def strings_from_apk(app_file, app_dir, elf_strings):
"""Extract the strings from an app."""
try:
logger.info('Extracting Strings from APK')
dat = []
secrets = []
urls = []
urls_nf = []
emails_nf = []
apk_file = os.path.join(app_dir, app_file)
and_a = apk.APK(apk_file)
rsrc = and_a.get_android_resources()
if rsrc:
pkg = rsrc.get_packages_names()[0]
rsrc.get_strings_resources()
for i in rsrc.values[pkg].keys():
res_string = rsrc.values[pkg][i].get('string')
if res_string:
for duo in res_string:
cap_str = '"' + duo[0] + '" : "' + duo[1] + '"'
if is_secret(duo[0] + '"'):
secrets.append(cap_str)
dat.append(cap_str)
data_string = ''.join(dat)
urls, urls_nf, emails_nf = url_n_email_extract(
data_string, 'Android String Resource')
if elf_strings:
for solib in elf_strings:
for so, str_list in solib.items():
# add to strings from jar
dat.extend(str_list)
# extract url, email
so_str = ' '.join(str_list)
su, suf, sem = url_n_email_extract(
so_str, so)
urls.extend(su)
urls_nf.extend(suf)
emails_nf.extend(sem)
strings_dat = list(set(dat))
return {
'strings': strings_dat,
'urls_list': urls,
'url_nf': urls_nf,
'emails_nf': emails_nf,
'secrets': secrets,
}
except Exception:
logger.exception('Extracting Strings from APK')
return {}
def extract_urls_n_email(src, all_files, strings):
"""IPA URL and Email Extraction."""
try:
logger.info('Starting IPA URL and Email Extraction')
email_n_file = []
url_n_file = []
url_list = []
domains = {}
all_files.append({'data': strings, 'name': 'IPA Strings Dump'})
for file in all_files:
if isinstance(file, dict):
relative_src_path = file['name']
dat = '\n'.join(file['data'])
# Skip CodeResources and contents under Frameworks
elif 'CodeResources' in file or '/Frameworks/' in file:
continue
elif file.endswith(('.nib', '.ttf', '.svg', '.woff2', '.png',
'.dylib', '.mobileprovision', 'Assets.car')):
continue
else:
dat = ''
relative_src_path = file.replace(src, '')
with io.open(file, mode='r', encoding='utf8',
errors='ignore') as flip:
dat = flip.read()
# Extract URLs and Emails from Plists
urls, urls_nf, emails_nf = url_n_email_extract(
dat, relative_src_path)
url_list.extend(urls)
url_n_file.extend(urls_nf)
email_n_file.extend(emails_nf)
# Unique URLs
urls_list = list(set(url_list))
# Domain Extraction and Malware Check
logger.info('Performing Malware Check on extracted Domains')
domains = MalwareDomainCheck().scan(urls_list)
logger.info('Finished URL and Email Extraction')
binary_recon = {
'urls_list': urls_list,
'urlnfile': url_n_file,
'domains': domains,
'emailnfile': email_n_file,
}
return binary_recon
except Exception:
logger.exception('IPA URL and Email Extraction')
def code_analysis(app_dir, typ, manifest_file):
"""Perform the code analysis."""
try:
logger.info('Code Analysis Started')
root = Path(settings.BASE_DIR) / 'StaticAnalyzer' / 'views'
code_rules = root / 'android' / 'rules' / 'android_rules.yaml'
api_rules = root / 'android' / 'rules' / 'android_apis.yaml'
niap_rules = root / 'android' / 'rules' / 'android_niap.yaml'
code_findings = {}
api_findings = {}
email_n_file = []
url_n_file = []
url_list = []
app_dir = Path(app_dir)
if typ == 'apk':
src = app_dir / 'java_source'
elif typ == 'studio':
src = app_dir / 'app' / 'src' / 'main' / 'java'
kt = app_dir / 'app' / 'src' / 'main' / 'kotlin'
if not src.exists() and kt.exists():
src = kt
elif typ == 'eclipse':
src = app_dir / 'src'
src = src.as_posix() + '/'
skp = settings.SKIP_CLASS_PATH
logger.info('Code Analysis Started on - %s', filename_from_path(src))
# Code and API Analysis
code_findings = scan(code_rules.as_posix(), {'.java', '.kt'}, [src],
skp)
api_findings = scan(api_rules.as_posix(), {'.java', '.kt'}, [src], skp)
# NIAP Scan
logger.info('Running NIAP Analyzer')
niap_findings = niap_scan(niap_rules.as_posix(), {'.java', '.xml'},
[src], manifest_file, None)
# Extract URLs and Emails
for pfile in Path(src).rglob('*'):
if ((pfile.suffix in ('.java', '.kt')
and any(skip_path in pfile.as_posix()
for skip_path in skp) is False)):
content = None
try:
content = pfile.read_text('utf-8', 'ignore')
# Certain file path cannot be read in windows
except Exception:
continue
relative_java_path = pfile.as_posix().replace(src, '')
urls, urls_nf, emails_nf = url_n_email_extract(
content, relative_java_path)
url_list.extend(urls)
url_n_file.extend(urls_nf)
email_n_file.extend(emails_nf)
logger.info('Finished Code Analysis, Email and URL Extraction')
code_an_dic = {
'api': api_findings,
'findings': code_findings,
'niap': niap_findings,
'urls_list': url_list,
'urls': url_n_file,
'emails': email_n_file,
}
return code_an_dic
except Exception:
logger.exception('Performing Code Analysis')