## 1 使用会话

### 会话的目的
1. 同一时间加载大量的apk用于后续分析工作
2. 将当前分析出来的内容保存到磁盘上进行持久化，后续加载进行分析。

### 使用教程

In [1]:
from androguard import misc
from androguard import session

# get a default session
sess = misc.get_default_session()

# Use the session
a, d, dx = misc.AnalyzeAPK("apk/2.apk", session=sess)

# Show the current Session information
sess.show()

# Do stuff...

# Save the session to disk
session.Save(sess, "androguard_session.ag")

# Load it again
sess = session.Load("androguard_session.ag")

APKs in Session: 1
	00c8de6b31090c32b65f8c30d7227488d2bce5353b31bedf5461419ff463072d: [<androguard.core.bytecodes.apk.APK object at 0x7f54d41fc6d0>]
DEXs in Session: 1
	91e949e16b99523c80a8a345907b9525cb7dc8fab5bd2e048558ff582363c8df: <androguard.core.bytecodes.dvm.DalvikVMFormat object at 0x7f54b57d49a0>
Analysis in Session: 2
	00c8de6b31090c32b65f8c30d7227488d2bce5353b31bedf5461419ff463072d: <analysis.Analysis VMs: 1, Classes: 97, Strings: 112>
	91e949e16b99523c80a8a345907b9525cb7dc8fab5bd2e048558ff582363c8df: <analysis.Analysis VMs: 1, Classes: 97, Strings: 112>


In [4]:
from androguard.session import Session

s = Session()
sha256 = s.add("apk/3.apk")

a, d, dx = s.get_objects_apk(digest=sha256)

s.show()

# When no filename is given, the Session will be saved at the current directory
saved_file = s.save()
# ... and return the filename of the Session file
print(saved_file)

APKs in Session: 1
	00ceaa5f8f9be7a9ce5ffe96b5b6fb2e7e73ad87c2f023db9fa399c40ac59b62: [<androguard.core.bytecodes.apk.APK object at 0x7f54d41c90d0>]
DEXs in Session: 1
	778391a68ef9f48c228e90afd530dfb456e1ded416bbae05047f6700715eebe4: <androguard.core.bytecodes.dvm.DalvikVMFormat object at 0x7f54d41fccd0>
Analysis in Session: 2
	00ceaa5f8f9be7a9ce5ffe96b5b6fb2e7e73ad87c2f023db9fa399c40ac59b62: <analysis.Analysis VMs: 1, Classes: 1151, Strings: 1994>
	778391a68ef9f48c228e90afd530dfb456e1ded416bbae05047f6700715eebe4: <analysis.Analysis VMs: 1, Classes: 1151, Strings: 1994>
androguard_session_2021-12-15_152620.ag


> 建议不要在自动化环境中使用会话，在这种环境中加载了成百上千的 APK。

## 2 使用JADX作为反编译器

androidguard提供了不同的反编译器。

## 3 Android签名的证书

感觉这个似乎并不是很有用。记得在看过的文章中将此类android分类方法视为提取外部信息。


## 4 XML和resource文件的解析
resources.arsc. 底层格式是基于块的，能够存储多种不同的信息。

最常见的 AXML 文件是AndroidManifest.xml. 该文件必须是每个 APK 的一部分，并包含有关包的元信息。

Androguard 能够解码此类文件，并且存在两种不同的解码工具：

* androguard arsc用于解码resources.arsc。

* androguard axml用于解码AndroidManifest.xml和所有其他 XML 文件


### manifest文件解析
```xml
ykl@ykl-OptiPlex-3070:~/gitee/notes/Python/androguard/apk$ androguard axml 4.apk
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="5" android:versionName="1.1.5" package="ru.atools.sytrant">
  <application android:label="@7F040000" android:icon="@7F020001">
    <meta-data android:name="ADMOB_PUBLISHER_ID" android:value="a14bb4ac80ceddc"/>
    <activity android:theme="@android:01030006" android:label="@7F040000" android:name=".Sytrant" android:configChanges="0x000000A0">
      <intent-filter>
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
      </intent-filter>
    </activity>
    <activity android:theme="@android:0103000B" android:label="@7F040008" android:name=".About"/>
    <activity android:label="@7F04000B" android:name=".Settings"/>
    <service android:name=".SyncService"/>
    <receiver android:name=".BootUpReceiver" android:permission="android.permission.RECEIVE_BOOT_COMPLETED" android:enabled="true">
      <intent-filter>
        <action android:name="android.intent.action.BOOT_COMPLETED"/>
        <category android:name="android.intent.category.DEFAULT"/>
      </intent-filter>
    </receiver>
    <service android:name=".UpdateCheck"/>
    <meta-data android:name="MYAD_PID" android:value="SSsytrant"/>
  </application>
  <uses-permission android:name="android.permission.INTERNET"/>
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
  <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
  <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
  <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
  <uses-sdk android:minSdkVersion="3"/>
  <supports-screens android:anyDensity="true" android:smallScreens="true" android:normalScreens="true" android:largeScreens="true" android:resizeable="true"/>
  <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
  <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
</manifest>

```

### resource文件解析
```xml
ykl@ykl-OptiPlex-3070:~/gitee/notes/Python/androguard/apk$ androguard arsc 4.apk
<resources>
<public type="attr" name="placement" id="0x7f010000"/>
<public type="attr" name="mediaType" id="0x7f010001"/>
<public type="attr" name="displayMode" id="0x7f010002"/>
<public type="attr" name="adInterval" id="0x7f010003"/>
<public type="attr" name="animation" id="0x7f010004"/>
<public type="attr" name="siteId" id="0x7f010005"/>
<public type="attr" name="publisherId" id="0x7f010006"/>
<public type="attr" name="defaultAdImage" id="0x7f010007"/>
<public type="attr" name="defaultAdClickThru" id="0x7f010008"/>
<public type="attr" name="section" id="0x7f010009"/>
<public type="attr" name="adEventListenerClass" id="0x7f01000a"/>
<public type="attr" name="testMode" id="0x7f01000b"/>
<public type="attr" name="renderAdOnCreate" id="0x7f01000c"/>
<public type="attr" name="requestMode" id="0x7f01000d"/>
<public type="attr" name="bgColor" id="0x7f01000e"/>
<public type="attr" name="textColor" id="0x7f01000f"/>
<public type="attr" name="backgroundColor" id="0x7f010010"/>
<public type="attr" name="primaryTextColor" id="0x7f010011"/>
<public type="attr" name="secondaryTextColor" id="0x7f010012"/>
<public type="attr" name="keywords" id="0x7f010013"/>
<public type="attr" name="refreshInterval" id="0x7f010014"/>
<public type="drawable" name="icon" id="0x7f020001"/>
<public type="drawable" name="bg" id="0x7f020000"/>
<public type="drawable" name="icon" id="0x7f020001"/>
<public type="drawable" name="icon" id="0x7f020001"/>
<public type="layout" name="about" id="0x7f030000"/>
<public type="layout" name="main" id="0x7f030001"/>
<public type="layout" name="settings" id="0x7f030002"/>
<public type="layout" name="main" id="0x7f030001"/>
<public type="string" name="app_name" id="0x7f040000"/>
<public type="string" name="server_address" id="0x7f040001"/>
<public type="string" name="gmt_label" id="0x7f040002"/>
<public type="string" name="gmt_offset" id="0x7f040003"/>
<public type="string" name="minutes_label" id="0x7f040004"/>
<public type="string" name="log_start_message" id="0x7f040005"/>
<public type="string" name="start_button_label" id="0x7f040006"/>
<public type="string" name="about_text" id="0x7f040007"/>
<public type="string" name="about_title" id="0x7f040008"/>
<public type="string" name="about_menu_label" id="0x7f040009"/>
<public type="string" name="settings_menu_label" id="0x7f04000a"/>
<public type="string" name="settings_title" id="0x7f04000b"/>
<public type="string" name="exit_menu_label" id="0x7f04000c"/>
<public type="string" name="server_settings_label" id="0x7f04000d"/>
<public type="string" name="port_settings_label" id="0x7f04000e"/>
<public type="string" name="update_interval_label" id="0x7f04000f"/>
<public type="string" name="gmtoffset_minus_label" id="0x7f040010"/>
<public type="string" name="save_settings_dialog_title" id="0x7f040011"/>
<public type="string" name="save_settings_dialog_message" id="0x7f040012"/>
<public type="string" name="yes_button_title" id="0x7f040013"/>
<public type="string" name="no_button_title" id="0x7f040014"/>
<public type="string" name="cancel_button_title" id="0x7f040015"/>
<public type="string" name="autosync_enable_title" id="0x7f040016"/>
<public type="string" name="autosync_autostart_title" id="0x7f040017"/>
<public type="string" name="setdefaults_button_title" id="0x7f040018"/>
<public type="string" name="log_error_start_sync_message" id="0x7f040019"/>
<public type="string" name="log_start_sync_message" id="0x7f04001a"/>
<public type="string" name="log_adjusting" id="0x7f04001b"/>
<public type="string" name="log_analyzing" id="0x7f04001c"/>
<public type="string" name="log_connecting" id="0x7f04001d"/>
<public type="string" name="log_gettime_error" id="0x7f04001e"/>
<public type="string" name="log_finished_sync" id="0x7f04001f"/>
<public type="string" name="log_seconds" id="0x7f040020"/>
<public type="string" name="log_minutes" id="0x7f040021"/>
<public type="string" name="log_milliseconds" id="0x7f040022"/>
<public type="string" name="log_network_latency" id="0x7f040023"/>
<public type="string" name="log_settime_error" id="0x7f040024"/>
<public type="string" name="log_time_change" id="0x7f040025"/>
<public type="string" name="log_unknown_response" id="0x7f040026"/>
<public type="string" name="log_finished_sync2" id="0x7f040027"/>
<public type="string" name="autosync_enabled_toast" id="0x7f040028"/>
<public type="string" name="autosync_disabled_toast" id="0x7f040029"/>
<public type="string" name="gmtoffset_daylightsaving_label" id="0x7f04002a"/>
<public type="menu" name="menu" id="0x7f050000"/>
<public type="id" name="log_scrollview1" id="0x7f060000"/>
<public type="id" name="TextView01" id="0x7f060001"/>
<public type="id" name="server_textview" id="0x7f060002"/>
<public type="id" name="gmt_textview" id="0x7f060003"/>
<public type="id" name="log_scrollview" id="0x7f060004"/>
<public type="id" name="log_textview" id="0x7f060005"/>
<public type="id" name="sync_button" id="0x7f060006"/>
<public type="id" name="adMob" id="0x7f060007"/>
<public type="id" name="QWAd" id="0x7f060008"/>
<public type="id" name="ScrollView01" id="0x7f060009"/>
<public type="id" name="server_edittext" id="0x7f06000a"/>
<public type="id" name="TextView02" id="0x7f06000b"/>
<public type="id" name="port_edittext" id="0x7f06000c"/>
<public type="id" name="TextView03" id="0x7f06000d"/>
<public type="id" name="gmt_daylight_checkbox" id="0x7f06000e"/>
<public type="id" name="gmt_negative_checkbox" id="0x7f06000f"/>
<public type="id" name="gmt_timepicker" id="0x7f060010"/>
<public type="id" name="TextView04" id="0x7f060011"/>
<public type="id" name="autosync_layout" id="0x7f060012"/>
<public type="id" name="autosync_enable_checkbox" id="0x7f060013"/>
<public type="id" name="autosync_autostart_checkbox" id="0x7f060014"/>
<public type="id" name="autosync_timepicker" id="0x7f060015"/>
<public type="id" name="setdefaults_button" id="0x7f060016"/>
<public type="id" name="settings_menu_item" id="0x7f060017"/>
<public type="id" name="about_menu_item" id="0x7f060018"/>
<public type="id" name="exit_menu_item" id="0x7f060019"/>
</resources>
```

## 6 批量分析

1. 自己手写多线程就好了。、
2. 使用androauto也可以



## 7 调试损坏的APK

## 8 androguard GUI

一个图形界面系统，只能展示最简单的信息，但是有助于理解分析内容