def store_result_dict(self, res_dict): ''' Store the analysis results from the `res_dict`. All needed infos for storage will be taken from it. Parameters ---------- res_dict : dict See `ResultObject.description_dict` ''' fastapk = FastApk.load_from_result_dict(res_dict) script = AndroScript.load_from_result_dict(res_dict, fastapk) try: self.create_entry_for_apk(fastapk, update = True) self.store_result_for_apk(fastapk, script) except FileSysStoreException as e: log.warn(e)
res = self.res # register key KEY = "Manifest" res.register_keys([KEY]) # faster way # # get manifest # manifest_xml = "" # for i in apk.zip.namelist(): # if i == "AndroidManifest.xml": # apk.axml[i] = AXMLPrinter(apk.zip.read(i)) # try: # manifest_xml = apk.axml[i].get_buff() # except: # pass # more convenient way with pretty priting, but also slower manifest_str = apk.xml.items()[0][1].toprettyxml(indent=" " * 2) # replace multiple \n and split into list for better representation in json manifest_str = re.sub("\n+", "\n", manifest_str) manifest_list = manifest_str.split("\n") res.log(KEY, manifest_list) # if manifest_xml: # res.log(KEY, manifest_xml.split("\n")) if __name__ == '__main__': for res in AndroScript.test(Manifest, ["../../../../../../androguard_playground/apks/ipcinetcall.apk"]): print res.write_to_json()
(permission_name, method_name, method_analysis)) for permission_name, method_name in method_names: # log which classes use which permissions res.log_append_to_enum(permission_name, method_name, CAT_PERMISSIONS, PERMISSIONS_LISTING) for permission_name, method_name, method_analysis in method_analysis_objs: ms = decompile.DvMethod(method_analysis) ms.process() source_code = ms.get_source() # decompile these methods too! log_val = {method_name: source_code.split("\n")[1:-1]} res.log_append_to_enum(permission_name, log_val, CAT_PERMISSIONS, PERMISSIONS_CODE) def needs_dalvik_vm_format(self): return True def needs_vmanalysis(self): return True if __name__ == '__main__': for res in AndroScript.test(CodePermissions, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()
res.log_true(key, CAT_SSL) # run ssl checks for check_val, check_name in self.CHECKS: if dx.tainted_packages.search_packages(check_val) != []: # log log(check_name.lower()) if is_dyn_code(dx): res.log_true(CODE_LOADING_DYN, CAT_CODE_LOADING) if is_native_code(dx): res.log_true(CODE_LOADING_NATIVE, CAT_CODE_LOADING) return res ############################################################ #---Script requirements ############################################################ def needs_xref(self): ''' Create cross references ''' return True def get_DynCode(dx): return dx.tainted_packages.search_packages( "Ldalvik/system/DexClassLoader") if __name__ == '__main__': for res in AndroScript.test(SSL, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()
# encoding: utf-8 __author__ = "Nils Tobias Schmidt" __email__ = "schmidt89 at informatik.uni-marburg.de" from androlyze.model.script.AndroScript import AndroScript from androlyze.model.script.ChainedScript import ChainedScript from androlyze.model.script.impl.manifest.Manifest import Manifest from androlyze.model.script.impl.manifest.components.ContentProviders import ContentProviders from androlyze.model.script.impl.manifest.components.PublicContentProviders import PublicContentProviders class PublicContentProviders_Manifest(ChainedScript): ''' Additionally to `PublicContentProviders` also show all content providers and the manifest ''' VERSION = "0.1" def chain_scripts(self): # use the chained_script function to do further grouping return [PublicContentProviders(), ContentProviders(), Manifest()] def root_categories(self): return ('ContentProviderStuff', ) def log_chained_script_meta_infos(self): return False # testing code if __name__ == '__main__': for res in AndroScript.test(PublicContentProviders_Manifest, ["../../../../../../../androguard_playground/apks/public_content_provider.apk"]): print res.write_to_json()
def _analyze(self, apk, dalvik_vm_format, vm_analysis, gvm_analysis, *args, **kwargs): res = self.res # dvm stuff # list<ClassDefItem> classes = dalvik_vm_format.get_classes() # run over classes for c in classes: ROOT_CAT = (CAT_CLASS_DETAILS, c.name) res.register_keys([CAT_METHODS, CAT_FIELDS], *ROOT_CAT) # list<EncodedMethod> methods = c.get_methods() res.log(CAT_METHODS, [mn.name for mn in methods], *ROOT_CAT) # list<EncodedField> fields = c.get_fields() res.log(CAT_FIELDS, [fn.name for fn in fields], *ROOT_CAT) ############################################################ #---Options ############################################################ def needs_dalvik_vm_format(self): return True if __name__ == '__main__': for res in AndroScript.test(ClassDetails, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()
''' Evaluate the script results. Parameters ---------- storage : RedundantStorage ''' # Use either the AndroLyze query API: # iterate over the results (one result per APK = iteration) for ordered_dict in self.action_query_result_db(): # do something else than just printing the dictionary #pprint(dict(ordered_dict)) pass # Or perform a direct query on the mongodb API: # get the mongodb singleton mongodb = storage.result_db_storage for ordered_dict in mongodb.get_res_coll().find( {"script meta.name": "ScriptTemplate"}, {"apk meta": 1}): pprint(dict(ordered_dict)) # testing code if __name__ == '__main__': for res in AndroScript.test(ScriptTemplate, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()
__email__ = "schmidt89 at informatik.uni-marburg.de" from androlyze.model.script.AndroScript import AndroScript from androlyze.model.script.ChainedScript import ChainedScript from androlyze.model.script.impl.manifest.Manifest import Manifest from androlyze.model.script.impl.manifest.components.ContentProviders import ContentProviders from androlyze.model.script.impl.manifest.components.PublicContentProviders import PublicContentProviders class PublicContentProviders_Manifest(ChainedScript): ''' Additionally to `PublicContentProviders` also show all content providers and the manifest ''' VERSION = "0.1" def chain_scripts(self): # use the chained_script function to do further grouping return [PublicContentProviders(), ContentProviders(), Manifest()] def root_categories(self): return ('ContentProviderStuff', ) def log_chained_script_meta_infos(self): return False # testing code if __name__ == '__main__': for res in AndroScript.test(PublicContentProviders_Manifest, [ "../../../../../../../androguard_playground/apks/public_content_provider.apk" ]): print res.write_to_json()
def register_structure(self, res): # register keys res.register_enum_keys([CAT]) def _analyze(self, apk, dalvik_vm_format, vm_analysis, gvm_analysis, *args, **kwargs): ''' Parameters ---------- apk: EAndroApk dalvik_vm_format: DalvikVMFormat Parsed .dex file. Only available if `needs_dalvik_vm_format` returns True. vm_analysis: VMAnalysis Dex analyzer. Only available if `needs_vmanalysis` returns True. gvm_analysis : GVMAnalysis ''' res = self.res self.register_structure(res) public_components = apk.get_manifest_public_components() for cp in apk.get_providers(): if cp in public_components: res.log_append_to_enum(CAT, cp) # testing code if __name__ == '__main__': for res in AndroScript.test(PublicContentProviders, ["../../../../../../../androguard_playground/apks/sql_injection.apk", "../../../../../../../androguard_playground/apks/public_content_provider.apk"]): print res.write_to_json()
# get androguard.core.analysis.analysis.MethodAnalysis method_analysis = vm_analysis.get_method(encoded_method) method_analysis_objs.add((permission_name, method_name, method_analysis)) for permission_name, method_name in method_names: # log which classes use which permissions res.log_append_to_enum(permission_name, method_name, CAT_PERMISSIONS, PERMISSIONS_LISTING) for permission_name, method_name, method_analysis in method_analysis_objs: ms = decompile.DvMethod(method_analysis) ms.process() source_code = ms.get_source() # decompile these methods too! log_val = {method_name : source_code.split("\n")[1:-1]} res.log_append_to_enum(permission_name, log_val, CAT_PERMISSIONS, PERMISSIONS_CODE) def needs_dalvik_vm_format(self): return True def needs_vmanalysis(self): return True if __name__ == '__main__': for res in AndroScript.test(CodePermissions, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()
ON_SCRIPT = ScriptTemplate def _evaluate(self, storage): ''' Evaluate the script results. Parameters ---------- storage : RedundantStorage ''' # Use either the AndroLyze query API: # iterate over the results (one result per APK = iteration) for ordered_dict in self.action_query_result_db(): # do something else than just printing the dictionary #pprint(dict(ordered_dict)) pass # Or perform a direct query on the mongodb API: # get the mongodb singleton mongodb = storage.result_db_storage for ordered_dict in mongodb.get_res_coll().find({"script meta.name" : "ScriptTemplate"}, {"apk meta" : 1}): pprint(dict(ordered_dict)) # testing code if __name__ == '__main__': for res in AndroScript.test(ScriptTemplate, ["../../../../testenv/apks/a2dp.Vol.apk"]): print res print res.write_to_json()