Magic-Mirror/androguard
1
0
Fork 0
mirror of https://github.com/androguard/androguard.git synced 2024-11-27 15:01:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix remaining old style classes

Browse Source
This commit is contained in:
Robert Grosse 2014-10-30 10:22:06 -07:00
parent f05c4dab0c
commit 09616381e4
23 changed files with 364 additions and 364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
androdump.py
View File

@ -41,7 +41,7 @@ options = [option_0, option_1]
MAGIC_PATTERN = "\xca\xfe\xba\xbe"
class AndroPreDump :
class AndroPreDump(object):
def __init__(self, input) :
self.data = []
@ -102,7 +102,7 @@ class AndroPreDump :
with fd = open(base_filename + "-" + "0x%x-0x%x" % (i[0].start + i[2], i[0].end), "w") as fd:
fd.write( i[1][i[2]:] )
class AndroDump :
class AndroDump(object):
def __init__(self, adp) :
self.__adp = adp

28
androguard/core/analysis/analysis.py
View File

@ -22,7 +22,7 @@ from androguard.core.bytecodes import jvm, dvm
from androguard.core.bytecodes.api_permissions import DVM_PERMISSIONS_BY_PERMISSION, DVM_PERMISSIONS_BY_ELEMENT
from androguard.util import read
class ContextField :
class ContextField(object):
def __init__(self, mode) :
self.mode = mode
self.details = []
@ -31,7 +31,7 @@ class ContextField :
for i in details :
self.details.append( i )
class ContextMethod :
class ContextMethod(object):
def __init__(self) :
self.details = []
@ -39,7 +39,7 @@ class ContextMethod :
for i in details :
self.details.append( i )
class ExternalFM :
class ExternalFM(object):
def __init__(self, class_name, name, descriptor) :
self.class_name = class_name
self.name = name
@ -54,7 +54,7 @@ class ExternalFM :
def get_descriptor(self) :
return self.descriptor
class ToString :
class ToString(object):
def __init__(self, tab) :
self.__tab = tab
self.__re_tab = {}
@ -136,7 +136,7 @@ BREAK_JVM_OPCODES_RE = []
for i in jvm.BREAK_JVM_OPCODES :
BREAK_JVM_OPCODES_RE.append( re.compile( i ) )
class Stack :
class Stack(object):
def __init__(self) :
self.__elems = []
@ -171,7 +171,7 @@ class Stack :
print "\t-->", nb, ": ", i
nb += 1
class StackTraces :
class StackTraces(object):
def __init__(self) :
self.__elems = []
@ -522,7 +522,7 @@ INSTRUCTIONS_ACTIONS = {
}
class ReturnValues :
class ReturnValues(object):
def __init__(self) :
self.__elems = []
self.__msgs = []
@ -539,7 +539,7 @@ class ReturnValues :
def get_return(self) :
return self.__elems
class ExternalMethod :
class ExternalMethod(object):
def __init__(self, class_name, name, descriptor) :
self.__class_name = class_name
self.__name = name
@ -551,7 +551,7 @@ class ExternalMethod :
def set_fathers(self, f) :
pass
class JVMBasicBlock :
class JVMBasicBlock(object):
def __init__(self, start, vm, method, context) :
self.__vm = vm
self.method = method
@ -1133,7 +1133,7 @@ TAINTED_LOCAL_VARIABLE = 0
TAINTED_FIELD = 1
TAINTED_STRING = 2
class PathVar :
class PathVar(object):
def __init__(self, access, idx, dst_idx, info_obj) :
self.access_flag = access
self.idx = idx
@ -1153,7 +1153,7 @@ class PathVar :
def get_idx(self) :
return self.idx
class TaintedVariable :
class TaintedVariable(object):
def __init__(self, var, _type) :
self.var = var
self.type = _type
@ -1200,7 +1200,7 @@ class TaintedVariable :
def show_paths(self, vm) :
show_PathVariable( vm, self.get_paths() )
class TaintedVariables :
class TaintedVariables(object):
def __init__(self, _vm) :
self.__vm = _vm
self.__vars = {
@ -1681,7 +1681,7 @@ def is_native_code(dx):
return False
class TaintedPackages :
class TaintedPackages(object):
def __init__(self, _vm) :
self.__vm = _vm
self.__packages = {}
@ -2000,7 +2000,7 @@ TAGS_ANDROID = { TAG_ANDROID.ANDROID : [ 0, "Landroid" ],
TAG_ANDROID.JAVA_REFLECTION : [ 0, "Ljava/lang/reflect"],
}
class Tags :
class Tags(object):
"""
Handle specific tags

156
androguard/core/analysis/risk.py
View File

@ -16,7 +16,7 @@
# limitations under the License.
# risks from classes.dex :
# API <-> Permissions
# API <-> Permissions
# method X is more dangerous than another one
# const-string -> apk-tool
# v0 <- X
@ -30,15 +30,15 @@
GENERAL_RISK = 0
DANGEROUS_RISK = 1
SIGNATURE_SYSTEM_RISK = 2
SIGNATURE_SYSTEM_RISK = 2
SIGNATURE_RISK = 3
NORMAL_RISK = 4
MONEY_RISK = 5
MONEY_RISK = 5
SMS_RISK = 6
PHONE_RISK = 7
INTERNET_RISK = 8
PRIVACY_RISK = 9
PRIVACY_RISK = 9
DYNAMIC_RISK = 10
BINARY_RISK = 11
@ -146,7 +146,7 @@ def create_system_risk() :
input_Binary_Risk = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_Internet_Risk = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_Dynamic_Risk = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
# Input variables
# Dangerous Risk
@ -166,7 +166,7 @@ def create_system_risk() :
input_Privacy_Risk.adjectives[LOW_RISK] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (6.0, 1.0), (10.0, 0.0)]) )
input_Privacy_Risk.adjectives[HIGH_RISK] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(6.0, 0.0), (10.0, 1.0), (20.0, 0.0)]) )
input_Privacy_Risk.adjectives[UNACCEPTABLE_RISK] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(15.0, 0.0), (20.0, 1.0), (30.0, 1.0)]) )
# Binary Risk
system.variables["input_Binary_Risk"] = input_Binary_Risk
input_Binary_Risk.adjectives[LOW_RISK] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (6.0, 1.0), (10.0, 0.0)]) )
@ -190,30 +190,30 @@ def create_system_risk() :
description="malware risk",
min=0.0,max=100.0,
)
#output_malware_risk = fuzzy.OutputVariable.OutputVariable(defuzzify=fuzzy.defuzzify.Dict.Dict())
output_malware_risk.adjectives[NULL_MALWARE_RISK] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(0.0))
output_malware_risk.adjectives[AVERAGE_MALWARE_RISK] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(30.0))
output_malware_risk.adjectives[HIGH_MALWARE_RISK] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(60.0))
output_malware_risk.adjectives[UNACCEPTABLE_MALWARE_RISK] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(100.0))
system.variables["output_malware_risk"] = output_malware_risk
# Rules
#RULE 0: DYNAMIC
#RULE 0: DYNAMIC
add_system_rule(system, "r0", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[NULL_MALWARE_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Dynamic_Risk"].adjectives[LOW_RISK] )
)
)
add_system_rule(system, "r0a", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[UNACCEPTABLE_MALWARE_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Dynamic_Risk"].adjectives[UNACCEPTABLE_RISK] )
)
)
#RULE 1: MONEY
add_system_rule(system, "r1", fuzzy.Rule.Rule(
@ -227,14 +227,14 @@ def create_system_risk() :
operator=fuzzy.operator.Input.Input( system.variables["input_Money_Risk"].adjectives[UNACCEPTABLE_RISK] )
)
)
#RULE 3 : BINARY
add_system_rule(system, "r3", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[AVERAGE_MALWARE_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Binary_Risk"].adjectives[AVERAGE_RISK] )
)
)
add_system_rule(system, "r3a", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[HIGH_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Binary_Risk"].adjectives[HIGH_RISK] )
@ -246,7 +246,7 @@ def create_system_risk() :
operator=fuzzy.operator.Input.Input( system.variables["input_Binary_Risk"].adjectives[UNACCEPTABLE_RISK] )
)
)
# PRIVACY + INTERNET
add_system_rule(system, "r5", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[HIGH_MALWARE_RISK]],
@ -264,13 +264,13 @@ def create_system_risk() :
fuzzy.operator.Input.Input( system.variables["input_Internet_Risk"].adjectives[HIGH_RISK] ) )
)
)
add_system_rule(system, "r6", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[HIGH_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Dangerous_Risk"].adjectives[HIGH_RISK] )
)
)
add_system_rule(system, "r6a", fuzzy.Rule.Rule(
adjective=[system.variables["output_malware_risk"].adjectives[UNACCEPTABLE_RISK]],
operator=fuzzy.operator.Input.Input( system.variables["input_Dangerous_Risk"].adjectives[UNACCEPTABLE_RISK] )
@ -310,7 +310,7 @@ def create_system_method_score() :
import fuzzy.norm.Min
import fuzzy.norm.Max
import fuzzy.Rule
system = fuzzy.System.System()
input_Length_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
@ -319,10 +319,10 @@ def create_system_method_score() :
input_JavaEntropy_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_Permissions_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_Similarity_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
# Input variables
# Length
# Length
system.variables["input_Length_MS"] = input_Length_MS
input_Length_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (50.0, 1.0), (100.0, 0.0)]) )
input_Length_MS.adjectives[AVERAGE_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(50.0, 0.0), (100.0, 1.0), (150.0, 1.0), (300.0, 0.0)]) )
@ -346,19 +346,19 @@ def create_system_method_score() :
system.variables["input_JavaEntropy_MS"] = input_JavaEntropy_MS
input_JavaEntropy_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (2.0, 1.0), (4.0, 0.0)]) )
input_JavaEntropy_MS.adjectives[HIGH_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(3.0, 0.0), (4.0, 1.0), (30.0, 1.0)]) )
# Permissions
system.variables["input_Permissions_MS"] = input_Permissions_MS
input_Permissions_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (3.0, 1.0), (4.0, 0.0)]) )
input_Permissions_MS.adjectives[AVERAGE_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(3.0, 0.0), (4.0, 1.0), (8.0, 1.0), (9.0, 0.0)]) )
input_Permissions_MS.adjectives[HIGH_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(8.0, 0.0), (10.0, 1.0), (12.0, 1.0), (13.0, 0.0)]) )
input_Permissions_MS.adjectives[PERFECT_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(12.0, 0.0), (13.0, 1.0), (20.0, 1.0)]) )
# Similarity Match
# Similarity Match
system.variables["input_Similarity_MS"] = input_Similarity_MS
input_Similarity_MS.adjectives[HIGH_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (0.1, 1.0), (0.3, 0.0)]) )
input_Similarity_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.3, 0.0), (0.35, 1.0), (0.4, 1.0)]) )
# Output variables
output_method_score = fuzzy.OutputVariable.OutputVariable(
@ -372,37 +372,37 @@ def create_system_method_score() :
output_method_score.adjectives[PERFECT_METHOD_SCORE] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(100.0))
system.variables["output_method_score"] = output_method_score
add_system_rule(system, "android entropy null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_AndroidEntropy_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "java entropy null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_JavaEntropy_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "permissions null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "permissions average", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[AVERAGE_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[AVERAGE_SCORE] ))
)
add_system_rule(system, "permissions high", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[HIGH_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[HIGH_SCORE] ))
)
add_system_rule(system, "permissions perfect", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[PERFECT_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[PERFECT_SCORE] ))
)
add_system_rule(system, "similarity low", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Similarity_MS"].adjectives[LOW_SCORE] ))
@ -434,7 +434,7 @@ def create_system_method_score() :
fuzzy.operator.Input.Input( system.variables["input_AndroidEntropy_MS"].adjectives[HIGH_SCORE] ) )
)
)
add_system_rule(system, "length JavaEntropy perfect", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_score"].adjectives[HIGH_METHOD_SCORE]],
operator=fuzzy.operator.Compound.Compound(
@ -487,17 +487,17 @@ def create_system_method_one_score() :
import fuzzy.norm.Min
import fuzzy.norm.Max
import fuzzy.Rule
system = fuzzy.System.System()
input_Length_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_AndroidEntropy_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_JavaEntropy_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
input_Permissions_MS = fuzzy.InputVariable.InputVariable(fuzzify=fuzzy.fuzzify.Plain.Plain())
# Input variables
# Length
# Length
system.variables["input_Length_MS"] = input_Length_MS
input_Length_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (50.0, 1.0), (100.0, 0.0)]) )
input_Length_MS.adjectives[AVERAGE_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(50.0, 0.0), (100.0, 1.0), (150.0, 1.0), (300.0, 0.0)]) )
@ -513,14 +513,14 @@ def create_system_method_one_score() :
system.variables["input_JavaEntropy_MS"] = input_JavaEntropy_MS
input_JavaEntropy_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (2.0, 1.0), (4.0, 0.0)]) )
input_JavaEntropy_MS.adjectives[HIGH_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(3.0, 0.0), (4.0, 1.0), (30.0, 1.0)]) )
# Permissions
system.variables["input_Permissions_MS"] = input_Permissions_MS
input_Permissions_MS.adjectives[LOW_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(0.0, 1.0), (3.0, 1.0), (4.0, 0.0)]) )
input_Permissions_MS.adjectives[AVERAGE_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(3.0, 0.0), (4.0, 1.0), (8.0, 1.0), (9.0, 0.0)]) )
input_Permissions_MS.adjectives[HIGH_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(8.0, 0.0), (10.0, 1.0), (12.0, 1.0), (13.0, 0.0)]) )
input_Permissions_MS.adjectives[PERFECT_SCORE] = fuzzy.Adjective.Adjective( fuzzy.set.Polygon.Polygon([(12.0, 0.0), (13.0, 1.0), (20.0, 1.0)]) )
# Output variables
output_method_score = fuzzy.OutputVariable.OutputVariable(
defuzzify=fuzzy.defuzzify.COGS.COGS(),
@ -533,37 +533,37 @@ def create_system_method_one_score() :
output_method_score.adjectives[PERFECT_METHOD_SCORE] = fuzzy.Adjective.Adjective(fuzzy.set.Singleton.Singleton(100.0))
system.variables["output_method_one_score"] = output_method_score
add_system_rule(system, "android entropy null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_AndroidEntropy_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "java entropy null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_JavaEntropy_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "permissions null", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[NULL_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[LOW_SCORE] ))
)
add_system_rule(system, "permissions average", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[AVERAGE_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[AVERAGE_SCORE] ))
)
add_system_rule(system, "permissions high", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[HIGH_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[HIGH_SCORE] ))
)
add_system_rule(system, "permissions perfect", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[PERFECT_METHOD_SCORE]],
operator=fuzzy.operator.Input.Input( system.variables["input_Permissions_MS"].adjectives[PERFECT_SCORE] ))
)
add_system_rule(system, "length permissions perfect", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[PERFECT_METHOD_SCORE]],
@ -582,7 +582,7 @@ def create_system_method_one_score() :
fuzzy.operator.Input.Input( system.variables["input_AndroidEntropy_MS"].adjectives[HIGH_SCORE] ) )
)
)
add_system_rule(system, "length JavaEntropy perfect", fuzzy.Rule.Rule(
adjective=[system.variables["output_method_one_score"].adjectives[HIGH_METHOD_SCORE]],
operator=fuzzy.operator.Compound.Compound(
@ -596,7 +596,7 @@ def create_system_method_one_score() :
def export_system(system, directory) :
from fuzzy.doc.plot.gnuplot import doc
d = doc.Doc(directory)
d.createDoc(system)
@ -615,7 +615,7 @@ def export_system(system, directory) :
d.overscan=0
in_vars = [name for name,var in system.variables.items() if isinstance(var,fuzzy.InputVariable.InputVariable)]
out_vars = [name for name,var in system.variables.items() if isinstance(var,fuzzy.OutputVariable.OutputVariable)]
if len(in_vars) == 2 and not (
isinstance(system.variables[in_vars[0]].fuzzify,fuzzy.fuzzify.Dict.Dict)
or
@ -629,7 +629,7 @@ def export_system(system, directory) :
else:
d.create3DPlot(system, in_vars[0], in_vars[1], out_var, {})
class RiskIndicator :
class RiskIndicator(object):
def __init__(self) :
self.risk_analysis_obj = []
@ -643,7 +643,7 @@ class RiskIndicator :
return self.with_apk_direct(apk_file, d, dx)
return {}
def with_apk_direct(self, apk_file, d, dx) :
res = {}
for i in self.risk_analysis_obj :
@ -658,7 +658,7 @@ class RiskIndicator :
"""
d = dvm.DalvikVMFormat( dex_file )
dx = analysis.uVMAnalysis( d )
return self.with_dex_direct(d, dx)
def with_dex_direct(self, d, dx) :
@ -667,15 +667,15 @@ class RiskIndicator :
res[ i.get_name() ] = i.with_dex( d, dx )
return res
class FuzzyRisk :
class FuzzyRisk(object):
"""
Calculate the risk to install a specific android application by using :
Permissions :
Permissions :
- dangerous
- signatureOrSystem
- signature
- normal
- money
- internet
- sms
@ -694,7 +694,7 @@ class FuzzyRisk :
def __init__(self) :
self.system = create_system_risk()
# export_system( SYSTEM, "./output" )
self.system_method_risk = create_system_method_one_score()
def get_name(self) :
@ -731,16 +731,16 @@ class FuzzyRisk :
BINARY_RISK : 0.0,
DYNAMIC_RISK : 0.0,
}
d = {}
for i in vmx.get_permissions( [] ) :
d[ i ] = DVM_PERMISSIONS["MANIFEST_PERMISSION"][i]
d[ i ] = DVM_PERMISSIONS["MANIFEST_PERMISSION"][i]
self.__eval_risk_perm( d, risks )
self.__eval_risk_dyn( vmx, risks )
val = self.__eval_risks( risks )
return val
def test(self) :
@ -761,7 +761,7 @@ class FuzzyRisk :
map(lambda perm : (perm, DVM_PERMISSIONS["MANIFEST_PERMISSION"][ perm ]), vmx.get_permissions_method( method )),
)
for v in sorted(score_order_sign, key=lambda x : score_order_sign[x], reverse=True) :
print v.get_name(), v.get_class_name(), v.get_descriptor(), v.get_length(), score_order_sign[ v ]
@ -775,7 +775,7 @@ class FuzzyRisk :
if permission.find(".") != -1 :
permission = permission.split(".")[-1]
# print permission, GENERAL_PERMISSIONS_RISK[ list_details_permissions[ i ][0] ]
risk_type = GENERAL_PERMISSIONS_RISK[ list_details_permissions[ i ][0] ]
risks[ DANGEROUS_RISK ] += RISK_VALUES [ risk_type ]
@ -800,7 +800,7 @@ class FuzzyRisk :
# shared library
if "shared" in list_details_files[ i ] :
risks[ BINARY_RISK ] += RISK_VALUES [ BINARY_RISK ]
# binary
# binary
else :
risks[ BINARY_RISK ] += RISK_VALUES [ EXPLOIT_RISK ]
@ -815,12 +815,12 @@ class FuzzyRisk :
input_val['input_Dynamic_Risk'] = risks[ DYNAMIC_RISK ]
#print input_val,
self.system.calculate(input=input_val, output = output_values)
val = output_values[ "output_malware_risk" ]
return { "VALUE" : val }
def get_method_score(self, length, android_entropy, java_entropy, permissions) :
val_permissions = 0
for i in permissions :
@ -831,7 +831,7 @@ class FuzzyRisk :
val_permissions += RISK_VALUES[ j ]
except KeyError :
pass
print length, android_entropy, java_entropy, val_permissions
output_values = {"output_method_one_score" : 0.0}
@ -840,7 +840,7 @@ class FuzzyRisk :
input_val['input_AndroidEntropy_MS'] = android_entropy
input_val['input_JavaEntropy_MS'] = java_entropy
input_val['input_Permissions_MS'] = val_permissions
self.system_method_risk.calculate(input=input_val, output = output_values)
score = output_values[ "output_method_one_score" ]
@ -849,9 +849,9 @@ class FuzzyRisk :
def simulate(self, risks) :
return self.__eval_risks( risks )
class RedFlags :
class RedFlags(object):
# APK
# BINARY
# BINARY
# shared library
# executable
# dex
@ -874,7 +874,7 @@ class RedFlags :
self.flags = { "APK" : {
"SHARED LIBRARIES" : 0, # presence of shared libraries (ELF)
"EXECUTABLE" : 0, # presence of executables (ELF)
"DEX" : 0, # presence of dex files
"DEX" : 0, # presence of dex files
"APK" : 0, # presence of APK files
"ZIP" : 0, # presence of zip files
"SHELL_SCRIPT" : 0, # presence of shell scripts
@ -919,7 +919,7 @@ class RedFlags :
flags = self.flags_dex.copy()
self.analyze_dex( d, dx, flags["DEX"] )
return flags
def analyze_apk(self, a, flags) :
@ -958,19 +958,19 @@ class RedFlags :
"INTERNET" : [ "INTERNET" ],
"READ_PHONE_STATE" : [ "PRIVACY" ],
"READ_CONTACTS" : [ "PRIVACY" ],
"WRITE_CONTACTS" : [ "PRIVACY" ],
"READ_HISTORY_BOOKMARKS" : [ "PRIVACY" ],
"WRITE_HISTORY_BOOKMARKS" : [ "PRIVACY" ],
"READ_PROFILE" : [ "PRIVACY" ],
"WRITE_PROFILE" : [ "PRIVACY" ],
"READ_SOCIAL_STREAM" : [ "PRIVACY" ],
"WRITE_SOCIAL_STREAM" : [ "PRIVACY" ],
"READ_CALENDAR" : [ "PRIVACY" ],
"WRITE_CALENDAR" : [ "PRIVACY" ],
@ -986,7 +986,7 @@ class RedFlags :
"RECORD_AUDIO" : [ "PRIVACY" ],
"CAMERA" : [ "PRIVACY" ],
"ACCESS_FINE_LOCATION" : [ "PRIVACY", "GPS" ],
"ACCESS_COARSE_LOCATION" : [ "PRIVACY", "GPS" ],
@ -1013,12 +1013,12 @@ class RedFlags :
flags["DYNAMIC"] = int( analysis.is_dyn_code(dx) )
flags["CRYPTO"] = int( analysis.is_crypto_code(dx) )
class MethodScore :
class MethodScore(object):
def __init__(self, length, matches, android_entropy, java_entropy, permissions, similarity_matches) :
self.system = create_system_method_score()
#export_system( self.system, "./output" )
val_permissions = 0
for i in permissions :
val_permissions += RISK_VALUES[ GENERAL_PERMISSIONS_RISK[ i[1][0] ] ]
@ -1028,7 +1028,7 @@ class MethodScore :
val_permissions += RISK_VALUES[ j ]
except KeyError :
pass
print length, matches, android_entropy, java_entropy, similarity_matches, val_permissions
output_values = {"output_method_score" : 0.0}
@ -1039,7 +1039,7 @@ class MethodScore :
input_val['input_JavaEntropy_MS'] = java_entropy
input_val['input_Permissions_MS'] = val_permissions
input_val['input_Similarity_MS'] = similarity_matches
self.system.calculate(input=input_val, output = output_values)
self.score = output_values[ "output_method_score" ]

20
androguard/core/analysis/sign.py
View File

@ -23,9 +23,9 @@ TAINTED_PACKAGE_INTERNAL_CALL = 2
FIELD_ACCESS = { "R" : 0, "W" : 1 }
PACKAGE_ACCESS = { TAINTED_PACKAGE_CREATE : 0, TAINTED_PACKAGE_CALL : 1, TAINTED_PACKAGE_INTERNAL_CALL : 2 }
class Sign :
class Sign(object):
def __init__(self) :
self.levels = {}
self.levels = {}
self.hlevels = []
def add(self, level, value) :
@ -44,7 +44,7 @@ class Sign :
def get_list(self) :
return self.levels[ "sequencebb" ]
class Signature :
class Signature(object):
def __init__(self, vmx) :
self.vmx = vmx
self.tainted_packages = self.vmx.get_tainted_packages()
@ -143,7 +143,7 @@ class Signature :
internal.extend( getattr( self, f )( analysis_method ) )
internal.sort()
for i in internal :
if i[0] >= b.start and i[0] < b.end :
l.append( i )
@ -310,7 +310,7 @@ class Signature :
if m.find(i) == 0 :
present = True
break
if present == True :
l.append( (path.get_idx(), "P%s" % (PACKAGE_ACCESS[ path.get_access_flag() ]) ) )
continue
@ -334,14 +334,14 @@ class Signature :
#print signature_type, signature_arguments
for i in signature_type.split(":") :
# print i, signature_arguments[ i ]
if i == "L0" :
if i == "L0" :
_type = self.levels[ i ][ signature_arguments[ i ][ "type" ] ]
try :
_arguments = signature_arguments[ i ][ "arguments" ]
try :
_arguments = signature_arguments[ i ][ "arguments" ]
except KeyError :
_arguments = []
value = self._get_bb( analysis_method, _type, _arguments )
value = self._get_bb( analysis_method, _type, _arguments )
s.add( i, ''.join(z for z in value) )
elif i == "L4" :
@ -368,7 +368,7 @@ class Signature :
s.add( i, value )
else :
for f in self.levels[ i ] :
for f in self.levels[ i ] :
value = getattr( self, f )( analysis_method )
s.add( i, value )

4
androguard/core/androgen.py
View File

@ -23,7 +23,7 @@ from androguard.core.analysis import analysis
from androguard.core.analysis import ganalysis
from androguard.util import read
class BC :
class BC(object):
def __init__(self, bc) :
self.__bc = bc
@ -228,7 +228,7 @@ class Androguard(object):
for _, bc in self.__bc :
bc.pretty_show()
class AndroguardS :
class AndroguardS(object):
"""AndroguardS is the main object to abstract and manage differents formats but only per filename. In fact this class is just a wrapper to the main class Androguard
@param filename : the filename to use (filename must be terminated by .class or .dex)

12
androguard/core/binaries/elf.py
View File

@ -38,7 +38,7 @@ def disasm_at_addr(in_str, ad_to_dis, symbol_pool) :
bytecode._PrintDefault("\t %s\n" % j)
bytecode._PrintDefault("\n")
class Function :
class Function(object):
def __init__(self, cm, name, info) :
self.cm = cm
self.name = name
@ -47,10 +47,10 @@ class Function :
def show(self) :
bytecode._PrintSubBanner("Function")
bytecode._PrintDefault("name=%s addr=0x%x\n" % (self.name, self.info.value))
self.cm.disasm_at_addr( self.info.value )
class ClassManager :
class ClassManager(object):
def __init__(self, in_str, symbol_pool) :
self.in_str = in_str
self.symbol_pool = symbol_pool
@ -58,7 +58,7 @@ class ClassManager :
def disasm_at_addr(self, ad_to_dis) :
disasm_at_addr( self.in_str, ad_to_dis, self.symbol_pool )
class ELF :
class ELF(object):
def __init__(self, buff) :
self.E = elf_init.ELF( buff )
@ -69,7 +69,7 @@ class ELF :
self.create_symbol_pool()
self.CM = ClassManager( self.in_str, self.symbol_pool )
self.create_functions()
def create_symbol_pool(self) :
@ -95,7 +95,7 @@ class ELF :
self.functions.append( Function(self.CM, k, v) )
except AttributeError :
pass
for k, v in self.E.sh.dynsym.symbols.items() :
if v.size != 0 :
self.functions.append( Function(self.CM, k, v) )

32
androguard/core/binaries/idapipe.py
View File

@ -22,16 +22,16 @@ import xmlrpclib
import cPickle
class _Method :
class _Method(object):
def __init__(self, proxy, name) :
self.proxy = proxy
self.name = name
def __call__(self, *args):
#print "CALL", self.name, args
z = getattr( self.proxy, self.name, None )
#print "SEND", repr(cPickle.dumps( args ) )
try :
if len(args) == 1 :
ret = z( cPickle.dumps( args[0] ) )
@ -42,14 +42,14 @@ class _Method :
except xmlrpclib.ProtocolError :
return []
class MyXMLRPC :
class MyXMLRPC(object):
def __init__(self, proxy) :
self.proxy = proxy
def __getattr__(self, name) :
return _Method(self.proxy, name)
class BasicBlock :
class BasicBlock(object):
def __init__(self, ins) :
self.ins = ins
@ -57,10 +57,10 @@ class BasicBlock :
for i in self.ins :
print i
class Function :
class Function(object):
def __init__(self, name, start_ea, instructions, information) :
#print name, start_ea
self.name = name
self.start_ea = start_ea
self.information = information
@ -96,13 +96,13 @@ def run_ida(idapath, wrapper_init_path, binpath) :
# print stdout, stderr
sys.exit(0)
class IDAPipe :
class IDAPipe(object):
def __init__(self, idapath, binpath, wrapper_init_path) :
self.idapath = idapath
self.binpath = binpath
self.proxy = None
run_ida(self.idapath, self.binpath, wrapper_init_path)
while 1 :
@ -112,7 +112,7 @@ class IDAPipe :
break
except :
pass
#print self.proxy
self.proxy = MyXMLRPC( self.proxy )
@ -152,12 +152,12 @@ class IDAPipe :
if function_ea == -1 :
return
f_start = function_ea
f_start = function_ea
f_end = self.proxy.GetFunctionAttr(function_ea, 4) #FUNCATTR_END)
edges = set()
boundaries = set((f_start,))
for head in self.proxy.Heads(f_start, f_end) :
if self.proxy.isCode( self.proxy.GetFlags( head ) ) :
refs = self.proxy.CodeRefsFrom(head, 0)
@ -169,10 +169,10 @@ class IDAPipe :
next_head = self.proxy.NextHead(head, f_end)
if self.proxy.isFlow(self.proxy.GetFlags(next_head)):
refs.add(next_head)
# Update the boundaries found so far.
boundaries.update(refs)
# For each of the references found, and edge is
# created.
for r in refs:
@ -182,7 +182,7 @@ class IDAPipe :
if self.proxy.isFlow(self.proxy.GetFlags(r)):
edges.add((self.proxy.PrevHead(r, f_start), r))
edges.add((head, r))
#print edges, boundaries
# Let's build the list of (startEA, startEA) couples

22
androguard/core/binaries/idawrapper.py
View File

@ -24,7 +24,7 @@ from SimpleXMLRPCServer import SimpleXMLRPCServer
import cPickle
def is_connected() :
return True
return True
def wrapper_get_raw(oops) :
F = {}
@ -34,7 +34,7 @@ def wrapper_get_raw(oops) :
f_start = function_ea
f_end = GetFunctionAttr(function_ea, FUNCATTR_END)
edges = set()
boundaries = set((f_start,))
@ -46,15 +46,15 @@ def wrapper_get_raw(oops) :
refs = CodeRefsFrom(head, 0)
refs = set(filter(lambda x: x>=f_start and x<=f_end, refs))
if refs :
next_head = NextHead(head, f_end)
if isFlow(GetFlags(next_head)):
refs.add(next_head)
# Update the boundaries found so far.
boundaries.update(refs)
# For each of the references found, and edge is
# created.
for r in refs:
@ -64,7 +64,7 @@ def wrapper_get_raw(oops) :
if isFlow(GetFlags(r)):
edges.add((PrevHead(r, f_start), r))
edges.add((head, r))
#print edges, boundaries
# Let's build the list of (startEA, startEA) couples
# for each basic block
@ -103,13 +103,13 @@ def wrapper_get_function(oops) :
def wrapper_quit(oops) :
qexit(0)
class IDAWrapper :
class IDAWrapper(object):
def _dispatch(self, x, params) :
#fd = open("toto.txt", "w")
#fd.write( x + "\n" )
#fd.write( str(type(params[0])) + "\n" )
#fd.close()
params = cPickle.loads( *params )
if isinstance(params, tuple) == False :
params = (params,)
@ -145,14 +145,14 @@ def main() :
server = SimpleXMLRPCServer(("localhost", 9000))
server.register_function(is_connected, "is_connected")
server.register_function(wrapper_get_raw, "get_raw")
server.register_function(wrapper_get_function, "get_function")
server.register_function(wrapper_Heads, "Heads")
server.register_function(wrapper_Functions, "Functions")
server.register_instance(IDAWrapper())
server.register_function(wrapper_quit, "quit")
server.serve_forever()

4
androguard/core/bytecode.py
View File

@ -579,7 +579,7 @@ class SV(object):
def set_value(self, attr) :
self.__value = attr
class SVs :
class SVs(object):
def __init__(self, size, ntuple, buff) :
self.__size = size
@ -660,7 +660,7 @@ class BuffHandle(object):
def end(self) :
return self.__idx == len(self.__buff)
class Buff :
class Buff(object):
def __init__(self, offset, buff) :
self.offset = offset
self.buff = buff

2
androguard/core/bytecodes/apk.py
View File

@ -53,7 +53,7 @@ else :
ZIPMODULE = 1
################################################### CHILKAT ZIP FORMAT #####################################################
class ChilkatZip :
class ChilkatZip(object):
def __init__(self, raw) :
self.files = []
self.zip = chilkat.CkZip()

6
androguard/core/bytecodes/arm.py
View File

@ -10,7 +10,7 @@ from miasm.core.bin_stream import bin_stream
from miasm.core import asmbloc
class ARM2 :
class ARM2(object):
def __init__(self) :
b = r_bin.RBin ()
b.load("./apks/exploits/617efb2d51ad5c4aed50b76119ad880c6adcd4d2e386b3170930193525b0563d", None)
@ -41,13 +41,13 @@ class ARM2 :
print s, s.name, s.rva, s.offset, s.size
if s.name == "rootshell" :
#print core.disassemble_bytes( 0x8000 + s.offset, s.size )
#core.assembler.mdisassemble( 0x8000 + s.offset, s.size )
z = core.op_anal( 0x8000 + s.offset )
print z.mnemonic
raise("oo")
print core.bin.bins, core.bin.user
d = core.bin.read_at( 0x8000 + s.offset, x, s.size )
print d

86
androguard/core/bytecodes/dvm.py
View File

@ -383,7 +383,7 @@ def determineException(vm, m) :
#print m.get_name(), exceptions
return exceptions
class HeaderItem :
class HeaderItem(object):
"""
This class can parse an header_item of a dex file
@ -531,7 +531,7 @@ class HeaderItem :
def get_off(self) :
return self.offset
class AnnotationOffItem :
class AnnotationOffItem(object):
"""
This class can parse an annotation_off_item of a dex file
@ -560,7 +560,7 @@ class AnnotationOffItem :
def get_length(self) :
return len(self.get_obj())
class AnnotationSetItem :
class AnnotationSetItem(object):
"""
This class can parse an annotation_set_item of a dex file
@ -614,7 +614,7 @@ class AnnotationSetItem :
return length
class AnnotationSetRefItem :
class AnnotationSetRefItem(object):
"""
This class can parse an annotation_set_ref_item of a dex file
@ -699,7 +699,7 @@ class AnnotationSetRefList(object):
def get_length(self) :
return len(self.get_raw())
class FieldAnnotation :
class FieldAnnotation(object):
"""
This class can parse a field_annotation of a dex file
@ -753,7 +753,7 @@ class FieldAnnotation :
def get_length(self) :
return len(self.get_raw())
class MethodAnnotation :
class MethodAnnotation(object):
"""
This class can parse a method_annotation of a dex file
@ -807,7 +807,7 @@ class MethodAnnotation :
def get_length(self) :
return len(self.get_raw())
class ParameterAnnotation :
class ParameterAnnotation(object):
"""
This class can parse a parameter_annotation of a dex file
@ -861,7 +861,7 @@ class ParameterAnnotation :
def get_length(self):
return len(self.get_raw())
class AnnotationsDirectoryItem :
class AnnotationsDirectoryItem(object):
"""
This class can parse an annotations_directory_item of a dex file
@ -1005,7 +1005,7 @@ class AnnotationsDirectoryItem :
return length
class TypeItem :
class TypeItem(object):
"""
This class can parse a type_item of a dex file
@ -1047,7 +1047,7 @@ class TypeItem :
def get_length(self) :
return len(self.get_obj())
class TypeList :
class TypeList(object):
"""
This class can parse a type_list of a dex file
@ -1178,7 +1178,7 @@ DBG_LINE_BASE = -4
DBG_LINE_RANGE = 15
class DBGBytecode :
class DBGBytecode(object):
def __init__(self, cm, op_value) :
self.CM = cm
self.op_value = op_value
@ -1214,7 +1214,7 @@ class DBGBytecode :
buff += writesleb128( i[0] )
return buff
class DebugInfoItem :
class DebugInfoItem(object):
def __init__(self, buff, cm) :
self.CM = cm
@ -1327,7 +1327,7 @@ VALUE_NULL = 0x1e # (none; must be 0) (none) null reference value
VALUE_BOOLEAN = 0x1f # boolean (0..1) (none) one-bit value; 0 for false and 1 for true. The bit is represented in the value_arg.
class DebugInfoItemEmpty :
class DebugInfoItemEmpty(object):
def __init__(self, buff, cm) :
self.__CM = cm
@ -1363,7 +1363,7 @@ class DebugInfoItemEmpty :
def get_length(self) :
return len(self.__raw)
class EncodedArray :
class EncodedArray(object):
"""
This class can parse an encoded_array of a dex file
@ -1419,7 +1419,7 @@ class EncodedArray :
return length
class EncodedValue :
class EncodedValue(object):
"""
This class can parse an encoded_value of a dex file
@ -1517,7 +1517,7 @@ class EncodedValue :
else :
return len(pack("=B", self.val)) + len(bytecode.object_to_str( self.raw_value ))
class AnnotationElement :
class AnnotationElement(object):
"""
This class can parse an annotation_element of a dex file
@ -1563,7 +1563,7 @@ class AnnotationElement :
def get_length(self) :
return len(self.get_obj()) + self.value.get_length()
class EncodedAnnotation :
class EncodedAnnotation(object):
"""
This class can parse an encoded_annotation of a dex file
@ -1628,7 +1628,7 @@ class EncodedAnnotation :
return length
class AnnotationItem :
class AnnotationItem(object):
"""
This class can parse an annotation_item of a dex file
@ -1688,7 +1688,7 @@ class AnnotationItem :
return length
class EncodedArrayItem :
class EncodedArrayItem(object):
"""
This class can parse an encoded_array_item of a dex file
@ -1772,7 +1772,7 @@ def utf8_to_string(buff, length):
return ''.join(chars)
class StringDataItem :
class StringDataItem(object):
"""
This class can parse a string_data_item of a dex file
@ -1834,7 +1834,7 @@ class StringDataItem :
def get_length(self) :
return len(writeuleb128( self.utf16_size )) + len(self.data)
class StringIdItem :
class StringIdItem(object):
"""
This class can parse a string_id_item of a dex file
@ -1882,7 +1882,7 @@ class StringIdItem :
def get_length(self) :
return len(self.get_obj())
class TypeIdItem :
class TypeIdItem(object):
"""
This class can parse a type_id_item of a dex file
@ -1930,7 +1930,7 @@ class TypeIdItem :
def get_length(self) :
return len(self.get_obj())
class TypeHIdItem :
class TypeHIdItem(object):
"""
This class can parse a list of type_id_item of a dex file
@ -1989,7 +1989,7 @@ class TypeHIdItem :
length += i.get_length()
return length
class ProtoIdItem :
class ProtoIdItem(object):
"""
This class can parse a proto_id_item of a dex file
@ -2083,7 +2083,7 @@ class ProtoIdItem :
def get_length(self) :
return len(self.get_obj())
class ProtoHIdItem :
class ProtoHIdItem(object):
"""
This class can parse a list of proto_id_item of a dex file
@ -2135,7 +2135,7 @@ class ProtoHIdItem :
length += i.get_length()
return length
class FieldIdItem :
class FieldIdItem(object):
"""
This class can parse a field_id_item of a dex file
@ -2236,7 +2236,7 @@ class FieldIdItem :
def get_length(self) :
return len(self.get_obj())
class FieldHIdItem :
class FieldHIdItem(object):
"""
This class can parse a list of field_id_item of a dex file
@ -2291,7 +2291,7 @@ class FieldHIdItem :
return length
class MethodIdItem :
class MethodIdItem(object):
"""
This class can parse a method_id_item of a dex file
@ -2391,7 +2391,7 @@ class MethodIdItem :
def get_length(self) :
return len(self.get_obj())
class MethodHIdItem :
class MethodHIdItem(object):
"""
This class can parse a list of method_id_item of a dex file
@ -2445,7 +2445,7 @@ class MethodHIdItem :
length += i.get_length()
return length
class ProtoIdItemInvalid :
class ProtoIdItemInvalid(object):
def get_params(self) :
return "AG:IPI:invalid_params;"
@ -2458,7 +2458,7 @@ class ProtoIdItemInvalid :
def show(self) :
print "AG:IPI:invalid_proto_item", self.get_shorty(), self.get_return_type(), self.get_params()
class FieldIdItemInvalid :
class FieldIdItemInvalid(object):
def get_class_name(self) :
return "AG:IFI:invalid_class_name;"
@ -2477,7 +2477,7 @@ class FieldIdItemInvalid :
def show(self) :
print "AG:IFI:invalid_field_item"
class MethodIdItemInvalid :
class MethodIdItemInvalid(object):
def get_class_name(self) :
return "AG:IMI:invalid_class_name;"
@ -2988,7 +2988,7 @@ class EncodedMethod(object):
def get_size(self) :
return len(self.get_raw())
class ClassDataItem :
class ClassDataItem(object):
"""
This class can parse a class_data_item of a dex file
@ -3454,7 +3454,7 @@ class ClassDefItem(object):
def get_length(self) :
return len(self.get_obj())
class ClassHDefItem :
class ClassHDefItem(object):
"""
This class can parse a list of class_def_item of a dex file
@ -3524,7 +3524,7 @@ class ClassHDefItem :
length += i.get_length()
return length
class EncodedTypeAddrPair :
class EncodedTypeAddrPair(object):
"""
This class can parse an encoded_type_addr_pair of a dex file
@ -3566,7 +3566,7 @@ class EncodedTypeAddrPair :
def get_length(self) :
return len(self.get_raw())
class EncodedCatchHandler :
class EncodedCatchHandler(object):
"""
This class can parse an encoded_catch_handler of a dex file
@ -3647,7 +3647,7 @@ class EncodedCatchHandler :
return length
class EncodedCatchHandlerList :
class EncodedCatchHandlerList(object):
"""
This class can parse an encoded_catch_handler_list of a dex file
@ -6079,7 +6079,7 @@ def get_instruction_payload(op_value, buff) :
return DALVIK_OPCODES_PAYLOAD[op_value][0]( buff )
class LinearSweepAlgorithm :
class LinearSweepAlgorithm(object):
"""
This class is used to disassemble a method. The algorithm used by this class is linear sweep.
"""
@ -6623,7 +6623,7 @@ class DalvikCode(object):
def get_off(self) :
return self.__off
class CodeItem :
class CodeItem(object):
def __init__(self, size, buff, cm) :
self.__CM = cm
@ -6670,7 +6670,7 @@ class CodeItem :
length += i.get_size()
return length
class MapItem :
class MapItem(object):
def __init__(self, buff, cm) :
self.__CM = cm
@ -7173,7 +7173,7 @@ class ClassManager(object):
return DebugInfoItem( self.buff, self )
class MapList :
class MapList(object):
"""
This class can parse the "map_list" of the dex format
"""
@ -7257,14 +7257,14 @@ class MapList :
def get_length(self) :
return len(self.get_raw())
class XREF :
class XREF(object):
def __init__(self) :
self.items = []
def add(self, x, y):
self.items.append((x, y))
class DREF :
class DREF(object):
def __init__(self) :
self.items = []

62
androguard/core/bytecodes/jvm.py
View File

@ -25,7 +25,7 @@ from androguard.util import read
######################################################## JAR FORMAT ########################################################
class JAR :
class JAR(object):
def __init__(self, filename, raw=False) :
self.filename = filename
@ -664,7 +664,7 @@ class NameAndType(CpInfo) :
def get_descriptor_index(self) :
return self.format.get_value().descriptor_index
class EmptyConstant :
class EmptyConstant(object):
def __init__(self) :
pass
@ -717,7 +717,7 @@ VERIFICATION_TYPE_INFO = {
ITEM_Uninitialized : [ "Uninitialized_variable_info", '>BH', namedtuple( "Uninitialized_variable_info", "tag offset" ) ],
}
class FieldInfo :
class FieldInfo(object):
"""An object which represents a Field"""
def __init__(self, class_manager, buff) :
self.__raw_buff = buff.read( calcsize( FIELD_INFO[0] ) )
@ -787,7 +787,7 @@ class FieldInfo :
for i in self.__attributes :
i.show()
class MethodInfo :
class MethodInfo(object):
"""An object which represents a Method"""
def __init__(self, class_manager, buff) :
self.format = SVs( METHOD_INFO[0], METHOD_INFO[1], buff.read( calcsize( METHOD_INFO[0] ) ) )
@ -882,7 +882,7 @@ class MethodInfo :
i.pretty_show(vm_a.hmethods[ self ])
print "*" * 80
class CreateString :
class CreateString(object):
"""Create a specific String constant by given the name index"""
def __init__(self, class_manager, bytes) :
self.__string_index = class_manager.add_string( bytes )
@ -893,7 +893,7 @@ class CreateString :
return buff
class CreateInteger :
class CreateInteger(object):
"""Create a specific Integer constant by given the name index"""
def __init__(self, byte) :
self.__byte = byte
@ -904,7 +904,7 @@ class CreateInteger :
return buff
class CreateClass :
class CreateClass(object):
"""Create a specific Class constant by given the name index"""
def __init__(self, class_manager, name_index) :
self.__CM = class_manager
@ -917,7 +917,7 @@ class CreateClass :
return buff
class CreateNameAndType :
class CreateNameAndType(object):
"""Create a specific NameAndType constant by given the name and the descriptor index"""
def __init__(self, class_manager, name_index, descriptor_index) :
self.__CM = class_manager
@ -931,7 +931,7 @@ class CreateNameAndType :
return buff
class CreateFieldRef :
class CreateFieldRef(object):
"""Create a specific FieldRef constant by given the class and the NameAndType index"""
def __init__(self, class_manager, class_index, name_and_type_index) :
self.__CM = class_manager
@ -945,7 +945,7 @@ class CreateFieldRef :
return buff
class CreateMethodRef :
class CreateMethodRef(object):
"""Create a specific MethodRef constant by given the class and the NameAndType index"""
def __init__(self, class_manager, class_index, name_and_type_index) :
self.__CM = class_manager
@ -959,7 +959,7 @@ class CreateMethodRef :
return buff
class CreateCodeAttributeInfo :
class CreateCodeAttributeInfo(object):
"""Create a specific CodeAttributeInfo by given bytecodes (into an human readable format)"""
def __init__(self, class_manager, codes) :
self.__CM = class_manager
@ -1028,7 +1028,7 @@ class CreateCodeAttributeInfo :
''.join( i.get_raw() for i in self.__attributes )
# FIELD_INFO = [ '>HHHH', namedtuple("FieldInfo", "access_flags name_index descriptor_index attributes_count") ]
class CreateFieldInfo :
class CreateFieldInfo(object):
"""Create a specific FieldInfo by given the name, the prototype of the "new" field"""
def __init__(self, class_manager, name, proto) :
self.__CM = class_manager
@ -1056,7 +1056,7 @@ class CreateFieldInfo :
return buff
# METHOD_INFO = [ '>HHHH', namedtuple("MethodInfo", "access_flags name_index descriptor_index attributes_count") ]
class CreateMethodInfo :
class CreateMethodInfo(object):
"""Create a specific MethodInfo by given the name, the prototype and the code (into an human readable format) of the "new" method"""
def __init__(self, class_manager, name, proto, codes) :
self.__CM = class_manager
@ -1086,7 +1086,7 @@ class CreateMethodInfo :
return buff
class JBC :
class JBC(object):
"""JBC manages each bytecode with the value, name, raw buffer and special functions"""
# special --> ( r_function, v_function, r_buff, r_format, f_function )
def __init__(self, class_manager, op_name, raw_buff, special=None) :
@ -1195,7 +1195,7 @@ class JBC :
print self.show_buff( pos ),
class JavaCode :
class JavaCode(object):
"""JavaCode manages a list of bytecode to a specific method, by decoding a raw buffer and transform each bytecode into a JBC object"""
def __init__(self, class_manager, buff) :
self.__CM = class_manager
@ -1926,7 +1926,7 @@ class RuntimeInvisibleParameterAnnotationsAttribute(RuntimeVisibleParameterAnnot
for i in self.parameter_annotations :
i.show()
class ParameterAnnotation :
class ParameterAnnotation(object):
def __init__(self, cm, buff) :
# u2 num_annotations;
# annotation annotations[num_annotations];
@ -1963,7 +1963,7 @@ class AnnotationDefaultAttribute(BasicAttribute) :
print "AnnotationDefault"
self.default_value.show()
class Annotation :
class Annotation(object):
def __init__(self, cm, buff) :
# u2 type_index;
# u2 num_element_value_pairs;
@ -1988,7 +1988,7 @@ class Annotation :
i.show()
class ElementValuePair :
class ElementValuePair(object):
def __init__(self, cm, buff) :
# u2 element_name_index;
# element_value value;
@ -2004,7 +2004,7 @@ class ElementValuePair :
self.value.show()
ENUM_CONST_VALUE = [ '>HH', namedtuple("EnumConstValue", "type_name_index const_name_index") ]
class ElementValue :
class ElementValue(object):
def __init__(self, cm, buff) :
# u1 tag;
# union {
@ -2049,7 +2049,7 @@ class ElementValue :
else :
self.value.show()
class ArrayValue :
class ArrayValue(object):
def __init__(self, cm, buff) :
# u2 num_values;
# element_value values[num_values];
@ -2093,7 +2093,7 @@ class ExceptionsAttribute(BasicAttribute) :
for i in self.__exception_index_table :
print "\t", i
class VerificationTypeInfo :
class VerificationTypeInfo(object):
def __init__(self, class_manager, buff) :
self.__CM = class_manager
tag = SV( '>B', buff.read_b(1) ).get_value()
@ -2132,7 +2132,7 @@ class VerificationTypeInfo :
def set_cm(self, cm) :
self.__CM = cm
class FullFrame :
class FullFrame(object):
def __init__(self, class_manager, buff) :
self.__CM = class_manager
# u1 frame_type = FULL_FRAME; /* 255 */
@ -2189,7 +2189,7 @@ class FullFrame :
for i in self.__locals :
i.set_cm( cm )
class ChopFrame :
class ChopFrame(object):
def __init__(self, buff) :
# u1 frame_type=CHOP; /* 248-250 */
# u2 offset_delta;
@ -2211,7 +2211,7 @@ class ChopFrame :
def set_cm(self, cm) :
pass
class SameFrame :
class SameFrame(object):
def __init__(self, buff) :
# u1 frame_type = SAME;/* 0-63 */
self.frame_type = SV( '>B', buff.read(1) )
@ -2230,7 +2230,7 @@ class SameFrame :
def set_cm(self, cm) :
pass
class SameLocals1StackItemFrame :
class SameLocals1StackItemFrame(object):
def __init__(self, class_manager, buff) :
self.__CM = class_manager
# u1 frame_type = SAME_LOCALS_1_STACK_ITEM;/* 64-127 */
@ -2253,7 +2253,7 @@ class SameLocals1StackItemFrame :
def set_cm(self, cm) :
self.__CM = cm
class SameLocals1StackItemFrameExtended :
class SameLocals1StackItemFrameExtended(object):
def __init__(self, class_manager, buff) :
self.__CM = class_manager
# u1 frame_type = SAME_LOCALS_1_STACK_ITEM_EXTENDED; /* 247 */
@ -2279,7 +2279,7 @@ class SameLocals1StackItemFrameExtended :
self.stack.show()
print "#" * 60
class SameFrameExtended :
class SameFrameExtended(object):
def __init__(self, buff) :
# u1 frame_type = SAME_FRAME_EXTENDED;/* 251*/
# u2 offset_delta;
@ -2301,7 +2301,7 @@ class SameFrameExtended :
bytecode._Print("\tOFFSET_DELTA", self.offset_delta.get_value())
print "#" * 60
class AppendFrame :
class AppendFrame(object):
def __init__(self, class_manager, buff) :
self.__CM = class_manager
# u1 frame_type = APPEND; /* 252-254 */
@ -2403,7 +2403,7 @@ class StackMapTableAttribute(BasicAttribute) :
for i in self.__entries :
i.set_cm( cm )
class InnerClassesDesc :
class InnerClassesDesc(object):
def __init__(self, class_manager, buff) :
INNER_CLASSES_FORMAT = [ ">HHHH", "inner_class_info_index outer_class_info_index inner_name_index inner_class_access_flags" ]
@ -2527,7 +2527,7 @@ ATTRIBUTE_INFO_DESCR = {
"AnnotationDefault" : AnnotationDefaultAttribute,
}
class AttributeInfo :
class AttributeInfo(object):
"""AttributeInfo manages each attribute info (Code, SourceFile ....)"""
def __init__(self, class_manager, buff) :
self.__CM = class_manager
@ -2589,7 +2589,7 @@ class AttributeInfo :
else :
self._info.show()
class ClassManager :
class ClassManager(object):
"""ClassManager can be used by all classes to get more information"""
def __init__(self, constant_pool, constant_pool_count) :
self.constant_pool = constant_pool

4
androguard/core/bytecodes/jvm_generate.py
View File

@ -20,7 +20,7 @@ import random
from androconf import error
import jvm
class Automaton :
class Automaton(object):
def __init__(self, _analysis) :
self.__analysis = _analysis
@ -101,7 +101,7 @@ class Automaton :
#draw_graphviz(self.__G)
#write_dot(self.__G,'file.dot')
class JVMGenerate :
class JVMGenerate(object):
def __init__(self, _vm, _analysis) :
self.__vm = _vm
self.__analysis = _analysis

76
androguard/core/data/data.py
View File

@ -40,7 +40,7 @@ except ImportError :
DEFAULT_SIGNATURE = analysis.SIGNATURE_L0_4
def create_entropies(vmx, m) :
try :
try :
default_signature = vmx.get_method_signature(m, predef_sign = DEFAULT_SIGNATURE).get_string()
l = [ default_signature,
entropy( vmx.get_method_signature(m, "L4", { "L4" : { "arguments" : ["Landroid"] } } ).get_string() ),
@ -65,7 +65,7 @@ def create_info(vmx, m) :
return H
class Data :
class Data(object):
def __init__(self, vm, vmx, gvmx, a=None) :
self.vm = vm
self.vmx = vmx
@ -88,24 +88,24 @@ class Data :
def export_methods_to_gml(self) :
print self.gvmx.G
for node in self.gvmx.G.nodes() :
print self.gvmx.nodes_id[ node ].method_name, self.gvmx.nodes_id[ node ].get_attributes()
def export_apk_to_gml(self) :
if self.apk_data != None :
return self.apk_data.export_to_gml()
def export_dex_to_gml(self) :
if self.dex_data != None :
return self.dex_data.export_to_gml()
class DexViewer :
class DexViewer(object):
def __init__(self, vm, vmx, gvmx) :
self.vm = vm
self.vmx = vmx
self.gvmx = gvmx
def _create_node(self, id, height, width, color, label) :
buff = "<node id=\"%d\">\n" % id
@ -126,14 +126,14 @@ class DexViewer :
buff += "</node>\n"
return buff
def add_exception_node(self, exception, id_i) :
buff = ""
# 9933FF
height = 2
# 9933FF
height = 2
width = 0
label = ""
label += "%x:%x\n" % (exception.start, exception.end)
for i in exception.exceptions :
c_label = "\t(%s -> %x %s)\n" % (i[0], i[1], i[2].get_name())
@ -145,14 +145,14 @@ class DexViewer :
return self._create_node( id_i, height, width, "9333FF", label )
def add_method_node(self, i, id_i) :
height = 0
height = 0
width = 0
label = ""
label += i.get_name() + "\n"
label += i.get_descriptor()
height = 3
height = 3
width = len(label)
return self._create_node( id_i, height, width, "FF0000", label )
@ -166,17 +166,17 @@ class DexViewer :
c_label = "%x %s\n" % (idx, self.vm.dotbuff(ins, idx))
idx += ins.get_length()
label += c_label
width = max(width, len(c_label))
width = max(width, len(c_label))
height += 1
if height < 10 :
height += 3
height += 3
return self._create_node( id_i, height, width, "FFCC00", label )
def add_edge(self, i, id_i, j, id_j, l_eid, val) :
buff = "<edge id=\"%d\" source=\"%d\" target=\"%d\">\n" % (len(l_eid), id_i, id_j)
buff += "<data key=\"d9\">\n"
buff += "<y:PolyLineEdge>\n"
buff += "<y:Arrows source=\"none\" target=\"standard\"/>\n"
@ -209,7 +209,7 @@ class DexViewer :
for _class in self.vm.get_classes() :
name = _class.get_name()
name = name[1:-1]
buff = ""
buff += "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n"
@ -218,7 +218,7 @@ class DexViewer :
buff += "<key attr.name=\"description\" attr.type=\"string\" for=\"node\" id=\"d5\"/>\n"
buff += "<key for=\"node\" id=\"d6\" yfiles.type=\"nodegraphics\"/>\n"
buff += "<key for=\"edge\" id=\"d9\" yfiles.type=\"edgegraphics\"/>\n"
buff += "<graph edgedefault=\"directed\" id=\"G\">\n"
print name
@ -236,12 +236,12 @@ class DexViewer :
buff_nodes += self.add_method_node(method, id_method)
for i in mx.basic_blocks.get() :
id_i = self.new_id(i, l_id)
print i, id_i, i.exception_analysis
buff_nodes += self.add_node( i, id_i )
# add childs nodes
val = 0
if len(i.childs) > 1 :
@ -264,18 +264,18 @@ class DexViewer :
buff_edges += self.add_edge(None, id_exceptions, None, id_i, l_eid, 2)
buff_edges += self.add_edge(None, id_method, None, id_method+1, l_eid, 2)
buff += buff_nodes
buff += buff_edges
buff += "</graph>\n"
buff += "</graphml>\n"
H[ name ] = buff
return H
class Directory :
class Directory(object):
def __init__(self, name) :
self.name = name
self.basename = os.path.basename(name)
@ -286,13 +286,13 @@ class Directory :
def set_color(self, color) :
self.color = color
class File :
class File(object):
def __init__(self, name, file_type, file_crc) :
self.name = name
self.basename = os.path.basename(name)
self.file_type = file_type
self.file_crc = file_crc
self.color = "FFCC00"
self.width = max(len(self.name), len(self.file_type))
@ -307,7 +307,7 @@ def splitall(path, z) :
for i in l :
return splitall( i, z )
class ApkViewer :
class ApkViewer(object):
def __init__(self, a) :
self.a = a
@ -323,13 +323,13 @@ class ApkViewer :
for x, y, z in self.a.get_files_information() :
print x, y, z, os.path.basename(x)
l = []
splitall( x, l )
l.reverse()
l.pop(0)
last = root
for i in l :
if i not in self.all_files :
@ -342,12 +342,12 @@ class ApkViewer :
self.G.add_edge(last, tmp)
last = tmp
n1 = last
n2 = File( x, y, z )
n1 = last
n2 = File( x, y, z )
self.G.add_edge(n1, n2)
self.ids[ n2 ] = len(self.ids)
def export_to_gml(self) :
buff = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\n"
buff += "<graphml xmlns=\"http://graphml.graphdrawing.org/xmlns\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:y=\"http://www.yworks.com/xml/graphml\" xmlns:yed=\"http://www.yworks.com/xml/yed/3\" xsi:schemaLocation=\"http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd\">\n"
@ -355,17 +355,17 @@ class ApkViewer :
buff += "<key attr.name=\"description\" attr.type=\"string\" for=\"node\" id=\"d5\"/>\n"
buff += "<key for=\"node\" id=\"d6\" yfiles.type=\"nodegraphics\"/>\n"
buff += "<graph edgedefault=\"directed\" id=\"G\">\n"
for node in self.G.nodes() :
print node
buff += "<node id=\"%d\">\n" % self.ids[node]
buff += "<data key=\"d6\">\n"
buff += "<y:ShapeNode>\n"
buff += "<y:Geometry height=\"%f\" width=\"%f\"/>\n" % (60.0, 7 * node.width)
buff += "<y:Fill color=\"#%s\" transparent=\"false\"/>\n" % node.color
@ -375,7 +375,7 @@ class ApkViewer :
if isinstance(node, File) :
buff += "%s\n" % node.file_type
buff += "%s\n" % hex(node.file_crc)
buff += "</y:NodeLabel>\n"
buff += "</y:ShapeNode>\n"

12
elsim/elsim/elsign/dalvik_elsign.py
View File

@ -58,10 +58,10 @@ def FIX_FORMULA(x, z) :
return x
return x
class ElfElsign :
class ElfElsign(object):
pass
class DalvikElsign :
class DalvikElsign(object):
def __init__(self) :
self.debug = False
self.meth_elsign = Elsign()
@ -234,7 +234,7 @@ class DalvikElsign :
return ret[0], ret[1:]
class PublicSignature :
class PublicSignature(object):
def __init__(self, database, config, debug=False) :
self.debug = debug
@ -321,7 +321,7 @@ class PublicSignature :
return ret
class MSignature :
class MSignature(object):
def __init__(self, dbname, dbconfig, debug, ps=PublicSignature) :
"""
Check if signatures from a database is present in an android application (apk/dex)
@ -387,7 +387,7 @@ class MSignature :
"""
return self.p._check_dalvik_direct( d, dx )
class PublicCSignature :
class PublicCSignature(object):
def add_file(self, srules) :
l = []
rules = json.loads( srules )
@ -499,7 +499,7 @@ class PublicCSignature :
return vm, vmx, res
class CSignature :
class CSignature(object):
def __init__(self, pcs=PublicCSignature) :
self.pcs = pcs()

66
elsim/elsim/elsim.py
View File

@ -49,8 +49,8 @@ from similarity.similarity import *
FILTER_ELEMENT_METH = "FILTER_ELEMENT_METH"
FILTER_CHECKSUM_METH = "FILTER_CHECKSUM_METH" # function to checksum an element
FILTER_SIM_METH = "FILTER_SIM_METH" # function to calculate the similarity between two elements
FILTER_SORT_METH = "FILTER_SORT_METH" # function to sort all similar elements
FILTER_SORT_VALUE = "FILTER_SORT_VALUE" # value which used in the sort method to eliminate not interesting comparisons
FILTER_SORT_METH = "FILTER_SORT_METH" # function to sort all similar elements
FILTER_SORT_VALUE = "FILTER_SORT_VALUE" # value which used in the sort method to eliminate not interesting comparisons
FILTER_SKIPPED_METH = "FILTER_SKIPPED_METH" # object to skip elements
FILTER_SIM_VALUE_METH = "FILTER_SIM_VALUE_METH" # function to modify values of the similarity
@ -69,7 +69,7 @@ SIMILARITY_ELEMENTS = "similarity_elements"
SIMILARITY_SORT_ELEMENTS = "similarity_sort_elements"
class ElsimNeighbors :
class ElsimNeighbors(object):
def __init__(self, x, ys) :
import numpy as np
from sklearn.neighbors import NearestNeighbors
@ -79,7 +79,7 @@ class ElsimNeighbors :
#print CI, x.get_info()
#print
for i in ys :
for i in ys :
CI = np.vstack( (CI, [i.checksum.get_signature_entropy(), i.checksum.get_entropy()]) )
#idx = 0
@ -97,12 +97,12 @@ class ElsimNeighbors :
def cmp_elements(self) :
z = self.neigh.kneighbors( self.CI[0], 5 )
l = []
cmp_values = z[0][0]
cmp_elements = z[1][0]
idx = 1
for i in cmp_elements[1:] :
#if cmp_values[idx] > 1.0 :
# break
@ -120,10 +120,10 @@ def split_elements(el, els) :
####
# elements : entropy raw, hash, signature
#
#
# set elements : hash
# hash table elements : hash --> element
class Elsim :
class Elsim(object):
def __init__(self, e1, e2, F, T=None, C=None, libnative=True, libpath="elsim/elsim/similarity/libsimilarity/libsimilarity.so") :
self.e1 = e1
self.e2 = e2
@ -174,10 +174,10 @@ class Elsim :
self.filters[ ELEMENTS ][ self.e1 ] = []
self.filters[ HASHSUM ][ self.e1 ] = []
self.filters[ ELEMENTS ][ self.e2 ] = []
self.filters[ HASHSUM ][ self.e2 ] = []
self.filters[ SIMILARITY_ELEMENTS ] = {}
self.filters[ SIMILARITY_SORT_ELEMENTS ] = {}
@ -194,31 +194,31 @@ class Elsim :
self.set_els[ ce ] = set()
self.ref_set_els[ ce ] = {}
self.ref_set_ident[ce] = {}
for ae in ce.get_elements() :
e = self.filters[BASE][FILTER_ELEMENT_METH]( ae, ce )
if self.filters[BASE][FILTER_SKIPPED_METH].skip( e ) :
self.filters[ SKIPPED_ELEMENTS ].append( e )
continue
self.filters[ ELEMENTS ][ ce ].append( e )
fm = self.filters[ BASE ][ FILTER_CHECKSUM_METH ]( e, self.sim )
e.set_checksum( fm )
sha256 = e.getsha256()
self.filters[ HASHSUM ][ ce ].append( sha256 )
if sha256 not in self.set_els[ ce ] :
self.set_els[ ce ].add( sha256 )
self.ref_set_els[ ce ][ sha256 ] = e
self.ref_set_ident[ce][sha256] = []
self.ref_set_ident[ce][sha256].append(e)
def _init_similarity(self) :
intersection_elements = self.set_els[ self.e2 ].intersection( self.set_els[ self.e1 ] )
intersection_elements = self.set_els[ self.e2 ].intersection( self.set_els[ self.e1 ] )
difference_elements = self.set_els[ self.e2 ].difference( intersection_elements )
self.filters[IDENTICAL_ELEMENTS].update([ self.ref_set_els[ self.e1 ][ i ] for i in intersection_elements ])
@ -230,11 +230,11 @@ class Elsim :
#debug("SIM FOR %s" % (j.get_info()))
if j.getsha256() not in self.filters[HASHSUM][self.e2] :
#eln = ElsimNeighbors( j, available_e2_elements )
#for k in eln.cmp_elements() :
for k in available_e2_elements :
#debug("%s" % k.get_info())
#debug("%s" % k.get_info())
self.filters[SIMILARITY_ELEMENTS][ j ][ k ] = self.filters[BASE][FILTER_SIM_METH]( self.sim, j, k )
if j.getsha256() not in self.filters[HASHSUM_SIMILAR_ELEMENTS] :
self.filters[SIMILAR_ELEMENTS].append(j)
@ -244,7 +244,7 @@ class Elsim :
deleted_elements = []
for j in self.filters[SIMILAR_ELEMENTS] :
#debug("SORT FOR %s" % (j.get_info()))
sort_h = self.filters[BASE][FILTER_SORT_METH]( j, self.filters[SIMILARITY_ELEMENTS][ j ], self.filters[BASE][FILTER_SORT_VALUE] )
self.filters[SIMILARITY_SORT_ELEMENTS][ j ] = set( i[0] for i in sort_h )
@ -258,7 +258,7 @@ class Elsim :
for j in deleted_elements :
self.filters[ DELETED_ELEMENTS ].append( j )
self.filters[ SIMILAR_ELEMENTS ].remove( j )
def __checksort(self, x, y) :
return y in self.filters[SIMILARITY_SORT_ELEMENTS][ x ]
@ -293,25 +293,25 @@ class Elsim :
@rtype : a list of elements
"""
return self.get_elem( NEW_ELEMENTS )
def get_deleted_elements(self) :
""" Return the deleted elements
@rtype : a list of elements
"""
return self.get_elem( DELETED_ELEMENTS )
def get_internal_identical_elements(self, ce) :
""" Return the internal identical elements
""" Return the internal identical elements
@rtype : a list of elements
"""
return self.get_elem( INTERNAL_IDENTICAL_ELEMENTS )
def get_identical_elements(self) :
""" Return the identical elements
""" Return the identical elements
@rtype : a list of elements
"""
return self.get_elem( IDENTICAL_ELEMENTS )
def get_skipped_elements(self) :
return self.get_elem( SKIPPED_ELEMENTS )
@ -333,9 +333,9 @@ class Elsim :
else :
for j in self.filters[ SIMILARITY_SORT_ELEMENTS ][ i ] :
print "\t\t-->", j.get_info(), self.filters[ SIMILARITY_ELEMENTS ][ i ][ j ]
def get_element_info(self, i) :
l = []
if i.getsha256() == None :
@ -380,7 +380,7 @@ class Elsim :
return (similarity_value/len(values)) * 100
def show(self):
def show(self):
print "Elements:"
print "\t IDENTICAL:\t", len(self.get_identical_elements())
print "\t SIMILAR: \t", len(self.get_similar_elements())
@ -394,11 +394,11 @@ ADDED_ELEMENTS = "added elements"
DELETED_ELEMENTS = "deleted elements"
LINK_ELEMENTS = "link elements"
DIFF = "diff"
class Eldiff :
class Eldiff(object):
def __init__(self, elsim, F) :
self.elsim = elsim
self.F = F
self._init_filters()
self._init_diff()
@ -408,7 +408,7 @@ class Eldiff :
self.filters[ BASE ] = {}
self.filters[ BASE ].update( self.F )
self.filters[ ELEMENTS ] = {}
self.filters[ ADDED_ELEMENTS ] = {}
self.filters[ ADDED_ELEMENTS ] = {}
self.filters[ DELETED_ELEMENTS ] = {}
self.filters[ LINK_ELEMENTS ] = {}
@ -428,7 +428,7 @@ class Eldiff :
def show(self) :
for bb in self.filters[ LINK_ELEMENTS ] : #print "la"
print bb.get_info(), self.filters[ LINK_ELEMENTS ][ bb ].get_info()
print "Added Elements(%d)" % (len(self.filters[ ADDED_ELEMENTS ][ bb ]))
for i in self.filters[ ADDED_ELEMENTS ][ bb ] :
print "\t",

68
elsim/elsim/elsim_dalvik.py
View File

@ -32,14 +32,14 @@ def filter_sim_value_meth( v ) :
return 1.0
return v
class CheckSumMeth :
class CheckSumMeth(object):
def __init__(self, m1, sim) :
self.m1 = m1
self.sim = sim
self.buff = ""
self.entropy = 0.0
self.signature = None
code = m1.m.get_code()
if code != None :
bc = code.get_bc()
@ -56,14 +56,14 @@ class CheckSumMeth :
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature
def get_signature_entropy(self) :
if self.signature == None :
self.signature = self.m1.vmx.get_method_signature( self.m1.m, predef_sign = DEFAULT_SIGNATURE ).get_string()
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature_entropy
def get_entropy(self) :
return self.entropy
@ -80,7 +80,7 @@ def filter_sim_meth_old( m1, m2, sim ) :
e1 = a1.get_entropy()
e2 = a2.get_entropy()
return (max(e1, e2) - min(e1, e2))
return (max(e1, e2) - min(e1, e2))
def filter_sim_meth_basic( sim, m1, m2 ) :
ncd1, _ = sim.ncd( m1.checksum.get_signature(), m2.checksum.get_signature() )
@ -96,7 +96,7 @@ def filter_sort_meth_basic( j, x, value ) :
if get_debug() :
for i in z :
debug("\t %s %f" %(i[0].get_info(), i[1]))
if z[:1][0][1] > value :
return []
@ -106,7 +106,7 @@ def filter_sim_bb_basic( sim, bb1, bb2 ) :
ncd, _ = sim.ncd( bb1.checksum.get_buff(), bb2.checksum.get_buff() )
return ncd
class CheckSumBB :
class CheckSumBB(object):
def __init__(self, basic_block, sim) :
self.basic_block = basic_block
self.buff = ""
@ -133,7 +133,7 @@ DIFF_INS_TAG = {
"REMOVE" : 2
}
class DiffBB :
class DiffBB(object):
def __init__(self, bb1, bb2, info) :
self.bb1 = bb1
self.bb2 = bb2
@ -231,7 +231,7 @@ class DiffBB :
for i in self.di.remove_ins :
print "\t\t", i[0], i[1], i[2].get_name(), i[2].get_output()
class NewBB :
class NewBB(object):
def __init__(self, bb) :
self.bb = bb
@ -252,7 +252,7 @@ class NewBB :
self.childs = childs
class DiffINS :
class DiffINS(object):
def __init__(self, add_ins, remove_ins) :
self.add_ins = add_ins
self.remove_ins = remove_ins
@ -263,7 +263,7 @@ DIFF_BB_TAG = {
"NEW" : 2
}
class Method :
class Method(object):
def __init__(self, vm, vmx, m) :
self.m = m
self.vm = vm
@ -395,7 +395,7 @@ class Method :
for bb in self.mx.basic_blocks.get() :
if bb.name not in dbb :
# add the original basic block
bb.bb_tag = DIFF_BB_TAG["ORIG"]
bb.bb_tag = DIFF_BB_TAG["ORIG"]
l.append( bb )
else :
# add the diff basic block
@ -404,7 +404,7 @@ class Method :
for i in nbb :
# add the new basic block
nbb[ i ].bb_tag = DIFF_BB_TAG["NEW"]
nbb[ i ].bb_tag = DIFF_BB_TAG["NEW"]
l.append( nbb[ i ] )
# Sorted basic blocks by addr (orig, new, diff)
@ -453,14 +453,14 @@ class Method :
def filter_element_meth_basic(el, e) :
return Method( e.vm, e.vmx, el )
class BasicBlock :
class BasicBlock(object):
def __init__(self, bb) :
self.bb = bb
def set_checksum(self, fm) :
self.sha256 = hashlib.sha256( fm.get_buff() ).hexdigest()
self.checksum = fm
def getsha256(self) :
return self.sha256
@ -471,7 +471,7 @@ class BasicBlock :
print self.bb.name
def filter_element_bb_basic(el, e) :
return BasicBlock( el )
return BasicBlock( el )
def filter_sort_bb_basic( j, x, value ) :
z = sorted(x.iteritems(), key=lambda (k,v): (v,k))
@ -479,14 +479,14 @@ def filter_sort_bb_basic( j, x, value ) :
if get_debug() :
for i in z :
debug("\t %s %f" %(i[0].get_info(), i[1]))
if z[:1][0][1] > value :
return []
return z[:1]
import re
class FilterSkip :
class FilterSkip(object):
def __init__(self, size, regexp) :
self.size = size
self.regexp = regexp
@ -494,7 +494,7 @@ class FilterSkip :
def skip(self, m) :
if self.size != None and m.get_length() < self.size :
return True
if self.regexp != None and re.match(self.regexp, m.m.get_class_name()) != None :
return True
@ -509,7 +509,7 @@ class FilterSkip :
else :
self.size = e
class FilterNone :
class FilterNone(object):
def skip(self, e) :
return False
@ -523,14 +523,14 @@ FILTERS_DALVIK_SIM = {
elsim.FILTER_SIM_VALUE_METH : filter_sim_value_meth,
}
class StringVM :
class StringVM(object):
def __init__(self, el) :
self.el = el
def set_checksum(self, fm) :
self.sha256 = hashlib.sha256( fm.get_buff() ).hexdigest()
self.checksum = fm
def get_length(self) :
return len(self.el)
@ -543,7 +543,7 @@ class StringVM :
def filter_element_meth_string(el, e) :
return StringVM( el )
class CheckSumString :
class CheckSumString(object):
def __init__(self, m1, sim) :
self.m1 = m1
self.sim = sim
@ -566,7 +566,7 @@ def filter_sort_meth_string( j, x, value ) :
if get_debug() :
for i in z :
debug("\t %s %f" %(i[0].get_info(), i[1]))
if z[:1][0][1] > value :
return []
@ -592,7 +592,7 @@ FILTERS_DALVIK_BB = {
elsim.FILTER_SIM_VALUE_METH : filter_sim_value_meth,
}
class ProxyDalvik :
class ProxyDalvik(object):
def __init__(self, vm, vmx) :
self.vm = vm
self.vmx = vmx
@ -601,7 +601,7 @@ class ProxyDalvik :
for i in self.vm.get_methods() :
yield i
class ProxyDalvikMethod :
class ProxyDalvikMethod(object):
def __init__(self, el) :
self.el = el
@ -609,7 +609,7 @@ class ProxyDalvikMethod :
for j in self.el.mx.basic_blocks.get() :
yield j
class ProxyDalvikStringMultiple :
class ProxyDalvikStringMultiple(object):
def __init__(self, vm, vmx) :
self.vm = vm
self.vmx = vmx
@ -620,7 +620,7 @@ class ProxyDalvikStringMultiple :
#for i in self.vm.get_strings() :
# yield i
class ProxyDalvikStringOne :
class ProxyDalvikStringOne(object):
def __init__(self, vm, vmx) :
self.vm = vm
self.vmx = vmx
@ -676,7 +676,7 @@ def toString( bb, hS, rS ) :
return S, map_x
class DiffInstruction :
class DiffInstruction(object):
def __init__(self, bb, instruction) :
self.bb = bb
@ -687,7 +687,7 @@ class DiffInstruction :
def show(self) :
print hex(self.bb.bb.start + self.offset), self.pos_instruction, self.ins.get_name(), self.ins.show_buff( self.bb.bb.start + self.offset )
class DiffBasicBlock :
class DiffBasicBlock(object):
def __init__(self, x, y, added, deleted) :
self.basic_block_x = x
self.basic_block_y = y
@ -741,13 +741,13 @@ def filter_diff_bb(x, y) :
debug(" \t %s %s %s" % (i[0], instructions[ i[0] ].get_name(), instructions[ i[0] ].get_output()))
final_rm.append( (i[0], map_x[i[0]], instructions[ i[0] ]) )
return DiffBasicBlock( y, x, final_add, final_rm )
return DiffBasicBlock( y, x, final_add, final_rm )
FILTERS_DALVIK_DIFF_BB = {
elsim.DIFF : filter_diff_bb,
}
class ProxyDalvikBasicBlock :
class ProxyDalvikBasicBlock(object):
def __init__(self, esim) :
self.esim = esim
@ -756,7 +756,7 @@ class ProxyDalvikBasicBlock :
for i in x :
yield i, x[i]
class DiffDalvikMethod :
class DiffDalvikMethod(object):
def __init__(self, m1, m2, els, eld) :
self.m1 = m1
self.m2 = m2
@ -779,7 +779,7 @@ class DiffDalvikMethod :
print i.bb, hex(i.bb.get_start()), hex(i.bb.get_end()) #, i.bb.childs
idx = i.bb.get_start()
for j in i.bb.get_instructions() :
print "\t" + info, hex(idx),
print "\t" + info, hex(idx),
j.show(idx)
print
idx += j.get_length()

16
elsim/elsim/elsim_db.py
View File

@ -49,7 +49,7 @@ def eval_res_per_class(ret) :
############################################################
class ElsimDB :
class ElsimDB(object):
def __init__(self, database_path) :
self.db = DBFormat( database_path )
@ -187,17 +187,17 @@ class ElsimDB :
if sort_ret != {} :
if _class.get_name() not in N :
info["nodes"].append( { "name" : _class.get_name().split("/")[-1], "group" : 0 } )
info["nodes"].append( { "name" : _class.get_name().split("/")[-1], "group" : 0 } )
N[_class.get_name()] = len(N)
for j in sort_ret :
if j not in N :
for j in sort_ret :
if j not in N :
N[j] = len(N)
info["nodes"].append( { "name" : j, "group" : 1 } )
key = _class.get_name() + j
if key not in L :
L[ key ] = { "source" : N[_class.get_name()], "target" : N[j], "value" : 0 }
L[ key ] = { "source" : N[_class.get_name()], "target" : N[j], "value" : 0 }
info["links"].append( L[ key ] )
for k in sort_ret[j] :
@ -207,7 +207,7 @@ class ElsimDB :
return info
class ElsimDBIn :
class ElsimDBIn(object):
def __init__(self, output) :
self.db = DBFormat( output )
@ -221,10 +221,10 @@ class ElsimDBIn :
if regexp_pattern != None :
if re.match(regexp_pattern, _class.get_name()) == None :
continue
if regexp_exclude_pattern != None :
if regexp_exclude_pattern != None :
if re.match(regexp_exclude_pattern, _class.get_name()) != None :
continue
print "\t", _class.get_name()
for method in _class.get_methods() :
code = method.get_code()

18
elsim/elsim/elsim_text.py
View File

@ -28,28 +28,28 @@ def filter_sim_value_meth( v ) :
return 1.0
return v
class CheckSumText :
class CheckSumText(object):
def __init__(self, s1, sim) :
self.s1 = s1
self.sim = sim
self.buff = s1.string
self.entropy = 0.0
self.signature = None
def get_signature(self) :
if self.signature == None :
raise("ooo")
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature
def get_signature_entropy(self) :
if self.signature == None :
raise("ooo")
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature_entropy
def get_entropy(self) :
return self.entropy
@ -75,13 +75,13 @@ def filter_sort_meth_basic( j, x, value ) :
if get_debug() :
for i in z :
debug("\t %s %f" %(i[0].get_info(), i[1]))
if z[:1][0][1] > value :
return []
return z[:1]
class Text :
class Text(object):
def __init__(self, e, el) :
self.string = el
@ -102,14 +102,14 @@ class Text :
def set_checksum(self, fm) :
self.sha256 = hashlib.sha256( fm.get_buff() ).hexdigest()
self.checksum = fm
def getsha256(self) :
return self.sha256
def filter_element_meth_basic(el, e) :
return Text( e, el )
class FilterNone :
class FilterNone(object):
def skip(self, e):
# remove whitespace elements
if e.string.isspace() == True :
@ -130,7 +130,7 @@ FILTERS_TEXT = {
elsim.FILTER_SIM_VALUE_METH : filter_sim_value_meth,
}
class ProxyText :
class ProxyText(object):
def __init__(self, buff) :
self.buff = buff

24
elsim/elsim/elsim_x86.py
View File

@ -28,17 +28,17 @@ def filter_sim_value_meth( v ) :
return 1.0
return v
class CheckSumFunc :
class CheckSumFunc(object):
def __init__(self, f, sim) :
self.f = f
self.sim = sim
self.buff = ""
self.entropy = 0.0
self.signature = None
for i in self.f.get_instructions() :
self.buff += i.get_mnemonic()
self.entropy, _ = sim.entropy( self.buff )
def get_signature(self) :
@ -47,14 +47,14 @@ class CheckSumFunc :
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature
def get_signature_entropy(self) :
if self.signature == None :
self.signature = self.buff
self.signature_entropy, _ = self.sim.entropy( self.signature )
return self.signature_entropy
def get_entropy(self) :
return self.entropy
@ -76,20 +76,20 @@ def filter_sort_meth_basic( j, x, value ) :
if get_debug() :
for i in z :
debug("\t %s %f" %(i[0].get_info(), i[1]))
if z[:1][0][1] > value :
return []
return z[:1]
class Instruction :
class Instruction(object):
def __init__(self, i) :
self.mnemonic = i[1]
def get_mnemonic(self) :
return self.mnemonic
class Function :
class Function(object):
def __init__(self, e, el) :
self.function = el
@ -106,14 +106,14 @@ class Function :
def set_checksum(self, fm) :
self.sha256 = hashlib.sha256( fm.get_buff() ).hexdigest()
self.checksum = fm
def getsha256(self) :
return self.sha256
def filter_element_meth_basic(el, e) :
return Function( e, el )
class FilterNone :
class FilterNone(object):
def skip(self, e) :
#if e.get_nb_instructions() < 2 :
# return True
@ -129,7 +129,7 @@ FILTERS_X86 = {
elsim.FILTER_SIM_VALUE_METH : filter_sim_value_meth,
}
class ProxyX86IDA :
class ProxyX86IDA(object):
def __init__(self, ipipe) :
self.functions = ipipe.get_quick_functions()

2
elsim/elsim/similarity/similarity.py
View File

@ -368,7 +368,7 @@ class SIMILARITYPython(SIMILARITYBase) :
return current[n]
class SIMILARITY :
class SIMILARITY(object):
def __init__(self, path="./libsimilarity/libsimilarity.so", native_lib=True) :
if native_lib == True and NATIVE_LIB == True:
try :

4
tools/api/androapi.py
View File

@ -33,13 +33,13 @@ try :
except ImportError :
pass
class Constant :
class Constant(object):
def __init__(self, name, perms, desc_return) :
self.name = name
self.perms = perms
self.desc_return = desc_return
class Function :
class Function(object):
def __init__(self, name, perms, desc_return) :
self.name = name
self.perms = perms