version = apkf.get_androidversion_name()
            libraries = apkf.get_libraries()
            main_activity = apkf.get_main_activity()
            activities = apkf.get_activities()
            services = apkf.get_services()
            files = apkf.get_files()
            permissions = apkf.get_permissions()
            counter_emails = 0
            counter_urls = 0
            counter_ftps = 0
            all_emails = []
            all_urls = []
            all_ftps = []
            print "----------------------------------------------"
            print colores.header + colores.underline + "[+][TARGET][>]" + package + " [" + str(
                i) + "]" + colores.normal
            print colores.header + "[-][md5][>] " + md5
            print colores.header + "[-][Android version][>] " + andro_version
            print colores.green + "|----[>] " + "Searching emails and links in strings ..." + colores.normal
            strings = os.popen("strings " + target)
            for word in strings:
                #To found emails in strings
                if "@" in word:
                    if word.find(".com") > 0 or word.find(
                            ".es") > 0 or word.find(".eu") > 0 or word.find(
                                ".net") > 0 or word.find(
                                    ".gob") > 0 or word.find(
                                        ".info") > 0 or word.find(".org") > 0:
                        words = word.split(" ")
                        for w in words:
                            if word.find(".com") > 0 or word.find(
                                    ".es"
                            ) > 0 or word.find(".eu") > 0 or word.find(
                                    ".net"
                            ) > 0 or word.find(".gob") > 0 or word.find(
                                    ".info") > 0 or word.find(".org") > 0:
                                counter_emails += 1
                                email = re.findall(r'[\w\.-]+@[\w\.-]+', word)
                                if not email in all_emails:
                                    print colores.green + "|----[EMAIL][>] " + str(
                                        email) + colores.normal
                                    all_emails.append(email)
                #To found urls in strings
                if "http" in word or "wwww." in word:
                    url = re.findall(
                        'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+',
                        word)
                    if not url in all_urls or url == "":
                        all_urls.append(url)
                        print colores.green + "|----[URL][>] " + str(
                            url) + colores.normal
                #To found FTP in strings

                if "ftp" in word:
                    ftp = re.findall(
                        'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+',
                        word)
                    if not ftp in all_ftps or ftp == "":
                        all_ftps.append(ftp)
                        print colores.green + "|----[FTP][>] " + str(
                            ftp) + colores.normal
        except:
            continue
        insert_mongodb(i, package, md5, file_size, andro_version,
                       main_activity, activities, services, permissions,
                       all_urls, all_emails, all_ftps)