Magic-Mirror/androguard
1
0
Fork 0
mirror of https://github.com/androguard/androguard.git synced 2024-11-26 22:40:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
adesnos 2015-09-13 08:40:14 +02:00
parent 51f92423ee
commit 6ec155e1c6
9 changed files with 77 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
androguard/session.py
View File

@ -55,6 +55,9 @@ class Session(object):
androconf.debug("added DEX:%s" % digest)
self.analyzed_dex[digest] = (d, dx)
if filename not in self.analyzed_files:
self.analyzed_files[filename] = []
self.analyzed_files[filename].append(digest)
self.analyzed_digest[digest] = filename
@ -73,6 +76,9 @@ class Session(object):
androconf.debug("added DEY:%s" % digest)
self.analyzed_dex[digest] = (d, dx)
if filename not in self.analyzed_files:
self.analyzed_files[filename] = []
self.analyzed_files[filename].append(digest)
self.analyzed_digest[digest] = filename

75
demos/androguard_ANALYSIS.py
View File

@ -4,38 +4,33 @@ import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL + "./")
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.session import Session
OUTPUT = "./output/"
#TEST = 'examples/java/test/orig/Test1.class'
#TEST = 'examples/java/Demo1/orig/DES.class'
#TEST = 'examples/java/Demo1/orig/Util.class'
#TEST = "apks/DroidDream/tmp/classes.dex"
#TEST = "./examples/android/TCDiff/bin/classes.dex"
TEST = "apks/iCalendar.apk"
#TEST = "apks/adrd/5/8370959.dex"
def display_CFG(a, x, classes):
for method in a.get_methods():
g = x.get_method( method )
TEST = "examples/android/TestsAndroguard/bin/TestActivity.apk"
def display_CFG(d, dx, classes):
for method in d.get_methods():
g = dx.get_method( method )
print method.get_class_name(), method.get_name(), method.get_descriptor()
for i in g.basic_blocks.get():
print "\t %s %x %x" % (i.name, i.start, i.end), '[ NEXT = ', ', '.join( "%x-%x-%s" % (j[0], j[1], j[2].get_name()) for j in i.childs ), ']', '[ PREV = ', ', '.join( j[2].get_name() for j in i.fathers ), ']'
def display_STRINGS(a, x, classes):
def display_STRINGS(dx):
print "STRINGS"
for s, _ in x.get_tainted_variables().get_strings():
print "String : ", repr(s.get_info())
analysis.show_PathVariable( a, s.get_paths() )
strings = dx.get_strings_analysis()
for s in strings:
print s, " --> "
print strings[s]
def display_FIELDS(a, x, classes):
def display_FIELDS(d, dx):
print "FIELDS"
for f, _ in x.get_tainted_variables().get_fields():
print "field : ", repr(f.get_info())
analysis.show_PathVariable( a, f.get_paths() )
for f in d.get_fields():
print f
print dx.get_field_analysis(f)
def display_PACKAGES(a, x, classes):
print "CREATED PACKAGES"
@ -73,27 +68,29 @@ def display_OBJECT_CREATED(a, x, class_name):
print "Search object", class_name
analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ) )
a = AndroguardS( TEST )
x = analysis.uVMAnalysis( a.get_vm() )
s = Session()
with open(TEST, "r") as fd:
s.add(TEST, fd.read())
#print a.get_vm().get_strings()
print a.get_vm().get_regex_strings( "access" )
print a.get_vm().get_regex_strings( "(long).*2" )
print a.get_vm().get_regex_strings( ".*(t\_t).*" )
a, d, dx = s.get_objects_apk(TEST)
classes = a.get_vm().get_classes_names()
vm = a.get_vm()
print d.get_strings()
print d.get_regex_strings( "access" )
print d.get_regex_strings( "(long).*2" )
print d.get_regex_strings( ".*(t\_t).*" )
display_CFG( a, x, classes )
display_STRINGS( vm, x, classes )
display_FIELDS( vm, x, classes )
display_PACKAGES( vm, x, classes )
display_PACKAGES_IE( vm, x, classes )
display_PACKAGES_II( vm, x, classes )
display_PERMISSION( vm, x, classes )
classes = d.get_classes_names()
display_SEARCH_PACKAGES( a, x, classes, "Landroid/telephony/" )
display_SEARCH_PACKAGES( a, x, classes, "Ljavax/crypto/" )
display_SEARCH_METHODS( a, x, classes, "Ljavax/crypto/", "generateSecret", "." )
display_CFG(d, dx, classes)
display_STRINGS(dx)
display_FIELDS(d, dx)
display_PACKAGES(d, dx)
display_PACKAGES_IE(d, dx)
display_PACKAGES_II(d, dx)
display_PERMISSION(d, dx)
display_OBJECT_CREATED( a, x, "." )
display_SEARCH_PACKAGES(dx, "Landroid/telephony/")
display_SEARCH_PACKAGES(dx, "Ljavax/crypto/")
display_SEARCH_METHODS(dx, "Ljavax/crypto/", "generateSecret", ".")
display_OBJECT_CREATED(dx, "." )

12
demos/disassembler.py
View File

@ -5,15 +5,15 @@ import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.session import Session
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS(TEST)
x = analysis.VMAnalysis(a.get_vm())
s = Session()
with open(TEST, "r") as fd:
digest, d, dx = s.addDEX(TEST, fd.read())
for method in a.get_methods():
for method in d.get_methods():
print method.get_class_name(), method.get_name(), method.get_descriptor()
code = method.get_code()
@ -25,7 +25,7 @@ for method in a.get_methods():
idx += i.get_length()
for method in a.get_methods():
for method in d.get_methods():
print method.get_class_name(), method.get_name(), method.get_descriptor()
idx = 0
for i in method.get_instructions():

16
demos/disassembler_exceptions.py
View File

@ -5,19 +5,18 @@ import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.session import Session
from androguard.core.bytecodes import dvm
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS( TEST )
x = analysis.VMAnalysis( a.get_vm() )
s = Session()
with open(TEST, "r") as fd:
digest, d, dx = s.addDEX(TEST, fd.read())
# CFG
for method in a.get_methods():
g = x.get_method( method )
for method in d.get_methods():
g = dx.get_method( method )
# Display only methods with exceptions
if method.get_code() == None:
@ -41,5 +40,4 @@ for method in a.get_methods():
for i in g.exceptions.gets():
print '%x %x %s' % (i.start, i.end, i.exceptions)
print dvm.determineException(a.get_vm(), method)
print dvm.determineException(d, method)

14
demos/disassembler_special_ins.py
View File

@ -5,16 +5,16 @@ import sys, hashlib
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.session import Session
TEST = 'examples/android/TestsAndroguard/bin/classes.dex'
a = AndroguardS( TEST )
x = analysis.VMAnalysis( a.get_vm() )
s = Session()
with open(TEST, "r") as fd:
digest, d, dx = s.addDEX(TEST, fd.read())
for method in a.get_methods():
g = x.get_method( method )
for method in d.get_methods():
g = dx.get_method( method )
if method.get_code() == None:
continue
@ -35,4 +35,4 @@ for method in a.get_methods():
if special_ins != None:
print "\t %x" % idx, ins, special_ins, ins.get_name(), ins.get_output(), repr( special_ins.get_data() )
idx += ins.get_length()
idx += ins.get_length()

133
tests/test_ins.py
View File

@ -1,133 +0,0 @@
#!/usr/bin/env python
# This file is part of Androguard.
#
# Copyright (C) 2012, Anthony Desnos <desnos at t0t0.fr>
# All rights reserved.
#
# Androguard is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Androguard is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Androguard. If not, see <http://www.gnu.org/licenses/>.
import sys, re
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
TESTS_CASES = [ #'examples/android/TC/bin/classes.dex',
'examples/android/TestsAndroguard/bin/classes.dex',
]
VALUES = {
'examples/android/TestsAndroguard/bin/classes.dex' : {
"Ltests/androguard/TestInvoke; <init> ()V" : {
0x0 : ("invoke-direct" , [['v',1] , ['meth@', 4, 'Ljava/lang/Object;', '()', 'V', '<init>']]),
0xa : ("invoke-virtual", [['v',1], ['v',0] , ['meth@', 49, 'Ltests/androguard/TestInvoke;', '(I)', 'I', 'TestInvoke1']]),
},
"Ltests/androguard/TestInvoke; TestInvoke1 (I)I" : {
0x4 : ("invoke-virtual", [['v',1] , ['v',2] , ['v',0] , ['meth@', 50,'Ltests/androguard/TestInvoke;' ,'(I I)', 'I', 'TestInvoke2']]),
},
"Ltests/androguard/TestInvoke; TestInvoke2 (I I)I" : {
0x4 : ("invoke-virtual", [['v',1] , ['v',2] , ['v',3] , ['v',0] , ['meth@', 51, 'Ltests/androguard/TestInvoke;', '(I I I)', 'I', 'TestInvoke3']]),
},
"Ltests/androguard/TestInvoke; TestInvoke3 (I I I)I" : {
0x4 : ("invoke-virtual", [['v', 1], ['v', 2], ['v', 3], ['v', 4], ['v', 0], ['meth@', 52, 'Ltests/androguard/TestInvoke;', '(I I I I)', 'I', 'TestInvoke4']]),
},
"Ltests/androguard/TestInvoke; TestInvoke4 (I I I I)I" : {
0xe : ("invoke-virtual/range", [['v', 0], ['v', 1], ['v', 2], ['v', 3], ['v', 4], ['v', 5], ['meth@', 53, 'Ltests/androguard/TestInvoke;', '(I I I I I)', 'I', 'TestInvoke5']]),
},
"Ltests/androguard/TestInvoke; TestInvoke5 (I I I I I)I" : {
0x10 : ("invoke-virtual/range", [['v', 0], ['v', 1], ['v', 2], ['v', 3], ['v', 4], ['v', 5], ['v', 6], ['meth@', 54, 'Ltests/androguard/TestInvoke;', '(I I I I I I)', 'I', 'TestInvoke6']]),
},
"Ltests/androguard/TestInvoke; TestInvoke6 (I I I I I I)I" : {
0x12 : ("invoke-virtual/range", [['v', 0], ['v', 1], ['v', 2], ['v', 3], ['v', 4], ['v', 5], ['v', 6], ['v', 7], ['meth@', 55, 'Ltests/androguard/TestInvoke;', '(I I I I I I I)', 'I', 'TestInvoke7']]),
},
"Ltests/androguard/TestInvoke; TestInvoke7 (I I I I I I I)I" : {
0x16 : ("invoke-virtual/range", [['v', 0], ['v', 1], ['v', 2], ['v', 3], ['v', 4], ['v', 5], ['v', 6], ['v', 7], ['v', 8], ['meth@', 56, 'Ltests/androguard/TestInvoke;', '(I I I I I I I I)', 'I', 'TestInvoke8']]),
},
"Ltests/androguard/TestInvoke; TestInvoke8 (I I I I I I I I)I" : {
0x0 : ("mul-int", [['v', 0], ['v', 2], ['v', 3]]),
0x4 : ("mul-int/2addr", [['v', 0], ['v', 4]]),
0x10 : ("return", [['v', 0]]),
}
},
}
def test(got, expected):
if got == expected:
prefix = ' OK '
else:
prefix = ' X '
print '\t%s got: %s expected: %s' % (prefix, repr(got), repr(expected))
def getVal(i):
op = i.get_operands()
if isinstance(op, int):
return [ op ]
elif i.get_name() == "lookupswitch":
x = []
x.append( i.get_operands().default )
for idx in range(0, i.get_operands().npairs):
off = getattr(i.get_operands(), "offset%d" % idx)
x.append( off )
return x
return [-1]
def check(a, values):
for method in a.get_methods():
key = method.get_class_name() + " " + method.get_name() + " " + method.get_descriptor()
if key not in values:
continue
print "CHECKING ...", method.get_class_name(), method.get_name(), method.get_descriptor()
code = method.get_code()
bc = code.get_bc()
idx = 0
for i in bc.get():
# print "\t", "%x(%d)" % (idx, idx), i.get_name(), i.get_operands()
if idx in values[key]:
elem = values[key][idx]
val1 = i.get_name() + "%s" % i.get_operands()
val2 = elem[0] + "%s" % elem[1]
test(val1, val2)
del values[key][idx]
idx += i.get_length()
for i in TESTS_CASES:
a = AndroguardS( i )
check( a, VALUES[i] )
x = analysis.VMAnalysis( a.get_vm() )
print x

6
tests/test_session.py
View File

@ -25,5 +25,11 @@ class SessionTest(unittest.TestCase):
self.assertEqual(len(s.analyzed_digest), 2)
self.assertEqual(len(s.analyzed_dex), 1)
def testSessionSave(self):
s = session.Session()
with open("examples/android/TestsAndroguard/bin/TestActivity.apk", "r") as fd:
s.add("examples/android/TestsAndroguard/bin/TestActivity.apk", fd.read())
s.save("test_session")
if __name__ == '__main__':
unittest.main()

54
tests/test_sign.py
View File

@ -1,54 +0,0 @@
#!/usr/bin/env python
# This file is part of Androguard.
#
# Copyright (C) 2012, Anthony Desnos <desnos at t0t0.fr>
# All rights reserved.
#
# Androguard is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Androguard is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Androguard. If not, see <http://www.gnu.org/licenses/>.
import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
TEST_CASE = "examples/android/TestsAndroguard/bin/classes.dex"
def test(got, expected):
if got == expected:
prefix = ' OK '
else:
prefix = ' X '
print '%s got: %s expected: %s' % (prefix, repr(got), repr(expected))
a = AndroguardS( TEST_CASE )
x = analysis.uVMAnalysis( a.get_vm() )
for method in a.get_methods():
print method.get_class_name(), method.get_name(), method.get_descriptor()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_L0_0).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_L0_1).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_L0_2).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_L0_3).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_L0_4).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_HEX).get_string()
print "-> : \t", x.get_method_signature(method, predef_sign = analysis.SIGNATURE_SEQUENCE_BB).get_list()
print

18
tests/test_types.py
View File

@ -23,10 +23,8 @@ import sys
PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL)
from androguard.core.androgen import AndroguardS
from androguard.core.analysis import analysis
from androguard.session import Session
#TEST_CASE = 'examples/android/TC/bin/classes.dex'
TEST_CASE = 'examples/android/TestsAndroguard/bin/classes.dex'
VALUES_ = { "Lorg/t0t0/androguard/TC/TestType1; <init> ()V" : [
@ -158,9 +156,11 @@ def test(got, expected):
print '%s got: %s expected: %s' % (prefix, repr(got), repr(expected))
a = AndroguardS( TEST_CASE )
s = Session()
with open(TEST_CASE, "r") as fd:
digest, d, dx = s.addDEX(TEST_CASE, fd.read())
for method in a.get_methods():
for method in d.get_methods():
key = method.get_class_name() + " " + method.get_name() + " " + method.get_descriptor()
if key not in VALUES:
@ -171,12 +171,12 @@ for method in a.get_methods():
bc = code.get_bc()
idx = 0
for i in bc.get():
#print "\t", "%x" % idx, i.get_name(), i.get_operands()
for i in bc.get_instructions():
if "const" in i.get_name():
i.show(0)
formatted_operands = i.get_formatted_operands()
print formatted_operands
for f in formatted_operands:
# print i.get_name(), i.get_operands(), i.get_formatted_operands()
test( f[1], VALUES[ key ].pop(0) )
test(f, VALUES[ key ].pop(0))
idx += i.get_length()