def get_shared_preferences_writes(apk,d,dx,include_support=None): shared_preferences = [] sharedprefs_instruction_paths = dx.tainted_packages.search_methods("", "getSharedPreferences", "\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;") context_instruction_paths = dx.tainted_packages.search_methods(".", "createPackageContext", ".") for path in sharedprefs_instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src(d.get_class_manager()) if should_analyze(src_class_name,include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0,path.idx) index = get_instruction_offset(i,method) if is_edit_present_later(method,index): new_var = "" if i.get_op_value() == 0x6E:#invoke-virtual { parameters }, methodtocall new_var = i.get_output().split(",")[1].strip() file_mode_var = i.get_output().split(",")[2].strip() elif i.get_op_value() == 0x74:#invoke-virtual/range {vx..vy},methodtocall new_var = i.get_output().split(",")[0].split(".")[-1].strip()[1:] num = int(new_var)-1 new_var = "v"+`num` file_mode_var = "v"+new_var file_mode = track_int_value(method,index-1,file_mode_var) if file_mode != 0:#if word readable or writable pref_file = track_string_value(method,index-1,new_var) context_path = get_path_of_method(src_class_name,src_method_name, context_instruction_paths,d) if context_path: context_method = d.get_method_by_idx(context_path.src_idx) c_i = context_method.get_instruction(0,context_path.idx) c_index = get_instruction_offset(c_i,context_method) c_name_var = c_i.get_output().split(",")[1].strip() package = track_string_value(context_method, c_index-1, c_name_var) else: package = apk.get_package() sharedprefs = SharedPreferencesAnalysis(package, pref_file,"write") shared_preferences.append(sharedprefs) return shared_preferences
def track_intent_filter_direct(method,index,variable): """ Tracks the value of the IntentFilter action :param method: is the method where we are searching :param index: is the next instruction after the declaration of the IntentFilter has been found :param variable: is the register name where the IntentFilter is placed :return: """ action = "notDefinedInMethod" while index > 0: ins = method.get_instruction(index) if variable == ins.get_output().split(",")[0].strip() and "Landroid/content/IntentFilter;-><init>(Ljava/lang/String;" in ins.get_output(): new_var = ins.get_output().split(",")[1].strip() action = track_string_value(method,index-1,new_var) return action elif (len(ins.get_output().split(",")) > 1 and variable == ins.get_output().split(",")[1].strip() and ins.get_op_value() in [0x07, 0x08]):#move-objects # Move operation, we just need to track the new variable now. new_var = ins.get_output().split(",")[0].strip() #print "++++"+new_var action2 = track_intent_filter_direct(method,index+1,new_var) if(action2 not in ["notDefinedInMethod", "registerReceiver"]):# it may happen that the same variable is referenced in two register. One leads to nowehere and the other is the correct one. action = action2 return action elif (variable == ins.get_output().split(",")[0].strip() and "Landroid/content/IntentFilter;-><init>(Landroid/content/IntentFilter;" in ins.get_output()): # The intent filter is initialized with other intent filter. # We update the register name to look for. #TODO THIS GENERATES FALSE POSITIVES new_var = ins.get_output().split(",")[1].strip() action2 = track_intent_filter_direct(method,index+1,new_var) if(action2 not in ["notDefinedInMethod", "registerReceiver"]):# it may happen that the same variable is referenced in two register. One leads to nowehere and the other is the correct one. action = action2 return action elif (variable == ins.get_output().split(",")[0].strip() and "addAction" in ins.get_output()): # There is an addAction that declares the action # We need to look for its value new_var = ins.get_output().split(",")[1].strip() if "p" in new_var:# the varaible comes from a method parameter action = "MethodParameter" return action else: action = track_string_value(method,index-1,new_var) return action elif (variable == ins.get_output().split(",")[0].strip() and ins.get_op_value() in [0x54]):#taking value from a method call. action = ins.get_output().split(",")[2].strip() return action elif "registerReceiver" in ins.get_output(): action = "registerReceiverFoundWithouBeingAbleToTrackParameters" return action index -= 1 return action
def get_shared_preferences_reads(apk, d, dx, include_support=None): shared_preferences = [] sharedprefs_instruction_paths = dx.tainted_packages.search_methods( ".", "getSharedPreferences", "\(Ljava/lang/String; I\)Landroid/content/SharedPreferences;") context_instruction_paths = dx.tainted_packages.search_methods( ".", "createPackageContext", ".") for path in sharedprefs_instruction_paths: src_class_name, src_method_name, src_descriptor = path.get_src( d.get_class_manager()) if should_analyze(src_class_name, include_support): method = d.get_method_by_idx(path.src_idx) i = method.get_instruction(0, path.idx) index = get_instruction_offset(i, method) new_var = "" if i.get_op_value() in [ 0x6E, 0x6F, 0x72 ]: #invoke-virtual { parameters }, methodtocall new_var = i.get_output().split(",")[1].strip() file_mode_var = i.get_output().split(",")[2].strip() elif i.get_op_value( ) == 0x74: #invoke-virtual/range {vx..vy},methodtocall new_var = i.get_output().split(",")[0].split( ".")[-1].strip()[1:] num = int(new_var) - 1 new_var = "v" + ` num ` file_mode_var = "v" + new_var else: print "Not Controlled" # we look the position of the method in file_mode = track_int_value(method, index - 1, file_mode_var) if file_mode != 0: pref_file = track_string_value(method, index - 1, new_var) context_path = get_path_of_method(src_class_name, src_method_name, context_instruction_paths, d) if context_path: context_method = d.get_method_by_idx(context_path.src_idx) c_i = context_method.get_instruction(0, context_path.idx) c_index = get_instruction_offset(c_i, context_method) c_name_var = c_i.get_output().split(",")[1].strip() package = track_string_value(context_method, c_index - 1, c_name_var) else: package = apk.get_package() sharedprefs = SharedPreferencesAnalysis( package, pref_file, "read") shared_preferences.append(sharedprefs) return shared_preferences
def track_get_shared_preferences_direct(method,index,variable): action = "" ins = method.get_instruction(index) if ins.get_op_value() in [0x0C]: variable = ins.get_output().split(",")[0].strip() index += 1 try: while index < method.get_length(): ins = method.get_instruction(index) if variable in ins.get_output() and "getSharedPreferences" in ins.get_output(): new_var = ins.get_output().split(",")[1].strip() action = track_string_value(method, index-1, new_var) return action elif variable in ins.get_output().split(",")[1].strip() and ins.get_op_value() in [0x07, 0x08]: # Move operation, we just need to track the new variable now. variable = ins.get_output().split(",")[0].strip() index += 1 except IndexError: return action return action
def track_get_shared_preferences_direct(method, index, variable): action = "" ins = method.get_instruction(index) if ins.get_op_value() in [0x0C]: variable = ins.get_output().split(",")[0].strip() index += 1 try: while index < method.get_length(): ins = method.get_instruction(index) if variable in ins.get_output( ) and "getSharedPreferences" in ins.get_output(): new_var = ins.get_output().split(",")[1].strip() action = track_string_value(method, index - 1, new_var) return action elif variable in ins.get_output().split( ",")[1].strip() and ins.get_op_value() in [0x07, 0x08]: # Move operation, we just need to track the new variable now. variable = ins.get_output().split(",")[0].strip() index += 1 except IndexError: return action return action