def auto_vm(filename): ret = androconf.is_android(filename) if ret == 'APK': return dvm.DalvikVMFormat(apk.APK(filename).get_dex()) elif ret == 'DEX': return dvm.DalvikVMFormat(read(filename)) elif ret == 'DEY': return dvm.DalvikOdexVMFormat(read(filename)) return None
def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android(options.input) vm = None a = None if ret_type == "APK": a = apk.APK(options.input) if a.is_valid_APK(): vm = dvm.DalvikVMFormat(a.get_dex()) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat(read(options.input)) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis(vm) gvmx = ganalysis.GVMAnalysis(vmx, a) create_directories(vm, options.output) # dv.export_to_gml( options.output ) dd = data.Data(vm, vmx, gvmx, a) buff = dd.export_apk_to_gml() androconf.save_to_disk(buff, options.output + "/" + "apk.graphml") buff = dd.export_methodcalls_to_gml() androconf.save_to_disk(buff, options.output + "/" + "methodcalls.graphml") buff = dd.export_dex_to_gml() for i in buff: androconf.save_to_disk(buff[i], options.output + "/" + i + ".graphml")
def __init__(self, vm, path_dex2jar="./decompiler/dex2jar/", bin_dex2jar="dex2jar.sh", path_fernflower="./decompiler/fernflower/", bin_fernflower="fernflower.jar", options_fernflower={"dgs": '1', "asc": '1'}, tmp_dir="/tmp/"): self.classes = {} self.classes_failed = [] pathtmp = tmp_dir if not os.path.exists(pathtmp): os.makedirs(pathtmp) fd, fdname = tempfile.mkstemp(dir=pathtmp) with os.fdopen(fd, "w+b") as fd: fd.write(vm.get_buff()) fd.flush() compile = Popen([path_dex2jar + bin_dex2jar, fdname], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() os.unlink(fdname) pathclasses = fdname + "dex2jar/" compile = Popen(["unzip", fdname + "_dex2jar.jar", "-d", pathclasses], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() os.unlink(fdname + "_dex2jar.jar") for root, dirs, files in os.walk(pathclasses, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f l = ["java", "-jar", path_fernflower + bin_fernflower] for option in options_fernflower: l.append("-%s:%s" % (option, options_fernflower[option])) l.append(real_filename) l.append(root) compile = Popen(l, stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() for i in vm.get_classes(): fname = pathclasses + "/" + i.get_name()[1:-1] + ".java" if os.path.isfile(fname) == True: self.classes[i.get_name()] = read(fname, binary=False) else: self.classes_failed.append(i.get_name()) rrmdir(pathclasses)
def main(options, arguments): s = dalvik_elsign.CSignature(pcs=dalvik_elsign.PublicCSignature) if options.input != None: ret = s.add_file( read( options.input) ) if ret != None and options.output != None: s.add_indb( ret, options.output ) elif options.list != None: s.list_indb( options.list ) elif options.remove != None: s.remove_indb( options.remove, options.output ) elif options.check != None: s.check_db( options.check ) elif options.version != None: print "Androcsign version %s" % androconf.ANDROGUARD_VERSION
def __init__(self, vm, path_dex2jar="./decompiler/dex2jar/", bin_dex2jar="dex2jar.sh", path_jad="./decompiler/jad/", bin_jad="jad", tmp_dir="/tmp/"): self.classes = {} self.classes_failed = [] pathtmp = tmp_dir if not os.path.exists(pathtmp): os.makedirs(pathtmp) fd, fdname = tempfile.mkstemp(dir=pathtmp) with os.fdopen(fd, "w+b") as fd: fd.write(vm.get_buff()) fd.flush() compile = Popen([path_dex2jar + bin_dex2jar, fdname], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() os.unlink(fdname) pathclasses = fdname + "dex2jar/" compile = Popen(["unzip", fdname + "_dex2jar.jar", "-d", pathclasses], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() os.unlink(fdname + "_dex2jar.jar") for root, dirs, files in os.walk(pathclasses, followlinks=True): if files != []: for f in files: real_filename = root if real_filename[-1] != "/": real_filename += "/" real_filename += f compile = Popen(["wine", path_jad + bin_jad, "-o", "-d", root, real_filename], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() for i in vm.get_classes(): fname = pathclasses + "/" + i.get_name()[1:-1] + ".jad" if os.path.isfile(fname) == True: self.classes[i.get_name()] = read(fname, binary=False) else: self.classes_failed.append(i.get_name()) rrmdir(pathclasses)
def __init__(self, vm, path="./decompiler/ded/", bin_ded="ded.sh", tmp_dir="/tmp/"): self.classes = {} self.classes_failed = [] pathtmp = tmp_dir if not os.path.exists(pathtmp): os.makedirs( pathtmp ) fd, fdname = tempfile.mkstemp( dir=pathtmp ) with os.fdopen(fd, "w+b") as fd: fd.write( vm.get_buff() ) fd.flush() dirname = tempfile.mkdtemp(prefix=fdname + "-src") compile = Popen([ path + bin_ded, "-c", "-o", "-d", dirname, fdname ], stdout=PIPE, stderr=STDOUT) stdout, stderr = compile.communicate() os.unlink( fdname ) findsrc = None for root, dirs, files in os.walk( dirname + "/optimized-decompiled/" ): if dirs != []: for f in dirs: if f == "src": findsrc = root if findsrc[-1] != "/": findsrc += "/" findsrc += f break if findsrc != None: break for i in vm.get_classes(): fname = findsrc + "/" + i.get_name()[1:-1] + ".java" #print fname if os.path.isfile(fname) == True: self.classes[ i.get_name() ] = read(fname, binary=False) else: self.classes_failed.append( i.get_name() ) rrmdir( dirname )
def main(options, arguments): if options.input != None: buff = "" arscobj = None ret_type = androconf.is_android(options.input) if ret_type == "APK": a = apk.APK(options.input) arscobj = a.get_android_resources() elif ret_type == "ARSC": arscobj = apk.ARSCParser(read(options.input)) else: print "Unknown file type" return if not options.package and not options.type and not options.locale: buff = "" for package in arscobj.get_packages_names(): buff += package + "\n" for locale in arscobj.get_locales(package): buff += "\t" + repr(locale) + "\n" for ttype in arscobj.get_types(package, locale): buff += "\t\t" + ttype + "\n" else: package = options.package or arscobj.get_packages_names()[0] ttype = options.type or "public" locale = options.locale or "\x00\x00" buff = minidom.parseString(getattr(arscobj, "get_" + ttype + "_resources")(package, locale)).toprettyxml() if options.output != None: fd = codecs.open(options.output, "w", "utf-8") fd.write(buff) fd.close() else: print buff elif options.version != None: print "Androarsc version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments): if options.database == None or options.config == None: return s = dalvik_elsign.MSignature( options.database, options.config, options.verbose != None, ps = dalvik_elsign.PublicSignature) if options.input != None: ret_type = androconf.is_android( options.input ) print os.path.basename(options.input), ":", sys.stdout.flush() if ret_type == "APK": try: a = apk.APK( options.input ) if a.is_valid_APK(): display( s.check_apk( a ), options.verbose ) else: print "INVALID" except Exception, e: print "ERROR", e elif ret_type == "DEX": display( s.check_dex( read(options.input) ), options.verbose )
def main(options, arguments): if options.input != None and options.output != None: ret_type = androconf.is_android( options.input ) vm = None a = None if ret_type == "APK": a = apk.APK( options.input ) if a.is_valid_APK(): vm = dvm.DalvikVMFormat( a.get_dex() ) else: print "INVALID APK" elif ret_type == "DEX": try: vm = dvm.DalvikVMFormat( read(options.input) ) except Exception, e: print "INVALID DEX", e vmx = analysis.VMAnalysis( vm ) gvmx = ganalysis.GVMAnalysis( vmx, a ) b = gvmx.export_to_gexf() androconf.save_to_disk( b, options.output )
def main(options, arguments): if options.input != None: a = None ret_type = androconf.is_android( options.input[0] ) if ret_type == "APK": a = apk.APK( options.input[0] ) d1 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d1 = dvm.DalvikVMFormat( read(options.input[0]) ) dx1 = analysis.VMAnalysis( d1 ) threshold = None if options.threshold != None: threshold = float(options.threshold) FS = FILTERS_DALVIK_SIM FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude ) FS[elsim.FILTER_SKIPPED_METH].set_size( options.size ) new = True if options.new != None: new = False library = True if options.library != None: library = options.library if options.library == "python": library = False if os.path.isdir( options.input[1] ) == False: check_one_file( a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library ) else: check_one_directory(a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library ) elif options.version != None: print "Androsim version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments): if options.input != None: buff = "" ret_type = androconf.is_android(options.input) if ret_type == "APK": a = apk.APK(options.input) buff = a.get_android_manifest_xml().toprettyxml(encoding="utf-8") elif ".xml" in options.input: ap = apk.AXMLPrinter(read(options.input)) buff = minidom.parseString(ap.get_buff()).toprettyxml(encoding="utf-8") else: print "Unknown file type" return if options.output != None: fd = codecs.open(options.output, "w", "utf-8") fd.write( buff ) fd.close() else: print buff elif options.version != None: print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
if ret_type == "APK": print os.path.basename( real_filename ), ":", sys.stdout.flush() try: a = apk.APK( real_filename ) if a.is_valid_APK(): display( s.check_apk( a ), options.verbose ) else: print "INVALID APK" except Exception, e: print "ERROR", e elif ret_type == "DEX": try: print os.path.basename( real_filename ), ":", sys.stdout.flush() display( s.check_dex( read(real_filename) ), options.verbose ) except Exception, e: print "ERROR", e elif options.version != None: print "Androsign version %s" % androconf.ANDROGUARD_VERSION if __name__ == "__main__": parser = OptionParser() for option in options: param = option['name'] del option['name'] parser.add_option(*param, **option) options, arguments = parser.parse_args() sys.argv[:] = arguments
def main(options, arguments): details = False if options.display != None: details = True if options.input != None: ret_type = androconf.is_android( options.input[0] ) if ret_type == "APK": a = apk.APK( options.input[0] ) d1 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d1 = dvm.DalvikVMFormat( read(options.input[0]) ) dx1 = analysis.VMAnalysis( d1 ) ret_type = androconf.is_android( options.input[1] ) if ret_type == "APK": a = apk.APK( options.input[1] ) d2 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat( read(options.input[1]) ) dx2 = analysis.VMAnalysis( d2 ) print d1, dx1, d2, dx2 sys.stdout.flush() threshold = None if options.threshold != None: threshold = float(options.threshold) FS = FILTERS_DALVIK_SIM FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude ) FS[elsim.FILTER_SKIPPED_METH].set_size( options.size ) el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor ) el.show() e1 = elsim.split_elements( el, el.get_similar_elements() ) for i in e1: j = e1[ i ] elb = elsim.Elsim( ProxyDalvikMethod(i), ProxyDalvikMethod(j), FILTERS_DALVIK_BB, threshold, options.compressor ) #elb.show() eld = elsim.Eldiff( ProxyDalvikBasicBlock(elb), FILTERS_DALVIK_DIFF_BB ) #eld.show() ddm = DiffDalvikMethod( i, j, elb, eld ) ddm.show() print "NEW METHODS" enew = el.get_new_elements() for i in enew: el.show_element( i, False ) print "DELETED METHODS" edel = el.get_deleted_elements() for i in edel: el.show_element( i ) elif options.version != None: print "Androdiff version %s" % androconf.ANDROGUARD_VERSION
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True): d2 = None ret_type = androconf.is_android( file_input ) if ret_type == "APK": a = apk.APK( file_input ) d2 = dvm.DalvikVMFormat( a.get_dex() ) elif ret_type == "DEX": d2 = dvm.DalvikVMFormat( read(file_input) ) if d2 == None: return dx2 = analysis.VMAnalysis( d2 ) el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library ) el.show() print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new) if options.display: print "SIMILAR methods:" diff_methods = el.get_similar_elements() for i in diff_methods: el.show_element( i ) print "IDENTICAL methods:" new_methods = el.get_identical_elements() for i in new_methods: el.show_element( i ) print "NEW methods:" new_methods = el.get_new_elements() for i in new_methods: el.show_element( i, False ) print "DELETED methods:" del_methods = el.get_deleted_elements() for i in del_methods: el.show_element( i ) print "SKIPPED methods:" skipped_methods = el.get_skipped_elements() for i in skipped_methods: el.show_element( i ) if view_strings: els = elsim.Elsim( ProxyDalvikStringMultiple(d1, dx1), ProxyDalvikStringMultiple(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) #els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1), # ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library ) els.show() print "\t--> strings: %f%% of similarities" % els.get_similarity_value(new) if options.display: print "SIMILAR strings:" diff_strings = els.get_similar_elements() for i in diff_strings: els.show_element( i ) print "IDENTICAL strings:" new_strings = els.get_identical_elements() for i in new_strings: els.show_element( i ) print "NEW strings:" new_strings = els.get_new_elements() for i in new_strings: els.show_element( i, False ) print "DELETED strings:" del_strings = els.get_deleted_elements() for i in del_strings: els.show_element( i ) print "SKIPPED strings:" skipped_strings = els.get_skipped_elements() for i in skipped_strings: els.show_element( i )