class TestFile:
def setUp(self):
self.tmp = tempfile.mkstemp()
self.file = File(self.tmp[1])
def test_get_name(self):
assert_equal(self.tmp[1].split("/")[-1], self.file.get_name())
def test_get_data(self):
assert_equal("", self.file.get_data())
def test_get_size(self):
assert_equal(0, self.file.get_size())
def test_get_crc32(self):
assert_equal("00000000", self.file.get_crc32())
def test_get_md5(self):
assert_equal("d41d8cd98f00b204e9800998ecf8427e", self.file.get_md5())
def test_get_sha1(self):
assert_equal("da39a3ee5e6b4b0d3255bfef95601890afd80709",
self.file.get_sha1())
def test_get_sha256(self):
assert_equal(
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
self.file.get_sha256())
def test_get_sha512(self):
assert_equal(
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
self.file.get_sha512())
def test_get_ssdeep(self):
try:
import pydeep
assert_not_equal(None, self.file.get_ssdeep())
except ImportError:
assert_equal(None, self.file.get_ssdeep())
def test_get_type(self):
assert_equal("empty", self.file.get_type())
def test_get_content_type(self):
assert_in(self.file.get_content_type(),
["inode/x-empty", "application/x-empty"])
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in [
"name", "size", "crc32", "md5", "sha1", "sha256", "sha512",
"ssdeep", "type"
]:
assert key in self.file.get_all()
def tearDown(self):
os.remove(self.tmp[1])
def build_options(self):
"""Generate analysis options.
@return: options dict.
"""
options = {
"id": self.task.id,
"ip": self.machine.resultserver_ip,
"port": self.machine.resultserver_port,
"category": self.task.category,
"target": self.task.target,
"package": self.task.package,
"options": self.task.options,
"enforce_timeout": self.task.enforce_timeout,
"clock": self.task.clock,
"terminate_processes": self.cfg.cuckoo.terminate_processes,
"upload_max_size": self.cfg.resultserver.upload_max_size,
"do_upload_max_size":
int(self.cfg.resultserver.do_upload_max_size),
"timeout": self.task.timeout or self.cfg.timeouts.default,
}
if self.task.category == "file":
file_obj = File(self.task.target)
options["file_name"] = file_obj.get_name()
options["file_type"] = file_obj.get_type()
# if it's a PE file, collect export information to use in more smartly determining the right package to use
options["exports"] = PortableExecutable(
self.task.target).get_dll_exports()
del file_obj
# options from auxiliary.conf
for plugin in self.aux_cfg.auxiliary_modules.keys():
options[plugin] = self.aux_cfg.auxiliary_modules[plugin]
return options
def run(self):
"""Run androguard to extract static android information
@return: list of static features
"""
self.key = "apkinfo"
apkinfo = {}
if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError(
"Sample file doesn't exist: \"%s\"" % self.file_path)
try:
a = APK(self.file_path)
if a.is_valid_APK():
manifest = {}
apkinfo["files"] = self._apk_files(a)
manifest["package"] = a.get_package()
# manifest["permissions"]=a.get_details_permissions_new()
manifest["main_activity"] = a.get_main_activity()
manifest["activities"] = a.get_activities()
manifest["services"] = a.get_services()
manifest["receivers"] = a.get_receivers()
# manifest["receivers_actions"]=a.get__extended_receivers()
manifest["providers"] = a.get_providers()
manifest["libraries"] = a.get_libraries()
apkinfo["manifest"] = manifest
# apkinfo["certificate"] = a.get_certificate()
static_calls = {}
if self.check_size(apkinfo["files"]):
vm = DalvikVMFormat(a.get_dex())
vmx = uVMAnalysis(vm)
static_calls["all_methods"] = self.get_methods(vmx)
static_calls[
"is_native_code"] = analysis.is_native_code(vmx)
static_calls["is_dynamic_code"] = analysis.is_dyn_code(
vmx)
static_calls[
"is_reflection_code"] = analysis.is_reflection_code(
vmx)
# static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
# static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
# static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
# static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
# static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
else:
log.warning("Dex size bigger than: %s",
self.options.decompilation_threshold)
apkinfo["static_method_calls"] = static_calls
except (IOError, OSError, BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return apkinfo
class TestFile:
def setUp(self):
self.tmp = tempfile.mkstemp()
self.file = File(self.tmp[1])
def test_get_name(self):
assert_equal(self.tmp[1].split("/")[-1], self.file.get_name())
def test_get_data(self):
assert_equal("", self.file.get_data())
def test_get_size(self):
assert_equal(0, self.file.get_size())
def test_get_crc32(self):
assert_equal("00000000", self.file.get_crc32())
def test_get_md5(self):
assert_equal("d41d8cd98f00b204e9800998ecf8427e", self.file.get_md5())
def test_get_sha1(self):
assert_equal("da39a3ee5e6b4b0d3255bfef95601890afd80709",
self.file.get_sha1())
def test_get_sha256(self):
assert_equal(
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
self.file.get_sha256())
def test_get_sha512(self):
assert_equal(
"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
self.file.get_sha512())
def test_get_ssdeep(self):
try:
import pydeep
assert_not_equal(None, self.file.get_ssdeep())
except ImportError:
assert_equal(None, self.file.get_ssdeep())
def test_get_type(self):
assert_equal("empty", self.file.get_type())
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in [
"name", "size", "crc32", "md5", "sha1", "sha256", "sha512",
"ssdeep", "type"
]:
assert key in self.file.get_all()
def tearDown(self):
os.remove(self.tmp[1])
def run(self):
"""Run androguard to extract static android information
@return: list of static features
"""
self.key = "apkinfo"
apkinfo = {}
if "file" not in self.task["category"] or not HAVE_ANDROGUARD:
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)
try:
a = APK(self.file_path)
if a.is_valid_APK():
manifest = {}
apkinfo["files"] = self._apk_files(a)
manifest["package"] = a.get_package()
# manifest["permissions"]=a.get_details_permissions_new()
manifest["main_activity"] = a.get_main_activity()
manifest["activities"] = a.get_activities()
manifest["services"] = a.get_services()
manifest["receivers"] = a.get_receivers()
# manifest["receivers_actions"]=a.get__extended_receivers()
manifest["providers"] = a.get_providers()
manifest["libraries"] = a.get_libraries()
apkinfo["manifest"] = manifest
# apkinfo["certificate"] = a.get_certificate()
static_calls = {}
if self.check_size(apkinfo["files"]):
vm = DalvikVMFormat(a.get_dex())
vmx = uVMAnalysis(vm)
static_calls["all_methods"] = self.get_methods(vmx)
static_calls["is_native_code"] = analysis.is_native_code(vmx)
static_calls["is_dynamic_code"] = analysis.is_dyn_code(vmx)
static_calls["is_reflection_code"] = analysis.is_reflection_code(vmx)
# static_calls["dynamic_method_calls"]= analysis.get_show_DynCode(vmx)
# static_calls["reflection_method_calls"]= analysis.get_show_ReflectionCode(vmx)
# static_calls["permissions_method_calls"]= analysis.get_show_Permissions(vmx)
# static_calls["crypto_method_calls"]= analysis.get_show_CryptoCode(vmx)
# static_calls["native_method_calls"]= analysis.get_show_NativeMethods(vmx)
else:
log.warning("Dex size bigger than: %s",
self.options.decompilation_threshold)
apkinfo["static_method_calls"] = static_calls
except (IOError, OSError, BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return apkinfo
def build_options(self):
"""Generate analysis options.
@return: options dict.
"""
options = {}
options["id"] = self.task.id
options["ip"] = self.machine.resultserver_ip
options["port"] = self.machine.resultserver_port
options["category"] = self.task.category
options["target"] = self.task.target
options["package"] = self.task.package
options["options"] = self.task.options
options["enforce_timeout"] = self.task.enforce_timeout
options["clock"] = self.task.clock
options["terminate_processes"] = self.cfg.cuckoo.terminate_processes
options["upload_max_size"] = self.cfg.resultserver.upload_max_size
options["do_upload_max_size"] = int(self.cfg.resultserver.do_upload_max_size)
if not self.task.timeout or self.task.timeout == 0:
options["timeout"] = self.cfg.timeouts.default
else:
options["timeout"] = self.task.timeout
if self.task.category == "file":
file_obj = File(self.task.target)
options["file_name"] = file_obj.get_name()
options["file_type"] = file_obj.get_type()
# if it's a PE file, collect export information to use in more smartly determining the right package to use
options["exports"] = file_obj.get_dll_exports()
del file_obj
# options from auxiliar.conf
for plugin in self.aux_cfg.auxiliar_modules.keys():
options[plugin] = self.aux_cfg.auxiliar_modules[plugin]
return options
def run(self):
"""Run Google play unofficial python api the get the google play information
@return: list of google play features
"""
self.key = "googleplay"
googleplay = {}
if not HAVE_GOOGLEPLAY:
log.error("Unable to import the GooglePlay library, has it been "
"installed properly?")
return
if not HAVE_ANDROGUARD:
log.error("Could not find the Androguard library, please install "
"it. (`pip install androguard`)")
if ("file" not in self.task["category"]):
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError(
"Sample file doesn't exist: \"%s\"" % self.file_path)
android_id = self.options.get("android_id")
google_login = self.options.get("google_login")
google_password = self.options.get("google_password")
# auth_token = self.options.get("auth_token", None)
if not android_id and not google_login and not google_password:
raise CuckooProcessingError(
"Google Play Credentials not configured, skip")
try:
a = APK(self.file_path)
if a.is_valid_APK():
package = a.get_package()
# Connect
api = GooglePlayAPI(android_id)
api.login(google_login, google_password, None)
# Get the version code and the offer type from the app details
app_data = api.details(package)
app_detail = app_data.docV2.details.appDetails
if not app_detail.installationSize:
return googleplay
googleplay["title"] = app_detail.title
googleplay["app_category"] = app_detail.appCategory._values
googleplay["version_code"] = app_detail.versionCode
googleplay["app_type"] = app_detail.appType
googleplay["content_rating"] = app_detail.contentRating
googleplay["developer_email"] = app_detail.developerEmail
googleplay["developer_name"] = app_detail.developerName
googleplay[
"developer_website"] = app_detail.developerWebsite
googleplay[
"installation_size"] = app_detail.installationSize
googleplay["num_downloads"] = app_detail.numDownloads
googleplay["upload_date"] = app_detail.uploadDate
googleplay["permissions"] = app_detail.permission._values
except (IOError, OSError, BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return googleplay
def run(self):
"""Run Google play unofficial python api the get the google play information
@return: list of google play features
"""
self.key = "googleplay"
googleplay = {}
if not HAVE_GOOGLEPLAY:
log.error("Unable to import the GooglePlay library, has it been "
"installed properly?")
return
if not HAVE_ANDROGUARD:
log.error("Could not find the Androguard library, please install "
"it. (`pip install androguard`)")
if ("file" not in self.task["category"]):
return
f = File(self.task["target"])
if f.get_name().endswith((".zip", ".apk")) or "zip" in f.get_type():
if not os.path.exists(self.file_path):
raise CuckooProcessingError("Sample file doesn't exist: \"%s\"" % self.file_path)
android_id = self.options.get("android_id")
google_login = self.options.get("google_login")
google_password = self.options.get("google_password")
# auth_token = self.options.get("auth_token", None)
if not android_id and not google_login and not google_password:
raise CuckooProcessingError("Google Play Credentials not configured, skip")
try:
a = APK(self.file_path)
if a.is_valid_APK():
package = a.get_package()
# Connect
api = GooglePlayAPI(android_id)
api.login(google_login, google_password, None)
# Get the version code and the offer type from the app details
app_data = api.details(package)
app_detail = app_data.docV2.details.appDetails
if not app_detail.installationSize:
return googleplay
googleplay["title"] = app_detail.title
googleplay["app_category"] = app_detail.appCategory._values
googleplay["version_code"] = app_detail.versionCode
googleplay["app_type"] = app_detail.appType
googleplay["content_rating"] = app_detail.contentRating
googleplay["developer_email"] = app_detail.developerEmail
googleplay["developer_name"] = app_detail.developerName
googleplay["developer_website"] = app_detail.developerWebsite
googleplay["installation_size"] = app_detail.installationSize
googleplay["num_downloads"] = app_detail.numDownloads
googleplay["upload_date"] = app_detail.uploadDate
googleplay["permissions"] = app_detail.permission._values
except (IOError, OSError, BadZipfile) as e:
raise CuckooProcessingError("Error opening file %s" % e)
return googleplay
