def auto_vm(filename):
ret = androconf.is_android(filename)
if ret == 'APK':
return dvm.DalvikVMFormat(apk.APK(filename).get_dex())
elif ret == 'DEX':
return dvm.DalvikVMFormat(read(filename))
elif ret == 'DEY':
return dvm.DalvikOdexVMFormat(read(filename))
return None
def main(options, arguments):
if options.input != None and options.output != None:
ret_type = androconf.is_android(options.input)
vm = None
a = None
if ret_type == "APK":
a = apk.APK(options.input)
if a.is_valid_APK():
vm = dvm.DalvikVMFormat(a.get_dex())
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
vm = dvm.DalvikVMFormat(read(options.input))
except Exception, e:
print "INVALID DEX", e
vmx = analysis.VMAnalysis(vm)
gvmx = ganalysis.GVMAnalysis(vmx, a)
create_directories(vm, options.output)
# dv.export_to_gml( options.output )
dd = data.Data(vm, vmx, gvmx, a)
buff = dd.export_apk_to_gml()
androconf.save_to_disk(buff, options.output + "/" + "apk.graphml")
buff = dd.export_methodcalls_to_gml()
androconf.save_to_disk(buff, options.output + "/" + "methodcalls.graphml")
buff = dd.export_dex_to_gml()
for i in buff:
androconf.save_to_disk(buff[i], options.output + "/" + i + ".graphml")
def __init__(self,
vm,
path_dex2jar="./decompiler/dex2jar/",
bin_dex2jar="dex2jar.sh",
path_fernflower="./decompiler/fernflower/",
bin_fernflower="fernflower.jar",
options_fernflower={"dgs": '1', "asc": '1'},
tmp_dir="/tmp/"):
self.classes = {}
self.classes_failed = []
pathtmp = tmp_dir
if not os.path.exists(pathtmp):
os.makedirs(pathtmp)
fd, fdname = tempfile.mkstemp(dir=pathtmp)
with os.fdopen(fd, "w+b") as fd:
fd.write(vm.get_buff())
fd.flush()
compile = Popen([path_dex2jar + bin_dex2jar, fdname], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
os.unlink(fdname)
pathclasses = fdname + "dex2jar/"
compile = Popen(["unzip", fdname + "_dex2jar.jar", "-d", pathclasses], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
os.unlink(fdname + "_dex2jar.jar")
for root, dirs, files in os.walk(pathclasses, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
l = ["java", "-jar", path_fernflower + bin_fernflower]
for option in options_fernflower:
l.append("-%s:%s" % (option, options_fernflower[option]))
l.append(real_filename)
l.append(root)
compile = Popen(l, stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
for i in vm.get_classes():
fname = pathclasses + "/" + i.get_name()[1:-1] + ".java"
if os.path.isfile(fname) == True:
self.classes[i.get_name()] = read(fname, binary=False)
else:
self.classes_failed.append(i.get_name())
rrmdir(pathclasses)
def main(options, arguments):
s = dalvik_elsign.CSignature(pcs=dalvik_elsign.PublicCSignature)
if options.input != None:
ret = s.add_file( read( options.input) )
if ret != None and options.output != None:
s.add_indb( ret, options.output )
elif options.list != None:
s.list_indb( options.list )
elif options.remove != None:
s.remove_indb( options.remove, options.output )
elif options.check != None:
s.check_db( options.check )
elif options.version != None:
print "Androcsign version %s" % androconf.ANDROGUARD_VERSION
def __init__(self, vm, path_dex2jar="./decompiler/dex2jar/", bin_dex2jar="dex2jar.sh", path_jad="./decompiler/jad/", bin_jad="jad", tmp_dir="/tmp/"):
self.classes = {}
self.classes_failed = []
pathtmp = tmp_dir
if not os.path.exists(pathtmp):
os.makedirs(pathtmp)
fd, fdname = tempfile.mkstemp(dir=pathtmp)
with os.fdopen(fd, "w+b") as fd:
fd.write(vm.get_buff())
fd.flush()
compile = Popen([path_dex2jar + bin_dex2jar, fdname], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
os.unlink(fdname)
pathclasses = fdname + "dex2jar/"
compile = Popen(["unzip", fdname + "_dex2jar.jar", "-d", pathclasses], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
os.unlink(fdname + "_dex2jar.jar")
for root, dirs, files in os.walk(pathclasses, followlinks=True):
if files != []:
for f in files:
real_filename = root
if real_filename[-1] != "/":
real_filename += "/"
real_filename += f
compile = Popen(["wine", path_jad + bin_jad, "-o", "-d", root, real_filename], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
for i in vm.get_classes():
fname = pathclasses + "/" + i.get_name()[1:-1] + ".jad"
if os.path.isfile(fname) == True:
self.classes[i.get_name()] = read(fname, binary=False)
else:
self.classes_failed.append(i.get_name())
rrmdir(pathclasses)
def __init__(self, vm, path="./decompiler/ded/", bin_ded="ded.sh", tmp_dir="/tmp/"):
self.classes = {}
self.classes_failed = []
pathtmp = tmp_dir
if not os.path.exists(pathtmp):
os.makedirs( pathtmp )
fd, fdname = tempfile.mkstemp( dir=pathtmp )
with os.fdopen(fd, "w+b") as fd:
fd.write( vm.get_buff() )
fd.flush()
dirname = tempfile.mkdtemp(prefix=fdname + "-src")
compile = Popen([ path + bin_ded, "-c", "-o", "-d", dirname, fdname ], stdout=PIPE, stderr=STDOUT)
stdout, stderr = compile.communicate()
os.unlink( fdname )
findsrc = None
for root, dirs, files in os.walk( dirname + "/optimized-decompiled/" ):
if dirs != []:
for f in dirs:
if f == "src":
findsrc = root
if findsrc[-1] != "/":
findsrc += "/"
findsrc += f
break
if findsrc != None:
break
for i in vm.get_classes():
fname = findsrc + "/" + i.get_name()[1:-1] + ".java"
#print fname
if os.path.isfile(fname) == True:
self.classes[ i.get_name() ] = read(fname, binary=False)
else:
self.classes_failed.append( i.get_name() )
rrmdir( dirname )
def main(options, arguments):
if options.input != None:
buff = ""
arscobj = None
ret_type = androconf.is_android(options.input)
if ret_type == "APK":
a = apk.APK(options.input)
arscobj = a.get_android_resources()
elif ret_type == "ARSC":
arscobj = apk.ARSCParser(read(options.input))
else:
print "Unknown file type"
return
if not options.package and not options.type and not options.locale:
buff = ""
for package in arscobj.get_packages_names():
buff += package + "\n"
for locale in arscobj.get_locales(package):
buff += "\t" + repr(locale) + "\n"
for ttype in arscobj.get_types(package, locale):
buff += "\t\t" + ttype + "\n"
else:
package = options.package or arscobj.get_packages_names()[0]
ttype = options.type or "public"
locale = options.locale or "\x00\x00"
buff = minidom.parseString(getattr(arscobj, "get_" + ttype + "_resources")(package, locale)).toprettyxml()
if options.output != None:
fd = codecs.open(options.output, "w", "utf-8")
fd.write(buff)
fd.close()
else:
print buff
elif options.version != None:
print "Androarsc version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments):
if options.database == None or options.config == None:
return
s = dalvik_elsign.MSignature( options.database, options.config, options.verbose != None, ps = dalvik_elsign.PublicSignature)
if options.input != None:
ret_type = androconf.is_android( options.input )
print os.path.basename(options.input), ":",
sys.stdout.flush()
if ret_type == "APK":
try:
a = apk.APK( options.input )
if a.is_valid_APK():
display( s.check_apk( a ), options.verbose )
else:
print "INVALID"
except Exception, e:
print "ERROR", e
elif ret_type == "DEX":
display( s.check_dex( read(options.input) ), options.verbose )
def main(options, arguments):
if options.input != None and options.output != None:
ret_type = androconf.is_android( options.input )
vm = None
a = None
if ret_type == "APK":
a = apk.APK( options.input )
if a.is_valid_APK():
vm = dvm.DalvikVMFormat( a.get_dex() )
else:
print "INVALID APK"
elif ret_type == "DEX":
try:
vm = dvm.DalvikVMFormat( read(options.input) )
except Exception, e:
print "INVALID DEX", e
vmx = analysis.VMAnalysis( vm )
gvmx = ganalysis.GVMAnalysis( vmx, a )
b = gvmx.export_to_gexf()
androconf.save_to_disk( b, options.output )
def main(options, arguments):
if options.input != None:
a = None
ret_type = androconf.is_android( options.input[0] )
if ret_type == "APK":
a = apk.APK( options.input[0] )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input[0]) )
dx1 = analysis.VMAnalysis( d1 )
threshold = None
if options.threshold != None:
threshold = float(options.threshold)
FS = FILTERS_DALVIK_SIM
FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude )
FS[elsim.FILTER_SKIPPED_METH].set_size( options.size )
new = True
if options.new != None:
new = False
library = True
if options.library != None:
library = options.library
if options.library == "python":
library = False
if os.path.isdir( options.input[1] ) == False:
check_one_file( a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library )
else:
check_one_directory(a, d1, dx1, FS, threshold, options.input[1], options.xstrings, new, library )
elif options.version != None:
print "Androsim version %s" % androconf.ANDROGUARD_VERSION
def main(options, arguments):
if options.input != None:
buff = ""
ret_type = androconf.is_android(options.input)
if ret_type == "APK":
a = apk.APK(options.input)
buff = a.get_android_manifest_xml().toprettyxml(encoding="utf-8")
elif ".xml" in options.input:
ap = apk.AXMLPrinter(read(options.input))
buff = minidom.parseString(ap.get_buff()).toprettyxml(encoding="utf-8")
else:
print "Unknown file type"
return
if options.output != None:
fd = codecs.open(options.output, "w", "utf-8")
fd.write( buff )
fd.close()
else:
print buff
elif options.version != None:
print "Androaxml version %s" % androconf.ANDROGUARD_VERSION
if ret_type == "APK":
print os.path.basename( real_filename ), ":",
sys.stdout.flush()
try:
a = apk.APK( real_filename )
if a.is_valid_APK():
display( s.check_apk( a ), options.verbose )
else:
print "INVALID APK"
except Exception, e:
print "ERROR", e
elif ret_type == "DEX":
try:
print os.path.basename( real_filename ), ":",
sys.stdout.flush()
display( s.check_dex( read(real_filename) ), options.verbose )
except Exception, e:
print "ERROR", e
elif options.version != None:
print "Androsign version %s" % androconf.ANDROGUARD_VERSION
if __name__ == "__main__":
parser = OptionParser()
for option in options:
param = option['name']
del option['name']
parser.add_option(*param, **option)
options, arguments = parser.parse_args()
sys.argv[:] = arguments
def main(options, arguments):
details = False
if options.display != None:
details = True
if options.input != None:
ret_type = androconf.is_android( options.input[0] )
if ret_type == "APK":
a = apk.APK( options.input[0] )
d1 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d1 = dvm.DalvikVMFormat( read(options.input[0]) )
dx1 = analysis.VMAnalysis( d1 )
ret_type = androconf.is_android( options.input[1] )
if ret_type == "APK":
a = apk.APK( options.input[1] )
d2 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d2 = dvm.DalvikVMFormat( read(options.input[1]) )
dx2 = analysis.VMAnalysis( d2 )
print d1, dx1, d2, dx2
sys.stdout.flush()
threshold = None
if options.threshold != None:
threshold = float(options.threshold)
FS = FILTERS_DALVIK_SIM
FS[elsim.FILTER_SKIPPED_METH].set_regexp( options.exclude )
FS[elsim.FILTER_SKIPPED_METH].set_size( options.size )
el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor )
el.show()
e1 = elsim.split_elements( el, el.get_similar_elements() )
for i in e1:
j = e1[ i ]
elb = elsim.Elsim( ProxyDalvikMethod(i), ProxyDalvikMethod(j), FILTERS_DALVIK_BB, threshold, options.compressor )
#elb.show()
eld = elsim.Eldiff( ProxyDalvikBasicBlock(elb), FILTERS_DALVIK_DIFF_BB )
#eld.show()
ddm = DiffDalvikMethod( i, j, elb, eld )
ddm.show()
print "NEW METHODS"
enew = el.get_new_elements()
for i in enew:
el.show_element( i, False )
print "DELETED METHODS"
edel = el.get_deleted_elements()
for i in edel:
el.show_element( i )
elif options.version != None:
print "Androdiff version %s" % androconf.ANDROGUARD_VERSION
def check_one_file(a, d1, dx1, FS, threshold, file_input, view_strings=False, new=True, library=True):
d2 = None
ret_type = androconf.is_android( file_input )
if ret_type == "APK":
a = apk.APK( file_input )
d2 = dvm.DalvikVMFormat( a.get_dex() )
elif ret_type == "DEX":
d2 = dvm.DalvikVMFormat( read(file_input) )
if d2 == None:
return
dx2 = analysis.VMAnalysis( d2 )
el = elsim.Elsim( ProxyDalvik(d1, dx1), ProxyDalvik(d2, dx2), FS, threshold, options.compressor, libnative=library )
el.show()
print "\t--> methods: %f%% of similarities" % el.get_similarity_value(new)
if options.display:
print "SIMILAR methods:"
diff_methods = el.get_similar_elements()
for i in diff_methods:
el.show_element( i )
print "IDENTICAL methods:"
new_methods = el.get_identical_elements()
for i in new_methods:
el.show_element( i )
print "NEW methods:"
new_methods = el.get_new_elements()
for i in new_methods:
el.show_element( i, False )
print "DELETED methods:"
del_methods = el.get_deleted_elements()
for i in del_methods:
el.show_element( i )
print "SKIPPED methods:"
skipped_methods = el.get_skipped_elements()
for i in skipped_methods:
el.show_element( i )
if view_strings:
els = elsim.Elsim( ProxyDalvikStringMultiple(d1, dx1),
ProxyDalvikStringMultiple(d2, dx2),
FILTERS_DALVIK_SIM_STRING,
threshold,
options.compressor,
libnative=library )
#els = elsim.Elsim( ProxyDalvikStringOne(d1, dx1),
# ProxyDalvikStringOne(d2, dx2), FILTERS_DALVIK_SIM_STRING, threshold, options.compressor, libnative=library )
els.show()
print "\t--> strings: %f%% of similarities" % els.get_similarity_value(new)
if options.display:
print "SIMILAR strings:"
diff_strings = els.get_similar_elements()
for i in diff_strings:
els.show_element( i )
print "IDENTICAL strings:"
new_strings = els.get_identical_elements()
for i in new_strings:
els.show_element( i )
print "NEW strings:"
new_strings = els.get_new_elements()
for i in new_strings:
els.show_element( i, False )
print "DELETED strings:"
del_strings = els.get_deleted_elements()
for i in del_strings:
els.show_element( i )
print "SKIPPED strings:"
skipped_strings = els.get_skipped_elements()
for i in skipped_strings:
els.show_element( i )
