def APIAnalysis(PKG, LOCATION):
print "\n[INFO] Dynamic API Analysis"
dat = ""
API_BASE64 = []
API_FILEIO = []
API_RELECT = []
API_SYSPROP = []
API_CNTRSLVR = []
API_CNTVAL = []
API_BINDER = []
API_CRYPTO = []
API_ACNTMNGER = []
API_DEVICEINFO = []
API_NET = []
API_DEXLOADER = []
API_CMD = []
API_SMS = []
try:
with open(LOCATION, "r") as f:
dat = f.readlines()
ID = "Droidmon-apimonitor-" + PKG + ":"
for line in dat:
line = line.decode('utf8', 'ignore')
if (ID) in line:
#print "LINE: " + line
param, value = line.split(ID, 1)
#print "PARAM is :" + param
#print "Value is :"+ value
try:
APIs = json.loads(value, strict=False)
RET = ''
CLS = ''
MTD = ''
ARGS = ''
MTD = str(APIs["method"])
CLS = str(APIs["class"])
#print "Called Class: " + CLS
#print "Called Method: " + MTD
if APIs.get('return'):
RET = str(APIs["return"])
#print "Return Data: " + RET
else:
#print "No Return Data"
RET = "No Return Data"
if APIs.get('args'):
ARGS = str(APIs["args"])
#print "Passed Arguments" + ARGS
else:
#print "No Arguments Passed"
ARGS = "No Arguments Passed"
#XSS Safe
D = "</br>METHOD: " + escape(
MTD) + "</br>ARGUMENTS: " + escape(
ARGS) + "</br>RETURN DATA: " + escape(RET)
if re.findall("android.util.Base64", CLS):
#Base64 Decode
if ("decode" in MTD):
args_list = python_list(ARGS)
if isBase64(args_list[0]):
D += '</br><span class="label label-info">Decoded String:</span> ' + escape(
base64.b64decode(args_list[0]))
API_BASE64.append(D)
if re.findall(
'libcore.io|android.app.SharedPreferencesImpl$EditorImpl',
CLS):
API_FILEIO.append(D)
if re.findall('java.lang.reflect', CLS):
API_RELECT.append(D)
if re.findall(
'android.content.ContentResolver|android.location.Location|android.media.AudioRecord|android.media.MediaRecorder|android.os.SystemProperties',
CLS):
API_SYSPROP.append(D)
if re.findall(
'android.app.Activity|android.app.ContextImpl|android.app.ActivityThread',
CLS):
API_BINDER.append(D)
if re.findall(
'javax.crypto.spec.SecretKeySpec|javax.crypto.Cipher|javax.crypto.Mac',
CLS):
API_CRYPTO.append(D)
if re.findall(
'android.accounts.AccountManager|android.app.ApplicationPackageManager|android.app.NotificationManager|android.net.ConnectivityManager|android.content.BroadcastReceiver',
CLS):
API_ACNTMNGER.append(D)
if re.findall(
'android.telephony.TelephonyManager|android.net.wifi.WifiInfo|android.os.Debug',
CLS):
API_DEVICEINFO.append(D)
if re.findall(
'dalvik.system.BaseDexClassLoader|dalvik.system.DexFile|dalvik.system.DexClassLoader|dalvik.system.PathClassLoader',
CLS):
API_DEXLOADER.append(D)
if re.findall(
'java.lang.Runtime|java.lang.ProcessBuilder|java.io.FileOutputStream|java.io.FileInputStream|android.os.Process',
CLS):
API_CMD.append(D)
if re.findall('android.content.ContentValues', CLS):
API_CNTVAL.append(D)
if re.findall('android.telephony.SmsManager', CLS):
API_SMS.append(D)
if re.findall(
'java.net.URL|org.apache.http.impl.client.AbstractHttpClient',
CLS):
API_NET.append(D)
except:
PrintException("[ERROR] Parsing JSON Failed for: " + value)
except:
PrintException("[ERROR] Dynamic API Analysis")
pass
return list(set(API_NET)), list(set(API_BASE64)), list(
set(API_FILEIO)), list(set(API_BINDER)), list(set(API_CRYPTO)), list(
set(API_DEVICEINFO)), list(set(API_CNTVAL)), list(
set(API_SMS)), list(set(API_SYSPROP)), list(
set(API_DEXLOADER)), list(set(API_RELECT)), list(
set(API_ACNTMNGER)), list(set(API_CMD))
def api_analysis(package, location):
"""API Analysis"""
api_analysis_result = {}
logger.info("Dynamic API Analysis")
dat = ""
api_base64 = []
api_fileio = []
api_reflect = []
api_sysprop = []
api_cntvl = []
api_binder = []
api_crypto = []
api_acntmnger = []
api_deviceinfo = []
api_net = []
api_dexloader = []
api_cmd = []
api_sms = []
try:
with open(location, "r", encoding="utf-8") as flip:
dat = flip.readlines()
res_id = "Droidmon-apimonitor-" + package + ":"
for line in dat:
if res_id in line:
# print "LINE: " + line
_, value = line.split(res_id, 1)
# print "PARAM is :" + param
# print "Value is :"+ value
try:
apis = json.loads(value, strict=False)
ret = ''
args = ''
mtd = str(apis["method"])
clss = str(apis["class"])
# print "Called Class: " + CLS
# print "Called Method: " + MTD
if apis.get('return'):
ret = str(apis["return"])
# print "Return Data: " + RET
else:
# print "No Return Data"
ret = "No Return Data"
if apis.get('args'):
args = str(apis["args"])
# print "Passed Arguments" + ARGS
else:
# print "No Arguments Passed"
args = "No Arguments Passed"
# XSS Safe
call_data = "</br>METHOD: " + \
escape(mtd) + "</br>ARGUMENTS: " + escape(args) + \
"</br>RETURN DATA: " + escape(ret)
if re.findall("android.util.Base64", clss):
# Base64 Decode
if "decode" in mtd:
args_list = python_list(args)
if isBase64(args_list[0]):
call_data += '</br><span class="label label-info">' +\
'Decoded String:</span> ' + \
escape(base64.b64decode(args_list[0]))
api_base64.append(call_data)
if re.findall('libcore.io|android.app.SharedPreferencesImpl\$EditorImpl', clss):
api_fileio.append(call_data)
if re.findall('java.lang.reflect', clss):
api_reflect.append(call_data)
if re.findall('android.content.ContentResolver|android.location.Location|android.media.AudioRecord|android.media.MediaRecorder|android.os.SystemProperties', clss):
api_sysprop.append(call_data)
if re.findall('android.app.Activity|android.app.ContextImpl|android.app.ActivityThread', clss):
api_binder.append(call_data)
if re.findall('javax.crypto.spec.SecretKeySpec|javax.crypto.Cipher|javax.crypto.Mac', clss):
api_crypto.append(call_data)
if re.findall('android.accounts.AccountManager|android.app.ApplicationPackageManager|android.app.NotificationManager|android.net.ConnectivityManager|android.content.BroadcastReceiver', clss):
api_acntmnger.append(call_data)
if re.findall('android.telephony.TelephonyManager|android.net.wifi.WifiInfo|android.os.Debug', clss):
api_deviceinfo.append(call_data)
if re.findall('dalvik.system.BaseDexClassLoader|dalvik.system.DexFile|dalvik.system.DexClassLoader|dalvik.system.PathClassLoader', clss):
api_dexloader.append(call_data)
if re.findall('java.lang.Runtime|java.lang.ProcessBuilder|java.io.FileOutputStream|java.io.FileInputStream|android.os.Process', clss):
api_cmd.append(call_data)
if re.findall('android.content.ContentValues', clss):
api_cntvl.append(call_data)
if re.findall('android.telephony.SmsManager', clss):
api_sms.append(call_data)
if re.findall('java.net.URL|org.apache.http.impl.client.AbstractHttpClient', clss):
api_net.append(call_data)
except:
PrintException("[ERROR] Parsing JSON Failed for: " + value)
except:
PrintException("[ERROR] Dynamic API Analysis")
api_analysis_result["api_net"] = list(set(api_net))
api_analysis_result["api_base64"] = list(set(api_base64))
api_analysis_result["api_fileio"] = list(set(api_fileio))
api_analysis_result["api_binder"] = list(set(api_binder))
api_analysis_result["api_crypto"] = list(set(api_crypto))
api_analysis_result["api_deviceinfo"] = list(set(api_deviceinfo))
api_analysis_result["api_cntvl"] = list(set(api_cntvl))
api_analysis_result["api_sms"] = list(set(api_sms))
api_analysis_result["api_sysprop"] = list(set(api_sysprop))
api_analysis_result["api_dexloader"] = list(set(api_dexloader))
api_analysis_result["api_reflect"] = list(set(api_reflect))
api_analysis_result["api_acntmnger"] = list(set(api_acntmnger))
api_analysis_result["api_cmd"] = list(set(api_cmd))
return api_analysis_result
def APIAnalysis(PKG, LOCATION):
print "\n[INFO] Dynamic API Analysis"
dat = ""
API_BASE64 = []
API_FILEIO = []
API_RELECT = []
API_SYSPROP = []
API_CNTRSLVR = []
API_CNTVAL = []
API_BINDER = []
API_CRYPTO = []
API_ACNTMNGER = []
API_DEVICEINFO = []
API_NET = []
API_DEXLOADER = []
API_CMD = []
API_SMS = []
try:
with open(LOCATION, "r") as f:
dat = f.readlines()
ID = "Droidmon-apimonitor-" + PKG + ":"
for line in dat:
line = line.decode('utf8', 'ignore')
if (ID) in line:
# print "LINE: " + line
param, value = line.split(ID, 1)
# print "PARAM is :" + param
# print "Value is :"+ value
try:
APIs = json.loads(value, strict=False)
RET = ''
CLS = ''
MTD = ''
ARGS = ''
MTD = str(APIs["method"])
CLS = str(APIs["class"])
# print "Called Class: " + CLS
# print "Called Method: " + MTD
if APIs.get('return'):
RET = str(APIs["return"])
# print "Return Data: " + RET
else:
# print "No Return Data"
RET = "No Return Data"
if APIs.get('args'):
ARGS = str(APIs["args"])
# print "Passed Arguments" + ARGS
else:
# print "No Arguments Passed"
ARGS = "No Arguments Passed"
# XSS Safe
D = "</br>METHOD: " + \
escape(MTD) + "</br>ARGUMENTS: " + escape(ARGS) + \
"</br>RETURN DATA: " + escape(RET)
if re.findall("android.util.Base64", CLS):
# Base64 Decode
if ("decode" in MTD):
args_list = python_list(ARGS)
if isBase64(args_list[0]):
D += '</br><span class="label label-info">Decoded String:</span> ' + \
escape(base64.b64decode(args_list[0]))
API_BASE64.append(D)
if re.findall('libcore.io|android.app.SharedPreferencesImpl$EditorImpl', CLS):
API_FILEIO.append(D)
if re.findall('java.lang.reflect', CLS):
API_RELECT.append(D)
if re.findall('android.content.ContentResolver|android.location.Location|android.media.AudioRecord|android.media.MediaRecorder|android.os.SystemProperties', CLS):
API_SYSPROP.append(D)
if re.findall('android.app.Activity|android.app.ContextImpl|android.app.ActivityThread', CLS):
API_BINDER.append(D)
if re.findall('javax.crypto.spec.SecretKeySpec|javax.crypto.Cipher|javax.crypto.Mac', CLS):
API_CRYPTO.append(D)
if re.findall('android.accounts.AccountManager|android.app.ApplicationPackageManager|android.app.NotificationManager|android.net.ConnectivityManager|android.content.BroadcastReceiver', CLS):
API_ACNTMNGER.append(D)
if re.findall('android.telephony.TelephonyManager|android.net.wifi.WifiInfo|android.os.Debug', CLS):
API_DEVICEINFO.append(D)
if re.findall('dalvik.system.BaseDexClassLoader|dalvik.system.DexFile|dalvik.system.DexClassLoader|dalvik.system.PathClassLoader', CLS):
API_DEXLOADER.append(D)
if re.findall('java.lang.Runtime|java.lang.ProcessBuilder|java.io.FileOutputStream|java.io.FileInputStream|android.os.Process', CLS):
API_CMD.append(D)
if re.findall('android.content.ContentValues', CLS):
API_CNTVAL.append(D)
if re.findall('android.telephony.SmsManager', CLS):
API_SMS.append(D)
if re.findall('java.net.URL|org.apache.http.impl.client.AbstractHttpClient', CLS):
API_NET.append(D)
except:
PrintException("[ERROR] Parsing JSON Failed for: " + value)
except:
PrintException("[ERROR] Dynamic API Analysis")
pass
return list(set(API_NET)), list(set(API_BASE64)), list(set(API_FILEIO)), list(set(API_BINDER)), list(set(API_CRYPTO)), list(set(API_DEVICEINFO)), list(set(API_CNTVAL)), list(set(API_SMS)), list(set(API_SYSPROP)), list(set(API_DEXLOADER)), list(set(API_RELECT)), list(set(API_ACNTMNGER)), list(set(API_CMD))
def api_analysis(package, location):
"""API Analysis"""
api_analysis_result = {}
logger.info("Dynamic API Analysis")
dat = ""
api_base64 = []
api_fileio = []
api_reflect = []
api_sysprop = []
api_cntvl = []
api_binder = []
api_crypto = []
api_acntmnger = []
api_deviceinfo = []
api_net = []
api_dexloader = []
api_cmd = []
api_sms = []
try:
with open(location, "r", encoding="utf-8") as flip:
dat = flip.readlines()
res_id = "Droidmon-apimonitor-" + package + ":"
for line in dat:
if res_id in line:
# print "LINE: " + line
_, value = line.split(res_id, 1)
# print "PARAM is :" + param
# print "Value is :"+ value
try:
apis = json.loads(value, strict=False)
ret = ''
args = ''
mtd = str(apis["method"])
clss = str(apis["class"])
# print "Called Class: " + CLS
# print "Called Method: " + MTD
if apis.get('return'):
ret = str(apis["return"])
# print "Return Data: " + RET
else:
# print "No Return Data"
ret = "No Return Data"
if apis.get('args'):
args = str(apis["args"])
# print "Passed Arguments" + ARGS
else:
# print "No Arguments Passed"
args = "No Arguments Passed"
# XSS Safe
call_data = "</br>METHOD: " + \
escape(mtd) + "</br>ARGUMENTS: " + escape(args) + \
"</br>RETURN DATA: " + escape(ret)
if re.findall("android.util.Base64", clss):
# Base64 Decode
if "decode" in mtd:
args_list = python_list(args)
if isBase64(args_list[0]):
call_data += '</br><span class="label label-info">' +\
'Decoded String:</span> ' + \
escape(base64.b64decode(args_list[0]))
api_base64.append(call_data)
if re.findall('libcore.io|android.app.SharedPreferencesImpl\$EditorImpl', clss):
api_fileio.append(call_data)
if re.findall('java.lang.reflect', clss):
api_reflect.append(call_data)
if re.findall('android.content.ContentResolver|android.location.Location|android.media.AudioRecord|android.media.MediaRecorder|android.os.SystemProperties', clss):
api_sysprop.append(call_data)
if re.findall('android.app.Activity|android.app.ContextImpl|android.app.ActivityThread', clss):
api_binder.append(call_data)
if re.findall('javax.crypto.spec.SecretKeySpec|javax.crypto.Cipher|javax.crypto.Mac', clss):
api_crypto.append(call_data)
if re.findall('android.accounts.AccountManager|android.app.ApplicationPackageManager|android.app.NotificationManager|android.net.ConnectivityManager|android.content.BroadcastReceiver', clss):
api_acntmnger.append(call_data)
if re.findall('android.telephony.TelephonyManager|android.net.wifi.WifiInfo|android.os.Debug', clss):
api_deviceinfo.append(call_data)
if re.findall('dalvik.system.BaseDexClassLoader|dalvik.system.DexFile|dalvik.system.DexClassLoader|dalvik.system.PathClassLoader', clss):
api_dexloader.append(call_data)
if re.findall('java.lang.Runtime|java.lang.ProcessBuilder|java.io.FileOutputStream|java.io.FileInputStream|android.os.Process', clss):
api_cmd.append(call_data)
if re.findall('android.content.ContentValues', clss):
api_cntvl.append(call_data)
if re.findall('android.telephony.SmsManager', clss):
api_sms.append(call_data)
if re.findall('java.net.URL|org.apache.http.impl.client.AbstractHttpClient', clss):
api_net.append(call_data)
except:
PrintException("Parsing JSON Failed for: " + value)
except:
PrintException("Dynamic API Analysis")
api_analysis_result["api_net"] = list(set(api_net))
api_analysis_result["api_base64"] = list(set(api_base64))
api_analysis_result["api_fileio"] = list(set(api_fileio))
api_analysis_result["api_binder"] = list(set(api_binder))
api_analysis_result["api_crypto"] = list(set(api_crypto))
api_analysis_result["api_deviceinfo"] = list(set(api_deviceinfo))
api_analysis_result["api_cntvl"] = list(set(api_cntvl))
api_analysis_result["api_sms"] = list(set(api_sms))
api_analysis_result["api_sysprop"] = list(set(api_sysprop))
api_analysis_result["api_dexloader"] = list(set(api_dexloader))
api_analysis_result["api_reflect"] = list(set(api_reflect))
api_analysis_result["api_acntmnger"] = list(set(api_acntmnger))
api_analysis_result["api_cmd"] = list(set(api_cmd))
return api_analysis_result