def lookForComponentInManifest(apkfile, node, attrib):
result = list()
outputManifestFile = "AndroidManifest.xml.tmp"
manifestFile = open(outputManifestFile, "w")
manifestFile.write(
manifestDecoder.extractManifest(apkfile).encode('utf-8'))
manifestFile.close()
command = "cat " + outputManifestFile + " | grep manifest | sed -nE 's/.*package=\"([^\"]+)\".*/\\1/p'"
package = subprocess.check_output(command, shell=True).replace("\n", "")
command = "cat " + outputManifestFile + " | grep " + node + " | sed -nE 's/.*" + attrib + "=\"([^\"]+)\".*/\\1/p'"
elements = subprocess.check_output(command, shell=True)
for element in elements.split("\n"):
if element and element.strip():
if (element.startswith(".")):
result.append(package + element)
else:
result.append(element)
os.remove(outputManifestFile)
return result
def lookForComponentInManifest(apkFile, node, attrib):
result = list()
outputManifestFile = "AndroidManifest.xml.tmp"
manifestFile = open(outputManifestFile, "w")
manifestFile.write(manifestDecoder.extractManifest(apkFile).encode('utf-8'))
manifestFile.close()
command = "cat " + outputManifestFile + " | grep manifest | sed -nE 's/.*package=\"([^\"]+)\".*/\\1/p'"
package = subprocess.check_output(command, shell=True).replace("\n", "")
command = "cat " + outputManifestFile + " | grep " + node + " | sed -nE 's/.*" + attrib + "=\"([^\"]+)\".*/\\1/p'"
elements = subprocess.check_output(command, shell=True)
for element in elements.split("\n"):
if element and element.strip():
if(element.startswith(".")):
result.append(package + element)
else:
result.append(element)
os.remove(outputManifestFile)
return result
def extractGeneralUseInformation():
os.makedirs(outputInfoDir)
printTitle("unzip APK content")
genericFunctions.unzipFileIntoDir(sample, outputZipDir)
printTitle("decoding with apktool")
os.system(
APKTOOL_COMMAND.replace("#FILE#",
sample).replace("#OUTPUT_DIR#",
outputApktoolDir))
printTitle("decoding with jadx")
os.system(
JADX_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#",
outputJadxDir))
printTitle("decoding AndroidManifest.xml")
manifestFile = open(outputManifestFile, "w")
manifestFile.write(manifestDecoder.extractManifest(sample).encode('utf-8'))
manifestFile.close()
printTitle("extracting cert info")
os.system("keytool -printcert -file " + outputZipDir +
"/META-INF/*.RSA > " + outputInfoDir + "/cert.txt")
printTitle("identifing file timestamps")
os.system("unzip -l " + sample +
" | awk '{print $2,$3,$4;}' | egrep '[0-9]{4}-' | sort > " +
outputZipFile)
printTitle("looking for file extensions")
findAndReportExtension("apk")
findAndReportExtension("jar")
findAndReportExtension("class")
findAndReportExtension("java")
findAndReportExtension("so")
findAndReportExtension("js")
findAndReportExtension("html")
printTitle("looking for strings")
if os.path.exists(classesFile):
findAndReportBinaryString(classesFile, "https?:")
findAndReportBinaryString(classesFile, "aHR0cDo|aHR0cHM6L") # base64
findAndReportBinaryString(
classesFile,
"%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa
findAndReportBinaryString(classesFile, "L[^;]+?;")
findAndReportString(outputZipDir, "https?:")
findAndReportString(outputZipDir, "aHR0cDo|aHR0cHM6L") # base64
findAndReportString(
outputZipDir, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa
def extractGeneralUseInformation():
os.makedirs(outputInfoDir)
printTitle("unzip APK content")
genericFunctions.unzipFileIntoDir(sample, outputZipDir)
printTitle("decoding with apktool")
os.system(APKTOOL_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputApktoolDir))
printTitle("decoding with jadx")
os.system(JADX_COMMAND.replace("#FILE#", sample).replace("#OUTPUT_DIR#", outputJadxDir))
printTitle("decoding AndroidManifest.xml")
manifestFile = open(outputManifestFile, "w")
manifestFile.write(manifestDecoder.extractManifest(sample).encode('utf-8'))
manifestFile.close()
printTitle("extracting cert info")
os.system("keytool -printcert -file " + outputZipDir + "/META-INF/*.RSA > " + outputInfoDir + "/cert.txt")
printTitle("identifing file timestamps")
os.system("unzip -l " + sample + " | awk '{print $2,$3,$4;}' | egrep '[0-9]{4}-' | sort > " + outputZipFile)
printTitle("looking for file extensions")
findAndReportExtension("apk")
findAndReportExtension("jar")
findAndReportExtension("class")
findAndReportExtension("java")
findAndReportExtension("so")
findAndReportExtension("js")
findAndReportExtension("html")
printTitle("looking for strings")
if os.path.exists(classesFile):
findAndReportBinaryString(classesFile, "https?:")
findAndReportBinaryString(classesFile, "aHR0cDo|aHR0cHM6L") # base64
findAndReportBinaryString(classesFile, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa
findAndReportBinaryString(classesFile, "L[^;]+?;")
findAndReportString(outputZipDir, "https?:")
findAndReportString(outputZipDir, "aHR0cDo|aHR0cHM6L") # base64
findAndReportString(outputZipDir, "%68%74%74%70%3A%2F%2F|%68%74%74%70%73%3A%2F%2F") # hexa
