def _analyze(self) : for i in self.__files : #print "processing ", i if ".class" in i : bc = jvm.JVMFormat( self.__orig_raw[ i ] ) elif ".jar" in i : x = jvm.JAR( i ) bc = x.get_classes() elif ".dex" in i : bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] ) elif ".apk" in i : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) else : ret_type = androconf.is_android( i ) if ret_type == "APK" : x = apk.APK( i ) bc = dvm.DalvikVMFormat( x.get_dex() ) elif ret_type == "DEX" : bc = dvm.DalvikVMFormat( open(i, "rb").read() ) else : raise( "Unknown bytecode" ) if isinstance(bc, list) : for j in bc : self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) ) else : self.__bc.append( (i, BC( bc )) )
def main(options, arguments): if options.input != None: if androconf.is_android(options.input) == "APK": ri = risk.RiskIndicator() a = apk.APK(options.input) print options.input, ri.with_apk(a) elif options.directory != None: ri = risk.RiskIndicator() for root, dirs, files in os.walk(options.directory, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f if androconf.is_android(real_filename) == "APK": try: a = apk.APK(real_filename) print ri.with_apk( a), real_filename #, ri.with_apk( a ) except Exception, e: print e
def main(options, arguments): if options.database == None or options.config == None: return s = msign.MSignature(options.database, options.config) if options.verbose: s.set_debug() s.load() if options.input != None: ret_type = androconf.is_android(options.input) print os.path.basename(options.input), ":", if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): display(s.check_apk(a), options.verbose) else: print "INVALID" elif ret_type == "DEX": display(s.check_dex(open(options.input, "rb").read()), options.verbose) elif options.directory != None: for root, dirs, files in os.walk(options.directory, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f ret_type = androconf.is_android(real_filename) if ret_type == "APK": print os.path.basename(real_filename), ":", a = apk.APK(real_filename) if a.is_valid_APK(): display(s.check_apk(a), options.verbose) else: print "INVALID APK" elif ret_type == "DEX": try: print os.path.basename(real_filename), ":", display( s.check_dex(open(real_filename, "rb").read()), options.verbose) except Exception, e: print "ERROR", e
def main(options, arguments): for root, dirs, files in os.walk(options.input): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f file_type = androconf.is_android(real_filename) if file_type != None: try: if file_type == "APK": a = apk.APK(real_filename) if a.is_valid_APK() == False: print "FAILED", real_filename, file_type continue raw = a.get_dex() elif file_type == "DEX": raw = open(real_filename, "rb").read() d = open_dex(raw) print "PASSED", real_filename, file_type except Exception, e: print "FAILED", real_filename, file_type import traceback traceback.print_exc() else: print "BAD FILE FORMAT", real_filename
def __init__(self, filename): self.apkfile = apk.APK( filename ) # make an object, called apkfile, of the APK class from the apk library self.permissions = self.apkfile.get_permissions( ) # file permissions as a string temp_list = permission_classifier(self.permissions) self.Perm_READ_CALENDAR = temp_list[0] self.Perm_WRITE_CALENDAR = temp_list[1] self.Perm_CAMERA = temp_list[2] self.Perm_READ_CONTACTS = temp_list[3] self.Perm_WRITE_CONTACTS = temp_list[4] self.Perm_GET_ACCOUNTS = temp_list[5] self.Perm_ACCESS_FINE_LOCATION = temp_list[6] self.Perm_ACCESS_COARSE_LOCATION = temp_list[7] self.Perm_RECORD_AUDIO = temp_list[8] self.Perm_READ_PHONE_STATE = temp_list[9] self.Perm_CALL_PHONE = temp_list[10] self.Perm_READ_CALL_LOG = temp_list[11] self.Perm_WRITE_CALL_LOG = temp_list[12] self.Perm_ADD_VOICEMAIL = temp_list[13] self.Perm_USE_SIP = temp_list[14] self.Perm_PROCESS_OUTGOING_CALLS = temp_list[15] self.Perm_BODY_SENSORS = temp_list[16] self.Perm_SEND_SMS = temp_list[17] self.Perm_RECEIVE_SMS = temp_list[18] self.Perm_READ_SMS = temp_list[19] self.Perm_RECEIVE_WAP_PUSH = temp_list[20] self.Perm_RECEIVE_MMS = temp_list[21] self.Perm_READ_EXTERNAL_STORAGE = temp_list[21] self.Perm_WRITE_EXTERNAL_STORAGE = temp_list[22]
def add_apk_raw(self, filename): print "Processing ....", filename a = apk.APK(filename) raw = a.get_raw() dex = a.get_dex() if len(raw) == 0 or len(dex) == 0: print "Empty raw" return -1 original_name = os.path.basename(filename) if self._session.query(AppsRaw).filter_by( hashraw=hashlib.sha512(raw).hexdigest()).count() > 0: print "HASH RAW is already present" return -1 #if self._session.query(AppsRaw).filter_by(hashdex=hashlib.sha512( dex ).hexdigest()).count() > 0 : # print "HASH DEX is already present" # return -1 print "ADD it !" r = Raw(filename) self._session.add(r) self._session.commit() a_raw = AppsRaw(original_name, r.id, APK_RAW, hashlib.sha512(raw).hexdigest(), hashlib.sha512(dex).hexdigest()) self._session.add(a_raw) self._session.commit() return 0
def prepare_apks(self): lockf = self.lock_repo() try: if not self.in_repo(): # self.app_apk.add_permission(["android.permission.INTERNET", "android.permission.READ_LOGS"]) self.app_apk.add_permission(["android.permission.INTERNET"]) shutil.copy(self.app_apk.get_path(), self.get_mod_path()) self.app_apk.cleanup() self.app_apk = apk.APK(self.get_mod_path()) self.app_apk.resign(settings.keystore, settings.keystore_pass, settings.keystore_alias) else: self.app_apk = apk.APK(self.get_mod_path()) finally: self.unlock_repo(lockf) self.inst.make_apk()
def main(options, arguments) : if options.input != None and options.output != None : buff = "" if ".apk" in options.input : a = apk.APK( options.input ) buff = a.xml[ "AndroidManifest.xml" ].toprettyxml() elif ".xml" in options.input : ap = apk.AXMLPrinter( open(options.input, "rb").read() ) buff = minidom.parseString( ap.getBuff() ).toprettyxml() else : print "Unknown file type" return fd = codecs.open(options.output, "w", "utf-8") fd.write( buff ) fd.close() elif options.version != None : print "Androaxml version %s" % misc.ANDROAXML_VERSION
def __init__(self, dev, app_apk_path, app_package = None, app_start_activity = None, device_conf = None, msg_proxy_mode = None, inst_args = None): self.dev = dev self.app_apk_path = app_apk_path self.app_package = app_package self.app_start_activity = app_start_activity self.app_apk = apk.APK(self.app_apk_path) self.device_conf = device_conf self.msg_proxy_mode = msg_proxy_mode self.inst_args = inst_args if not self.app_package: self.app_package = self.app_apk.get_package() if not self.app_start_activity: self.app_start_activity = self.app_apk.get_default_activity_full(self.app_package) self.fullname = os.path.splitext(os.path.basename(app_apk_path))[0] self.inst = instrumenter.Instrumenter(self.app_package, self.app_start_activity) libinfo.load_lib_info() self.skip_install = False
def check(db, dbconf, TESTS): s = msign.MSignature(db, dbconf) s.load() s.set_debug() for i in TESTS: ret_type = androconf.is_android(i) if ret_type == "APK": print os.path.basename(i), ":", sys.stdout.flush() a = apk.APK(i) if a.is_valid_APK(): test(s.check_apk(a)[0], TESTS[i]) else: print "INVALID APK" elif ret_type == "DEX": try: print os.path.basename(i), ":", sys.stdout.flush() test(s.check_dex(open(i, "rb").read())[0], TESTS[i]) except Exception, e: print "ERROR", e
from ctypes import cdll, c_float, c_int, c_uint, c_void_p, Structure, addressof, create_string_buffer, cast, POINTER, pointer from struct import pack, unpack, calcsize PATH_INSTALL = "../../../" sys.path.append(PATH_INSTALL + "./") sys.path.append(PATH_INSTALL + "./core") sys.path.append(PATH_INSTALL + "./core/bytecodes") sys.path.append(PATH_INSTALL + "./core/analysis") import apk, dvm, analysis, msign if __name__ == "__main__": # a = apk.APK( PATH_INSTALL + "examples/android/TestsAndroguard/bin/TestsAndroguard.apk" ) # a = apk.APK( PATH_INSTALL + "apks/drweb-600-android-beta.apk" ) # a = apk.APK( PATH_INSTALL + "debug/062d5e38dc4618a8b1c6bf3587dc2016a3a3db146aea0d82cc227a18ca21ad13") a = apk.APK(PATH_INSTALL + "apks/malwares/kungfu/sample2.apk") t1 = time.time() if len(sys.argv) > 1: d = dvm.DalvikVMFormat(a.get_dex(), engine=["python"]) else: d = dvm.DalvikVMFormat(a.get_dex()) t2 = time.time() x = analysis.VMAnalysis(d) t3 = time.time() print('-> %0.8f %0.8f %0.8f' % ((t2 - t1, t3 - t2, t3 - t1))) sys.exit(0)
def resign(self): instapk = apk.APK(self.get_apk_path()) instapk.resign(settings.keystore, settings.keystore_pass, settings.keystore_alias)
#!/usr/bin/env python import sys PATH_INSTALL = "./" sys.path.append(PATH_INSTALL + "/core") sys.path.append(PATH_INSTALL + "/core/bytecodes") import dvm, apk TEST = "./examples/android/TC/bin/TC-debug.apk" a = apk.APK(TEST) a.show() j = dvm.DalvikVMFormat(a.get_dex()) # SHOW CLASS (verbose) #j.show()
def get_used_libs(self): myapk = apk.APK(self.get_apk_path()) return myapk.get_used_libs()
try : r = r.next[0] except ValueError : break print ret, l if __name__ == "__main__" : u = cdll.LoadLibrary( "./libsign.so") u.add_sign.restype = c_int u.entropy.restype = c_float new_sign = u.init() a = apk.APK( PATH_INSTALL + "apks/DroidDream/Magic Hypnotic Spiral.apk" ) vm = dvm.DalvikVMFormat( a.get_dex() ) vmx = analysis.VMAnalysis( vm ) n = 0 for s in NCD_SIGNATURES : v = NCD_SIGNATURES[ s ] m = vm.get_method_descriptor( v[0], v[1], v[2] ) entropies = create_entropies( vmx, m, u ) print m, entropies value = vmx.get_method_signature(m, predef_sign = analysis.SIGNATURE_L0_0 ).get_string() print "ADD NCD_SIGNATURE -->", u.add_sign( new_sign, n, 0, cast( value, c_void_p ), len( value ), addressof ( entropies ) )