Пример #1
0
def sign_apk(package_name):
    print(bcolors.OKGREEN + "Sign the application " + bcolors.ENDC + "using " + bcolors.BOLD + "appium/signapk" + bcolors.ENDC + " tool")
    cmd = "signapk /tmp/Attacks/DebuggablePackage/" + package_name + ".b.apk"
    output = cmdutils.launchcmdaliasreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
Пример #2
0
def repackage_debuggable_application(package_name):
    '''
    
    '''
    print(bcolors.OKGREEN + "Repackage the app" + bcolors.ENDC + " using " + bcolors.BOLD + "apktool" + bcolors.ENDC)
    cmd = "apktool b /tmp/Attacks/DecodedPackage -o /tmp/Attacks/DebuggablePackage/" + package_name + ".b.apk"
    output = cmdutils.launchcmdreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
Пример #3
0
def reinstall_app(package_name):
    print(bcolors.OKGREEN + "Uninstall the production app from the device" + bcolors.ENDC)
    cmd = "adb uninstall " + package_name
    cmdutils.launchcmd(cmd)
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)

    print(bcolors.OKGREEN + "Reinstall the debuggable app to the device" + bcolors.ENDC)
    cmd = "adb install /tmp/Attacks/DebuggablePackage/" + package_name + ".b.s.apk"
    output = cmdutils.launchcmdreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
Пример #4
0
def make_application_debuggable():
    '''
    Use sed command to add debuggable=true to the Application Manifest.
    '''
    #Use sed method to add debuggable=true to the application manifest.
    print(bcolors.OKGREEN + "Make app debuggable" + bcolors.ENDC +  " using " + bcolors.BOLD + "sed" + bcolors.ENDC + " command")
    cmd = "sed -i -e 's/<application /<application android:debuggable=\"true\" /' /tmp/Attacks/DecodedPackage/AndroidManifest.xml"

    output = cmdutils.launchcmdreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)  
Пример #5
0
def allow_backup():
    '''
    Use grep and sed commands to allow backup on the application through the Application Manifest.
    '''
    print(bcolors.OKGREEN + "Allow backup on app" + bcolors.ENDC + " using " + bcolors.BOLD + "sed" + bcolors.ENDC + " command")
    cmd = "sed -i -e 's/android:allowBackup=\"false\" / /' /tmp/Attacks/DecodedPackage/AndroidManifest.xml"
    cmdutils.launchcmd(cmd)

    cmd = "sed -i -e 's/<application /<application android:allowBackup=\"true\" /' /tmp/Attacks/DecodedPackage/AndroidManifest.xml"
    output = cmdutils.launchcmdreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
Пример #6
0
def disassemble_package(package_name):
    """
    Disassemble the application package using the apktool.
    apktool must be installed on the computer.

    Params: 
    package_name The package name, without the ".apk" extension, that is going to be unzipped. 
    """
    print(bcolors.OKGREEN + "Disassemble package " + bcolors.ENDC + bcolors.BOLD + package_name + ".apk" + bcolors.ENDC + " using " + bcolors.BOLD + "apktool" + bcolors.ENDC)
    cmd = "apktool d " + "/tmp/Attacks/SourcePackage/" +  package_name + ".apk" + " -f -o " + "/tmp/Attacks/DecodedPackage"

    output = cmdutils.launchcmdreturnoutput(cmd)
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
Пример #7
0
def unzip_package(package_name):
    '''
    Unzip the package and store the result in the "UnzippedPackaged" folder.

    Params: 
    package_name The package name, without the ".apk" extension, that is going to be unzipped. 
    '''
    print(bcolors.OKGREEN + "Extract package  : " + bcolors.BOLD + package_name + bcolors.ENDC + " to " + bcolors.BOLD + "/tmp/Attacks/UnzippedPackaged" + bcolors.ENDC + " folder.")
    cmd = "unzip /tmp/Attacks/SourcePackage/" + package_name + ".apk '*' -d /tmp/Attacks/UnzippedPackaged"

    output = cmdutils.launchcmdreturnoutput(cmd)
    #process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=None, shell=True)
    #output = process.communicate()
    
    logging.display_verbose_logging(output[0])
    logging.display_logging(bcolors.BOLD + "Done" + bcolors.ENDC)
def __check_for_string_infile(string, file_name):
    '''
    Check for the occurence of a string using the grep command

    Params: 

    string The string we want to check

    file_name The log file name from the /tmp/Attacks/InsecureLogging
    '''
    to_file_path = "/tmp/Attacks/InsecureLogging/grepresult-" + string + ".txt"

    logging.display_logging(bcolors.BOLD + "Check the number of occurences" +
                            bcolors.ENDC + " of " + bcolors.OKGREEN + "\"" +
                            string + "\"" + bcolors.ENDC +
                            " in the log file and store it to " +
                            bcolors.BOLD + to_file_path + bcolors.ENDC + ".")
    cmd = "grep " + string + " /tmp/Attacks/InsecureLogging/" + file_name + " > " + to_file_path
    process = subprocess.Popen(cmd, shell=True)