def __init__(self) :
self.debug = False
self.meth_elsign = Elsign()
self.class_elsign = Elsign()
def __init__(self):
self.debug = False
self.meth_elsign = Elsign()
self.class_elsign = Elsign()
class DalvikElsign(object):
def __init__(self) :
self.debug = False
self.meth_elsign = Elsign()
self.class_elsign = Elsign()
def raz(self) :
self.meth_elsign.raz()
self.class_elsign.raz()
def load_config(self, buff) :
################ METHOD ################
methsim = buff["METHSIM"]
self.meth_elsign.set_distance( str( methsim["DISTANCE"] ) )
self.meth_elsign.set_method( str( methsim["METHOD"] ) )
self.meth_elsign.set_weight( methsim["WEIGHTS"] )#[ 2.0, 1.2, 0.5, 0.1, 0.6 ] )
#self.meth_elsign.set_cut_element( 1 )
# NCD
self.meth_elsign.set_sim_method( 0 )
self.meth_elsign.set_threshold_low( methsim["THRESHOLD_LOW" ] )
self.meth_elsign.set_threshold_high( methsim["THRESHOLD_HIGH"] )
# SNAPPY
self.meth_elsign.set_ncd_compression_algorithm( 5 )
################ CLASS ################
classsim = buff["METHSIM"]
self.class_elsign.set_distance( str( classsim["DISTANCE"] ) )
self.class_elsign.set_method( str( classsim["METHOD"] ) )
self.class_elsign.set_weight( classsim["WEIGHTS"] )#[ 2.0, 1.2, 0.5, 0.1, 0.6 ] )
#self.class_elsign.set_cut_element( 1 )
# NCD
self.class_elsign.set_sim_method( 0 )
self.class_elsign.set_threshold_low( classsim["THRESHOLD_LOW" ] )
self.class_elsign.set_threshold_high( classsim["THRESHOLD_HIGH"] )
# SNAPPY
self.class_elsign.set_ncd_compression_algorithm( 5 )
def add_signature(self, type_signature, x, y, z) :
ret = None
#print type_signature, x, y, z
# FIX ENTROPIES (old version)
for j in z :
if len(j[0]) == 5 :
j[0].pop(0)
# FIX FORMULA (old version)
y = FIX_FORMULA(y, len(z))
if type_signature == METHSIM :
ret = self.meth_elsign.add_signature(x, y, z)
elif type_signature == CLASSSIM :
ret = self.class_elsign.add_signature(x, y, z)
return ret
def set_debug(self, debug) :
self.debug = debug
x = { True : 1, False : 0 }
self.meth_elsign.set_debug_log(x[debug])
def load_meths(self, vm, vmx) :
if self.debug :
print "LM",
sys.stdout.flush()
# Add methods for METHSIM
for method in vm.get_methods() :
if method.get_length() < 15 :
continue
entropies = create_entropies(vmx, method)
self.meth_elsign.add_element( entropies[0], entropies[1:] )
del entropies
def load_classes(self, vm, vmx) :
if self.debug :
print "LC",
sys.stdout.flush()
# Add classes for CLASSSIM
for c in vm.get_classes() :
value = ""
android_entropy = 0.0
java_entropy = 0.0
hex_entropy = 0.0
exception_entropy = 0.0
nb_methods = 0
class_data = c.get_class_data()
if class_data == None :
continue
for m in c.get_methods() :
z_tmp = create_entropies( vmx, m )
value += z_tmp[0]
android_entropy += z_tmp[1]
java_entropy += z_tmp[2]
hex_entropy += z_tmp[3]
exception_entropy += z_tmp[4]
nb_methods += 1
if nb_methods != 0 :
self.class_elsign.add_element( value, [ android_entropy/nb_methods,
java_entropy/nb_methods,
hex_entropy/nb_methods,
exception_entropy/nb_methods ] )
del value, z_tmp
def check(self, vm, vmx) :
self.load_meths(vm, vmx)
if self.debug :
print "CM",
sys.stdout.flush()
ret = self.meth_elsign.check()
if self.debug :
dt = self.meth_elsign.get_debug()
debug_nb_sign = dt[0]
debug_nb_clusters = dt[1]
debug_nb_cmp_clusters = dt[2]
debug_nb_elements = dt[3]
debug_nb_cmp_elements = dt[4]
debug_nb_cmp_max = debug_nb_sign * debug_nb_elements
print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements),
try :
percentage = debug_nb_cmp_elements/float(debug_nb_cmp_max)
except :
percentage = 0
finally :
print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100),
print ret[1:],
if ret[0] == None :
self.load_classes(vm, vmx)
if self.debug :
print "CC",
sys.stdout.flush()
ret = self.class_elsign.check()
if self.debug :
dt = self.class_elsign.get_debug()
debug_nb_sign = dt[0]
debug_nb_clusters = dt[1]
debug_nb_cmp_clusters = dt[2]
debug_nb_elements = dt[3]
debug_nb_cmp_elements = dt[4]
debug_nb_cmp_max = debug_nb_sign * debug_nb_elements
print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters, debug_nb_elements, debug_nb_cmp_elements),
try :
percentage = debug_nb_cmp_elements/float(debug_nb_cmp_max)
except :
percentage = 0
finally :
print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100),
print ret[1:],
return ret[0], ret[1:]
class DalvikElsign:
def __init__(self):
self.debug = False
self.meth_elsign = Elsign()
self.class_elsign = Elsign()
def raz(self):
self.meth_elsign.raz()
self.class_elsign.raz()
def load_config(self, buff):
################ METHOD ################
methsim = buff["METHSIM"]
self.meth_elsign.set_distance(str(methsim["DISTANCE"]))
self.meth_elsign.set_method(str(methsim["METHOD"]))
self.meth_elsign.set_weight(
methsim["WEIGHTS"]) #[ 2.0, 1.2, 0.5, 0.1, 0.6 ] )
#self.meth_elsign.set_cut_element( 1 )
# NCD
self.meth_elsign.set_sim_method(0)
self.meth_elsign.set_threshold_low(methsim["THRESHOLD_LOW"])
self.meth_elsign.set_threshold_high(methsim["THRESHOLD_HIGH"])
# SNAPPY
self.meth_elsign.set_ncd_compression_algorithm(5)
################ CLASS ################
classsim = buff["METHSIM"]
self.class_elsign.set_distance(str(classsim["DISTANCE"]))
self.class_elsign.set_method(str(classsim["METHOD"]))
self.class_elsign.set_weight(
classsim["WEIGHTS"]) #[ 2.0, 1.2, 0.5, 0.1, 0.6 ] )
#self.class_elsign.set_cut_element( 1 )
# NCD
self.class_elsign.set_sim_method(0)
self.class_elsign.set_threshold_low(classsim["THRESHOLD_LOW"])
self.class_elsign.set_threshold_high(classsim["THRESHOLD_HIGH"])
# SNAPPY
self.class_elsign.set_ncd_compression_algorithm(5)
def add_signature(self, type_signature, x, y, z):
ret = None
#print type_signature, x, y, z
# FIX ENTROPIES (old version)
for j in z:
if len(j[0]) == 5:
j[0].pop(0)
# FIX FORMULA (old version)
y = FIX_FORMULA(y, len(z))
if type_signature == METHSIM:
ret = self.meth_elsign.add_signature(x, y, z)
elif type_signature == CLASSSIM:
ret = self.class_elsign.add_signature(x, y, z)
return ret
def set_debug(self, debug):
self.debug = debug
x = {True: 1, False: 0}
self.meth_elsign.set_debug_log(x[debug])
def load_meths(self, vm, vmx):
if self.debug:
print "LM",
sys.stdout.flush()
# Add methods for METHSIM
for method in vm.get_methods():
if method.get_length() < 15:
continue
entropies = create_entropies(vmx, method)
self.meth_elsign.add_element(entropies[0], entropies[1:])
del entropies
def load_classes(self, vm, vmx):
if self.debug:
print "LC",
sys.stdout.flush()
# Add classes for CLASSSIM
for c in vm.get_classes():
value = ""
android_entropy = 0.0
java_entropy = 0.0
hex_entropy = 0.0
exception_entropy = 0.0
nb_methods = 0
class_data = c.get_class_data()
if class_data == None:
continue
for m in c.get_methods():
z_tmp = create_entropies(vmx, m)
value += z_tmp[0]
android_entropy += z_tmp[1]
java_entropy += z_tmp[2]
hex_entropy += z_tmp[3]
exception_entropy += z_tmp[4]
nb_methods += 1
if nb_methods != 0:
self.class_elsign.add_element(value, [
android_entropy / nb_methods, java_entropy / nb_methods,
hex_entropy / nb_methods, exception_entropy / nb_methods
])
del value, z_tmp
def check(self, vm, vmx):
self.load_meths(vm, vmx)
if self.debug:
print "CM",
sys.stdout.flush()
ret = self.meth_elsign.check()
if self.debug:
dt = self.meth_elsign.get_debug()
debug_nb_sign = dt[0]
debug_nb_clusters = dt[1]
debug_nb_cmp_clusters = dt[2]
debug_nb_elements = dt[3]
debug_nb_cmp_elements = dt[4]
debug_nb_cmp_max = debug_nb_sign * debug_nb_elements
print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (
debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters,
debug_nb_elements, debug_nb_cmp_elements),
try:
percentage = debug_nb_cmp_elements / float(debug_nb_cmp_max)
except:
percentage = 0
finally:
print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100),
print ret[1:],
if ret[0] == None:
self.load_classes(vm, vmx)
if self.debug:
print "CC",
sys.stdout.flush()
ret = self.class_elsign.check()
if self.debug:
dt = self.class_elsign.get_debug()
debug_nb_sign = dt[0]
debug_nb_clusters = dt[1]
debug_nb_cmp_clusters = dt[2]
debug_nb_elements = dt[3]
debug_nb_cmp_elements = dt[4]
debug_nb_cmp_max = debug_nb_sign * debug_nb_elements
print "[SIGN:%d CLUSTERS:%d CMP_CLUSTERS:%d ELEMENTS:%d CMP_ELEMENTS:%d" % (
debug_nb_sign, debug_nb_clusters, debug_nb_cmp_clusters,
debug_nb_elements, debug_nb_cmp_elements),
try:
percentage = debug_nb_cmp_elements / float(
debug_nb_cmp_max)
except:
percentage = 0
finally:
print "-> %d %f%%]" % (debug_nb_cmp_max, percentage * 100),
print ret[1:],
return ret[0], ret[1:]
