-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathuitls.py
100 lines (79 loc) · 3.48 KB
/
uitls.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
from androguard.core import *
from androguard.core.androgen import *
from androguard.core.androconf import *
from androguard.core.bytecode import *
from androguard.core.bytecodes.jvm import *
from androguard.core.bytecodes.dvm import *
from androguard.core.bytecodes.apk import *
from androguard.core.analysis.analysis import *
from androguard.core.analysis.ganalysis import *
from androguard.core.analysis.risk import *
from androguard.decompiler.decompiler import *
from androguard.core import androconf
def AnalyzeAPK(filename, raw=False, decompiler=None):
"""
Analyze an android application and setup all stuff for a more quickly analysis !
:param filename: the filename of the android application or a buffer which represents the application
:type filename: string
:param raw: True is you would like to use a buffer (optional)
:type raw: boolean
:param decompiler: ded, dex2jad, dad (optional)
:type decompiler: string
:rtype: return the :class:`APK`, :class:`DalvikVMFormat`, and :class:`VMAnalysis` objects
"""
androconf.debug("APK ...")
a = APK(filename, raw)
d, dx = AnalyzeDex(a.get_dex(), raw=True, decompiler=decompiler)
return a, d, dx
def AnalyzeDex(filename, raw=False, decompiler=None) :
"""
Analyze an android dex file and setup all stuff for a more quickly analysis !
:param filename: the filename of the android dex file or a buffer which represents the dex file
:type filename: string
:param raw: True is you would like to use a buffer (optional)
:type raw: boolean
:rtype: return the :class:`DalvikVMFormat`, and :class:`VMAnalysis` objects
"""
androconf.debug("DalvikVMFormat ...")
d = None
if raw == False :
d = DalvikVMFormat( open(filename, "rb").read())
else :
d = DalvikVMFormat( filename )
androconf.debug("Export VM to python namespace")
d.create_python_export()
androconf.debug("VMAnalysis ...")
dx = uVMAnalysis( d )
androconf.debug("GVMAnalysis ...")
gx = GVMAnalysis( dx, None )
d.set_vmanalysis( dx )
d.set_gvmanalysis( gx )
RunDecompiler( d, dx, decompiler )
androconf.debug("XREF ...")
d.create_xref()
androconf.debug("DREF ...")
d.create_dref()
return d, dx
def RunDecompiler(d, dx, decompiler) :
"""
Run the decompiler on a specific analysis
:param d: the DalvikVMFormat object
:type d: :class:`DalvikVMFormat` object
:param dx: the analysis of the format
:type dx: :class:`VMAnalysis` object
:param decompiler: the type of decompiler to use ("dad", "dex2jad", "ded")
:type decompiler: string
"""
if decompiler != None :
androconf.debug("Decompiler ...")
decompiler = decompiler.lower()
if decompiler == "dex2jad" :
d.set_decompiler( DecompilerDex2Jad( d, androconf.CONF["PATH_DEX2JAR"], androconf.CONF["BIN_DEX2JAR"], androconf.CONF["PATH_JAD"], androconf.CONF["BIN_JAD"], androconf.CONF["TMP_DIRECTORY"] ) )
elif decompiler == "ded" :
d.set_decompiler( DecompilerDed( d, androconf.CONF["PATH_DED"], androconf.CONF["BIN_DED"], androconf.CONF["TMP_DIRECTORY"]) )
#print d.CM.decompiler_ob.classes
elif decompiler == "dad" :
d.set_decompiler( DecompilerDAD( d, dx ) )
else :
print "Unknown decompiler, use DAD decompiler by default"
d.set_decompiler( DecompilerDAD( d, dx ) )