def do_analyse(self):
data.static_process_id = os.getpid()
exec "from staticAnalyzer import StaticAnalyze"
exec "from staticAnalyzer.ttypes import *"
Utils.printy('Start static analysis', 0)
time.sleep(1)
try:
transport = TSocket.TSocket(config.thrift_ip, config.thrift_port)
transport = TTransport.TBufferedTransport(transport)
protocol = TBinaryProtocol.TBinaryProtocol(transport)
client = StaticAnalyze.Client(protocol)
transport.open()
while True:
if client.connect() == "Connected":
Utils.printy_result("Connect to IDA Server", 1)
break
report_dir = "{}/temp/{}/report".format(data.root, data.start_time)
msg = client.analyze(data.static_file_path,
report_dir,
report_type='pdf')
if msg == "Fail":
Utils.printy_result("Static Analyse", 0)
else:
Utils.printy_result('Static Analyse.', 1)
data.static_report = msg
transport.close()
data.status ^= 0b0010
except Thrift.TException, ex:
print "%s" % ex.message
def connect(connector):
if connector == "u":
thread.start_new_thread(tcprelay.main, (['-t', '22:2222'], ))
time.sleep(5)
while True:
try:
Utils.printy('Conneting..', 0)
data.client = ssh.set_ssh_conn(config.mobile_ip, config.ssh_port, config.mobile_user, config.mobile_password)
break
except socket.error:
time.sleep(5)
Utils.printy_result('Operation timed out.', 0)
def stand_alone_entrance(self):
self.start_dynamic_check()
IOSs.binary_check()
self.server_scan(','.join(String().get_url(data.strings)))
self.start_static_analyse()
self.check_status()
data.dynamic_json = self.app_dynamic_info
self.analyse()
IOSs.storage_check()
report_gen = Generator()
report_gen.generate()
Utils.printy("Analyze Done.", 4)
self.clean()
def stand_alone_entrance(self):
# self.start_dynamic_check()
IOS.binary_check()
# self.server_scan(','.join(String().get_url(data.strings))) # nessus
self.start_static_analyse() # 静态引擎是独立的引擎,可生成独立的报告
# self.check_status() # 动态检测timeout
data.dynamic_json = self.app_dynamic_info
self.analyse()
IOS.storage_check()
report_gen = Generator() # 生成报告
report_gen.generate()
Utils.printy("Analyze Done.", 4) # 分析结束
self.clean()
def sql_check():
try:
files = get_files()
if not files:
Utils.printy("No SQL files found ", 2)
return
retrieved_files = Utils.get_dataprotection(files)
data.local_file_protection.extend(retrieved_files)
check = Checker(files, 'SQL')
check.start()
Utils.printy_result('Database Check.', 1)
return check.results
except Exception, e:
data.logger.warn(e)
def check(self):
try:
files = self.get_files()
if not files:
Utils.printy("No Plist files found ", 2)
return
# Add data protection class
retrieved_files = Utils.get_dataprotection(files)
data.local_file_protection.extend(retrieved_files)
# start check plist sensitive data
check = Checker(files, 'PLIST')
check.start()
data.plist_file_results = check.results
except Exception, e:
data.logger.warn(e)
def clutch(self):
client = data.client
clutch_i = Utils.cmd_block(client, 'clutch -i')
pat = re.compile(r'.+<(.+)>')
clutch_app_id = -1
for line in clutch_i.split('\n'):
m = pat.match(line)
if m:
if m.group(1) == data.app_bundleID:
clutch_app_id = int(line.split(':')[0])
if clutch_app_id != -1:
Utils.printy(
'the application is encrypted, and use clutch to decrypt', 0)
# clean the decrypted ipas already done by clutch
cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa'
Utils.cmd_block(client, cmd)
self.status = "clutching"
# Only dump binary files from the specified bundleID
cmd = 'clutch -b ' + str(clutch_app_id)
out = Utils.cmd_block(client, cmd)
pat = re.compile(r'.+Finished.+to (.+)\[0m')
for line in out.split('\n'):
m = pat.match(line)
if m:
# print m.group(1)
source = '{path}/{bundle_id}/{binary}'.format(
path=m.group(1),
bundle_id=data.metadata['bundle_id'],
binary=data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(source)
self.status = "done"
# if self.status != "done":
# Utils.printy('Failed to clutch! Try to dump the decrypted app into a file. ', 2)
# self.status = DumpDecrypted.dump_binary()
else:
# print 'the application is not encrypted'
data.static_file_path = bin_get.via_sftp(
data.metadata['binary_path'])
def prepare_for_basic_info(ipa_path, bundle_id):
# data.app_dict = Utils.ret_LastLaunch() # set app_dict
# if ipa_path:
# should_install.install_ipa_from_local(ipa_path) # set bundleID
# elif bundle_id:
# data.app_bundleID = bundle_id
# else:
# should_install.ask_for_user_choose()
# Utils.getInstalledAppList() # set bundle_ID
# Metadata().get_metadata()
# print data.app_bundleID
# pre_clutch.clutch()
if ipa_path:
try:
should_install.install_ipa_from_local(ipa_path) # set bundleID
except Exception, e:
Utils.printy("Cannot install ipa ", 2)
data.logger.debug(e)
return 4
def start_server(self):
HOST = config.socket_ip
PORT = config.socket_port
self.dynamic_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.dynamic_socket.bind((HOST, int(PORT)))
self.dynamic_socket.listen(1)
Utils.printy('Start server to receive data from application.', 0)
while not self.stopped():
conn, addr = self.dynamic_socket.accept()
input_data = conn.recv(2048)
input_data = input_data[0:-1]
if input_data == ('DONE:' + data.app_bundleID):
Utils.printy_result("Dynamic Check .", 1)
self.dynamic_socket.close()
break
elif input_data == 'Timeout':
self.dynamic_socket.close()
break
self.parse_json(self.app_info, input_data)
data.status ^= 0b0001
def paltform_entrance(self):
self.start_dynamic_check()
IOSs.binary_check()
self.server_scan(','.join(String().get_url(data.strings)))
self.start_static_analyse()
# data.status ^= 0b0010
self.check_status()
data.dynamic_json = self.app_dynamic_info
self.analyse()
IOSs.storage_check()
report_gen = Generator()
report_gen.generate()
Utils.printy("Analyze Done.", 4)
# if self.finish_dynamic_check():
# self.analyse()
# IOS.storage_check()
# if self.finish_static_analyse():
# report_gen = Generator()
# report_gen.generate()
# if self.finish_server_scan():
self.clean()
def prepare_for_basic_info(ipa_path, bundle_id):
# data.app_dict = Utils.ret_LastLaunch() # set app_dict
# if ipa_path:
# should_install.install_ipa_from_local(ipa_path) # set bundleID
# elif bundle_id:
# data.app_bundleID = bundle_id
# else:
# should_install.ask_for_user_choose()
# Utils.getInstalledAppList() # set bundle_ID
# Metadata().get_metadata()
# print data.app_bundleID
# pre_clutch.clutch()
# data.app_dict = Utils.ret_last_launch() !!! NOT SUPPORTED BY iOS9 ANYMORE
if not data.app_dict:
data.app_dict = Utils.ret_last_launch_9() # 获取当前已安装应用列表
if ipa_path: # 来自于平台
try:
should_install.install_ipa_from_local(ipa_path) # set bundleID
except Exception, e:
Utils.printy("Cannot install ipa ", 2)
data.logger.debug(e)
return 4 # 安装失败
def ask_for_user_choose():
Utils.printy('[1]: I have installed the app .', 1)
Utils.printy('[2]: I have the ipa file local to install.', 1)
while True:
user_choose_input = raw_input(clint.textui.colored.yellow("> >> >>> Enter your choice please [1/2]: > "))
if user_choose_input == '1':
Utils.getInstalledAppList()
break
elif user_choose_input == '2':
if install_ipa_from_local(""):
break
else:
continue
else:
Utils.printy('Invalid input!', 2)
def clutch():
clutch_app_id = 0
clutch_success = False
client = data.client
clutch_i = Utils.cmd_block(client, 'Clutch -i')
for line in clutch_i.split('\n'):
if data.app_bundleID in line:
break
clutch_app_id += 1
if clutch_app_id:
Utils.printy('the application is encrypted, use Clutch to decrypt', 0)
# clean the decrypted ipas already done by clutch
cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa'
Utils.cmd_block(client, cmd)
cmd = 'rm -rf /var/tmp/clutch/*'
Utils.cmd_block(client, cmd)
# Only dump binary files from the specified bundleID
cmd = 'Clutch -b ' + str(clutch_app_id)
out = Utils.cmd_block_limited(client, cmd, 600)
dumped_file = Utils.cmd_block(client, 'ls /var/tmp/clutch/*/').split()
if data.app_bundleID in dumped_file:
clutch_success = True
dir = Utils.cmd_block(client, 'ls -H /var/tmp/clutch/').strip()
source = '{path}/{bundle_id}/{binary}'.format(
path='/var/tmp/clutch/{}'.format(dir),
bundle_id=data.metadata['bundle_id'],
binary=data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(source)
if not clutch_success:
Utils.printy(
'Failed to clutch! Try to dump the decrypted app into a file. ',
2)
clutch_success = DumpDecrypted.dump_binary()
return clutch_success
else:
Utils.printy(
'Failed to Clutch. Get the binary might be encrypted. Static Analysis may fail.',
4)
data.static_file_path = bin_get.via_sftp(data.metadata['binary_path'])
return True
def when_killed(signum, frame):
print frame
Utils.printy("Server Down", 2)
dbServer.execute("update ios_app set status=? where status=?", (2, 3))
os.system("kill -9 " + str(os.getpid()))
# status == 3 in progress
dbServer.execute("update ios_app set status=? where appid=?", (3, id))
# result = dbServer.execute("select * from ios_app where appid=?", (id,))
reload(data)
logging.config.fileConfig('config/logging.conf')
data.logger = logging.getLogger('root')
data.logger.info(
"Task " + name + " starts at " +
time.strftime('%Y-%m-%d-%H-%M-%S', time.localtime(time.time())))
task = iOSAVD.IOS(path, name, static_type='pdf')
if task.status == 4:
dbServer.execute(
"update ios_app set reportpath=?, status=? where appid=?",
(data.report_path, '4', id))
elif task.status == 5:
dbServer.execute(
"update ios_app set reportpath=?, status=? where appid=?",
(data.report_path, '5', id))
else:
task.paltform_entrance()
dbServer.execute(
"update ios_app set reportpath=?, status=? where appid=?",
(data.report_path, '1', id))
data.logger.info(
"Task " + name + " ends at " +
time.strftime('%Y-%m-%d-%H-%M-%S', time.localtime(time.time())))
except IndexError:
Utils.printy("Waiting for Task", 0)
time.sleep(10)
import ConfigParser
from Util.utils import Utils
config = ConfigParser.SafeConfigParser()
config.read("./config/para_config.conf")
mobile_ip = config.get('mobile', 'mobile_ip')
mobile_user = config.get('mobile', 'mobile_user')
mobile_password = config.get('mobile', 'mobile_password')
server_ip = config.get('server', 'server_ip')
server_user = config.get('server', 'server_user')
server_password = config.get('server', 'server_password')
ssh_port = config.get('ssh', 'ssh_port')
socket_ip = config.get('socket', 'socket_ip')
socket_port = config.get('socket', 'socket_port')
respring_time = config.get('other', 'respring_time')
thrift_ip = config.get('thrift', 'server_ip')
thrift_port = config.get('thrift', 'server_port')
Utils.printy('Finished configuration.', 0)
data.app_dict = Utils.ret_last_launch_9() # 获取当前已安装应用列表
if ipa_path: # 来自于平台
try:
should_install.install_ipa_from_local(ipa_path) # set bundleID
except Exception, e:
Utils.printy("Cannot install ipa ", 2)
data.logger.debug(e)
return 4 # 安装失败
elif bundle_id: # 来自于平台
data.app_bundleID = bundle_id
else:
should_install.ask_for_user_choose()
data.app_dict = Utils.ret_last_launch_9()
Metadata().get_metadata()
Utils.printy("start analyse " + data.app_bundleID, 4)
if pre_clutch.clutch():
pass
else:
return 5
# if IOS.decrypt() == 5:
# return 5
return 0
@staticmethod
def connect(connector):
if connector == "u":
thread.start_new_thread(tcprelay.main, (['-t', '22:2222'], ))
time.sleep(5)
while True:
def login(self):
login = {'username': self.usr, 'password': self.pwd}
data = self.connect('POST', '/session', data=login)
self.token = data['token']
Utils.printy('Log into the Nessus system.', 0)
def __init__(self):
Utils.printy("Initiate DB", 0)