def run(self, apk_file, md5):
print("Running the DroidStatX plugin!...")
log.debug("Running the DroidStatX plugin!...")
# test the existence of the results directory
if not os.path.exists(jsonResultsLocation):
os.system("mkdir " + jsonResultsLocation)
print(pluginName + ": FILE -> " + apk_file)
log.debug(pluginName + ": FILE -> " + apk_file)
if apk_file[-4:] == ".apk":
print(pluginName + ": Running on -> " + apk_file)
log.debug(pluginName + ": Running on -> " + apk_file)
print(pluginName + ": Executing -> " +
config['GENERAL']['python3cmd'] + droidStatXLocation +
"droidstatx.py --apk " + apk_file)
log.debug(pluginName + ": Executing -> " +
config['GENERAL']['python3cmd'] + droidStatXLocation +
"droidstatx.py --apk " + apk_file)
# run the tool
os.system(config['GENERAL']['python3cmd'] + " " +
droidStatXLocation + "droidstatx.py --apk " + apk_file)
cmd = aapt2ToolLocation + "aapt2 dump " + apk_file + " | grep 'Package name'"
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
(output, err) = p.communicate()
apkPackageName = str(output)[15:-9]
# convert .xmind file to JSON -> using xmindparser (already installed)
# from here: https://github.com/tobyqin/xmindparser
print(pluginName + ": Executing -> xmindparser " +
droidStatXLocation + "output_xmind/" + apkPackageName +
".xmind -json")
log.debug(pluginName + ": Executing -> xmindparser " +
droidStatXLocation + "output_xmind/" + apkPackageName +
".xmind -json")
os.system("xmindparser " + droidStatXLocation + "output_xmind/" +
apkPackageName + ".xmind -json")
# move the json results to proper folder
print(pluginName + ": mv " + droidStatXLocation + "output_xmind/" +
apkPackageName + ".json " + jsonResultsLocation + md5 +
".json")
log.debug(pluginName + ": mv " + droidStatXLocation +
"output_xmind/" + apkPackageName + ".json " +
jsonResultsLocation + md5 + ".json")
os.system("mv " + droidStatXLocation + "output_xmind/" +
apkPackageName + ".json " + jsonResultsLocation + md5 +
".json")
# have also the information registered on the database
db.insert_results(md5, pluginName,
jsonResultsLocation + md5 + ".json", 0, "")
def fit(self, X, y):
self.rs.fit(X, y)
# write results to the file
f, file_name = self.results_file_open("w")
self.write_header(f)
f.write("# Random search params: \n")
f.write("# -- cv: " + str(self.cv) + "\n")
f.write("# -- n_iter: " + str(self.n_iter) + "\n")
f.write("# -- continuous_distribution: " +
self.continuous_distribution + "\n")
f.write("# -- discrete_distribution: " + self.discrete_distribution +
"\n")
f.write("\n")
f.write("# Randomized scores on development set:\n\n")
means = self.rs.cv_results_['mean_test_score']
stds = self.rs.cv_results_['std_test_score']
results = []
for mean, std, params in zip(means, stds,
self.rs.cv_results_['params']):
f.write("%0.3f (+/-%0.03f) for %r" % (mean, std * 2, params))
f.write("\n")
# write results to database
results.append((self.experiment_id, self.get_name(),
str(self.chain_names[:-1]),
str(self.chain_names[-1]), str(params), self.cv,
self.dataset_name, float(mean), float(std), 0))
try:
database.insert_results(results)
except Exception as e:
# print(results)
print(e)
f.write("\n\n# Randomized Search finished.")
f.close()
print("Randomized Search finished.")
def run(self, apk_file, md5, package=''):
print("Running the AndroWarn plugin!...")
log.debug("Running the AndroWarn plugin!...")
# test the existence of the results directory
if not os.path.exists(jsonResultsLocation):
os.system("mkdir " + jsonResultsLocation)
print(pluginName + ": FILE -> " + apk_file)
log.debug(pluginName + ": FILE -> " + apk_file)
apkPackageName = os.path.basename(apk_file)
if apk_file[-4:] == ".apk":
print(pluginName + ": Running on -> " + apk_file)
log.debug(pluginName + ": Running on -> " + apk_file)
print(pluginName + ": Executing -> " + config['GENERAL']['python2cmd'] + " " + androWarnLocation + "androwarn.py -i " + apk_file + " -r json -v 3")
log.debug(pluginName + ": Executing -> " + config['GENERAL']['python2cmd'] + " " + androWarnLocation + "androwarn.py -i " + apk_file + " -r json -v 3")
# ----- Start Time ------
startTime = datetime.datetime.now()
os.system(config['GENERAL']['python2cmd'] + " " + androWarnLocation + "androwarn.py -i " + apk_file + " -r json -v 3")
# move the json result file to the appropriate location
print(pluginName + ": mv " + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
log.debug(pluginName + ": mv " + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
os.system("mv " + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
# have also the information registered on the database
db.insert_results(md5, pluginName, jsonResultsLocation + md5 + ".json", 0, "")
endTime = datetime.datetime.now()
dir = './apkTimeAnalysis'
if not os.path.exists(dir):
os.system("mkdir " + dir)
data = md5+' '+pluginName+' '+str(endTime-startTime)+'\n'
with open(dir + '.txt', 'a') as f:
f.write(data)
def fit(self, X, y):
self.gs.fit(X, y)
# write results to the file
f, file_name = self.results_file_open("w")
self.write_header(f)
if self.logarithmic_scale == True:
f.write("# logarithmic_scale")
f.write("# Grid scores on development set:\n\n")
means = self.gs.cv_results_['mean_test_score']
stds = self.gs.cv_results_['std_test_score']
results = []
for mean, std, params in zip(means, stds,
self.gs.cv_results_['params']):
f.write("%0.3f (+/-%0.03f) for %r" % (mean, std * 2, params))
f.write("\n")
# write results to database
results.append((self.experiment_id, self.get_name(),
str(self.chain_names[:-1]),
str(self.chain_names[-1]), str(params), self.cv,
self.dataset_name, float(mean), float(std), 0))
f.write("\n\n# Grid Search finished.")
f.close()
try:
database.insert_results(results)
except Exception as e:
# print(results)
print(e)
print("Grid Search finished.")
import _config_simulated_annealing_search
def run(self, apk_file, md5, package=''):
print("Running the DroidStatX plugin!...")
log.debug("Running the DroidStatX plugin!...")
# test the existence of the results directory
if not os.path.exists(jsonResultsLocation):
os.system("mkdir " + jsonResultsLocation)
print(pluginName + ": FILE -> " + apk_file)
print(pluginName + ": PACKAGE -> " + package)
log.debug(pluginName + ": FILE -> " + apk_file)
if apk_file[-4:] == ".apk":
if package == '':
# probably it is not necessary to have this... maybe apktool is enough for this
cmd = aapt2ToolLocation + "aapt2 dump " + apk_file + " | grep 'Package name'"
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
(output, err) = p.communicate()
apkPackageName = str(output)[15:-9]
else:
apkPackageName = package
print(pluginName + ": Running on -> " + apk_file)
log.debug(pluginName + ": Running on -> " + apk_file)
print(pluginName + ": Executing -> " + config['GENERAL']['python3cmd'] + " " + droidStatXLocation + "droidstatx.py --apk " + apk_file)
log.debug(pluginName + ": Executing -> " + config['GENERAL']['python3cmd'] + " " + droidStatXLocation + "droidstatx.py --apk " + apk_file)
# run the tool
# ----- Start Time ------
startTime = datetime.datetime.now()
os.system(config['GENERAL']['python3cmd'] + " " + droidStatXLocation + "droidstatx.py --apk " + apk_file)
# convert .xmind file to JSON -> using xmindparser (already installed)
# from here: https://github.com/tobyqin/xmindparser
print(pluginName + ": Executing -> xmindparser " + droidStatXLocation + "output_xmind/" + apkPackageName + ".xmind -json")
log.debug(pluginName + ": Executing -> xmindparser " + droidStatXLocation + "output_xmind/" + apkPackageName + ".xmind -json")
os.system("xmindparser " + droidStatXLocation + "output_xmind/" + apkPackageName + ".xmind -json")
# move the json results to proper folder
if package == '':
print(pluginName + ": mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
log.debug(pluginName + ": mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
os.system("mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + md5 + ".json")
self.analyseVulnerability(md5)
# have also the information registered on the database
db.insert_results(md5, pluginName, jsonResultsLocation + md5 + ".json", 0, "")
else:
print(pluginName + ": mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + package + ".json")
log.debug(pluginName + ": mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + package + ".json")
os.system("mv " + droidStatXLocation + "output_xmind/" + apkPackageName + ".json " + jsonResultsLocation + package + ".json")
self.analyseVulnerability(package)
# have also the information registered on the database
db.insert_results(package, pluginName, jsonResultsLocation + package + ".json", 0, "")
endTime = datetime.datetime.now()
dir = './apkTimeAnalysis'
if not os.path.exists(dir):
os.system("mkdir " + dir)
if package == '':
data = md5+' '+pluginName+' '+str(endTime-startTime)+'\n'
else:
data = package + ' ' + pluginName + ' ' + str(endTime - startTime) + '\n'
with open(dir + '.txt', 'a') as f:
f.write(data)
def run(self, apk_file, md5, package=''):
print(pluginName + ": Running the Androbugs plugin!...")
log.debug(pluginName + ": Running the Androbugs plugin!...")
# test the existence of the results directory
if not os.path.exists(jsonResultsLocation):
os.system("mkdir " + jsonResultsLocation)
#if not os.path.exists(jsonResultsLocationVulnLevel):
# os.system("mkdir " + jsonResultsLocationVulnLevel)
#if not os.path.exists(jsonResultsLocationLevels):
# os.system("mkdir " + jsonResultsLocationLevels)
# don't know why, but Androbugs requires running from the APK dir
# print("ANDROBUGS cd " + apkLocation)
# os.system("cd " + apkLocation)
if apk_file[-4:] == ".apk":
print(pluginName + ": Running on -> " + apk_file)
log.debug(pluginName + ": Running on -> " + apk_file)
if package == '':
print(pluginName + ": Executing -> " +
config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " + apk_file +
" --md5file " + md5 + " -o " + jsonResultsLocation)
log.debug(pluginName + ": Executing -> " +
config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " +
apk_file + " --md5file " + md5 + " -o " +
jsonResultsLocation)
else:
print(pluginName + ": Executing -> " +
config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " + apk_file +
" --package " + package + " -o " + jsonResultsLocation)
log.debug(pluginName + ": Executing -> " +
config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " +
apk_file + " --package " + package + " -o " +
jsonResultsLocation)
# run the tool
# ----- Start Time ------
startTime = datetime.datetime.now()
if package == '':
os.system(config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " +
apk_file + " --md5file " + md5 + " -o " +
jsonResultsLocation)
else:
os.system(config['GENERAL']['python2cmd'] + " " +
androbugsLocation + "androbugs.py -v -f " +
apk_file + " --package " + package + " -o " +
jsonResultsLocation)
# this tool produces a text-based output... we need to consider what to do with this
# convert to JSON
#self.convert_to_json(md5)
#self.convert_to_new_json(md5)
if package == '':
self.build_scan_format(md5)
# have also the information registered on the database
db.insert_results(md5, pluginName,
jsonResultsLocation + md5 + ".json", 0,
"NOT YET IN THE FINAL FORMAT")
else:
self.build_scan_format(package)
# have also the information registered on the database
db.insert_results(package, pluginName,
jsonResultsLocation + package + ".json", 0,
"NOT YET IN THE FINAL FORMAT")
endTime = datetime.datetime.now()
dir = './apkTimeAnalysis'
if not os.path.exists(dir):
os.system("mkdir " + dir)
if package == '':
data = md5 + ' ' + pluginName + ' ' + str(endTime -
startTime) + '\n'
else:
data = package + ' ' + pluginName + ' ' + str(endTime -
startTime) + '\n'
with open(dir + '.txt', 'a') as f:
f.write(data)
log.debug("------------------------")
log.debug("APPSENTINEL MANAGER HAS BEEN INVOKED!!!!")
# 1. Go to the database and check if there are APKs to download
apks = db.get_all_apk2scan()
# 2. For each APK on the database, download it locally, add to the apk table and delete from the table
if apks:
for apk in apks:
jsondata = get_json_data(apk[1])
username = apk[3]
# check what is the return of the API call -> check if the APK exists!!!
if jsondata["info"]["status"] == "FAIL":
# that APK can't be found
log.debug("This APK doesn't exist on APTOIDE -> APK = " + apk[1])
db.delete_apk2scan(apk[1])
db.insert_results(apk[1], "", "", -1, "This APK does not exist, or it could not be downloaded from the Aptoide app store!", 'none')
else:
applicationName = jsondata["nodes"]["meta"]["data"]["name"]
applicationPackage = jsondata["nodes"]["meta"]["data"]["package"]
appVersion = jsondata["nodes"]["meta"]["data"]["file"]["vername"]
appMD5 = jsondata["nodes"]["meta"]["data"]["file"]["md5sum"]
appPath = jsondata["nodes"]["meta"]["data"]["file"]["path"]
apkfile = appPath[appPath.rfind("/") + 1:]
print("Getting the following APK => " + applicationName)
log.debug("Getting the following APK => " + applicationName)
print(applicationPackage + " (" + appVersion + ") -> " + appMD5)
log.debug(applicationPackage + " (" + appVersion + ") -> " + appMD5)
print(appPath)
log.debug(appPath)
download_apk(appPath)
write_json_data(jsondata, apk[1])
import random