def write(obj):
if not PackageNameInStrings():
modifyStrings("packageName", filters.find_package())
if hasattr(obj, "getType"):
intentType = obj.getType()
if intentType==exploitService.type:
newId = modifyIntentID(exploitService.id)
modifyStrings(newId, obj.getIntent())
elif intentType in [exploitBroadcast.type]:
newId = modifyIntentID(exploitBroadcast.id)
keys = exploitBroadcast(obj).getExtra()
for key in keys:
modifyExtraKeys(newId, key)
modifyStrings(newId, obj.getIntent())
elif intentType in [exploitActivity.type]:
newId = modifyIntentID(exploitActivity.id)
keys = exploitActivity(obj).getExtra()
for key in keys:
modifyExtraKeys(newId, key)
modifyStrings(newId, obj.getExportedActivity())
elif intentType in [exploitContentProvider.type]:
newId = modifyIntentID(exploitContentProvider.id)
keys = exploitContentProvider(obj).getExtra()
for key in keys:
modifyExtraKeys(newId, key)
modifyStrings(newId, obj.getIntent())
elif intentType in [exploitReceiver.type]:
newId = modifyIntentID(exploitReceiver.id)
keys = exploitReceiver(obj).getExtra()
for key in keys:
modifyExtraKeys(newId, key)
modifyStrings(newId, obj.getIntent())
if not common.interactive_mode:
common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION'))
exit()
common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION_INTERACTIVE'))
if exploit_choice==1:
# Exploit all vulnerabilities
print "Generating exploit payloads for all vulnerabilities"
type_list=['String','StringArray','StringArrayList','Boolean','BooleanArray','Int','Float','Long','LongArray','[]','','IntArray','IntegerArrayList','FloatArray','Double','Char','CharArray','CharSequence','CharSequenceArray','CharSequenceArrayList','Byte','ByteArray', 'Bundle','Short','ShortArray','Serializable','Parcelable','ParcelableArrayList','ParcelableArray','unknownType']
shutil.rmtree(common.getConfig("rootDir") +'/build')
if str(createSploit.copy_template(common.getConfig("rootDir") + '/exploitAPKs/qark/',common.getConfig("rootDir") + '/build/qark')) is not 'ERROR':
common.exploitLocation = common.getConfig("rootDir") + '/build/qark'
if len(prov_exp_list)>0:
common.logger.info("Sorry, we're still working on the providers")
if len(act_exp_list)>0:
common.normalizeActivityNames(act_exp_list,filters.find_package())
for i in act_exp_list:
common.logger.debug(str(i))
exploit = createExploit.exploitActivity()
print str(i)
extras_list=[]
entries=common.get_entry_for_component('activity')
for n in entries:
tmp_extra=findExtras.find_extras(str(i),n)
if tmp_extra not in type_list:
if tmp_extra not in extras_list:
extras_list+=tmp_extra
common.dedup(extras_list)
if re.match(r'^\..*',str(i)):
i=str(package_name)+str(i)
exploit.setExportedActivity(str(i))
if not common.interactive_mode:
common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION'))
exit()
common.logger.error(common.config.get('qarkhelper','NOT_A_VALID_OPTION_INTERACTIVE'))
if exploit_choice==1:
# Exploit all vulnerabilities
print "Generating exploit payloads for all vulnerabilities"
type_list=['String','StringArray','StringArrayList','Boolean','BooleanArray','Int','Float','Long','LongArray','[]','','IntArray','IntegerArrayList','FloatArray','Double','Char','CharArray','CharSequence','CharSequenceArray','CharSequenceArrayList','Byte','ByteArray', 'Bundle','Short','ShortArray','Serializable','Parcelable','ParcelableArrayList','ParcelableArray','unknownType']
shutil.rmtree(common.getConfig("rootDir") +'/build')
if str(createSploit.copy_template(common.getConfig("rootDir") + '/exploitAPKs/qark/',common.getConfig("rootDir") + '/build/qark')) is not 'ERROR':
common.exploitLocation = common.getConfig("rootDir") + '/build/qark'
if len(prov_exp_list)>0:
common.logger.info("Sorry, we're still working on the providers")
if len(act_exp_list)>0:
common.normalizeActivityNames(act_exp_list,filters.find_package())
for i in act_exp_list:
common.logger.debug(str(i))
exploit = createExploit.exploitActivity()
print str(i)
extras_list=[]
entries=common.get_entry_for_component('activity')
for n in entries:
tmp_extra=findExtras.find_extras(str(i),n)
if tmp_extra not in type_list:
if tmp_extra not in extras_list:
extras_list+=tmp_extra
common.dedup(extras_list)
if re.match(r'^\..*',str(i)):
i=str(package_name)+str(i)
exploit.setExportedActivity(str(i))
