Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
858 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
*.pyc | ||
*.pyo | ||
*.py~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,73 @@ | ||
Androick | ||
======== | ||
# Androick | ||
|
||
Androick is a python tool to help in forensics analysis on android. | ||
Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs. | ||
It is easy to use and avoid all repetitives tasks ! | ||
|
||
|
||
## Installation | ||
Simply clone this git repository | ||
|
||
### Dependencies | ||
|
||
#### Python | ||
- python >= 2.6 | ||
- [Python-magic](https://github.com/ahupp/python-magic/) | ||
|
||
#### SDK | ||
- aapt | ||
- adb | ||
- hprof-conv | ||
|
||
#### Others | ||
- a rooted device | ||
- sqlite3 | ||
|
||
## How to use | ||
1) show help message | ||
./androick.py -h | ||
|
||
2) show informations | ||
./androick.py -a | ||
|
||
3) select device to use | ||
./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
4) find package name | ||
./androick.py [-v] -f <Part of package name> | ||
|
||
5) download all related things of application | ||
./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
6) select only things you want extract | ||
./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] [-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
7) how to use option --keyLogs | ||
--keyLogs="key1,key2,key3" | ||
if more than one package | ||
--keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" | ||
Example : | ||
./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player | ||
|
||
/!\ The memory dump option will mostly not works with production builds | ||
|
||
## Author | ||
Written by Florian Pradines (Phonesec), this tool is a referenced OWASP Android security project since 2013. | ||
|
||
You can contact me via my [website](http://florianpradines.com) | ||
|
||
## Licence | ||
This program is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
|
||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
|
||
You should have received a copy of the GNU General Public License | ||
along with this program. If not, see <http://www.gnu.org/licenses/>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
# Androick | ||
|
||
Androick is a python tool to help in forensics analysis on android. | ||
Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs. | ||
It is easy to use and avoid all repetitives tasks ! | ||
|
||
|
||
## Installation | ||
Simply clone this git repository | ||
|
||
### Dependencies | ||
|
||
#### Python | ||
- python >= 2.6 | ||
- [Python-magic](https://github.com/ahupp/python-magic/) | ||
|
||
#### SDK | ||
- aapt | ||
- adb | ||
- hprof-conv | ||
|
||
#### Others | ||
- a rooted device | ||
- sqlite3 | ||
|
||
## How to use | ||
1) show help message | ||
./androick.py -h | ||
|
||
2) show informations | ||
./androick.py -a | ||
|
||
3) select device to use | ||
./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
4) find package name | ||
./androick.py [-v] -f <Part of package name> | ||
|
||
5) download all related things of application | ||
./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
6) select only things you want extract | ||
./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] [-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... | ||
|
||
7) how to use option --keyLogs | ||
--keyLogs="key1,key2,key3" | ||
if more than one package | ||
--keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" | ||
|
||
Example : | ||
./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player | ||
|
||
/!\ The memory dump option will mostly not works with production builds | ||
|
||
## Author | ||
Written by Florian Pradines (Phonesec), this tool is a referenced OWASP Android security project since 2013. | ||
|
||
You can contact me via my [website](http://florianpradines.com) | ||
|
||
## Licence | ||
This program is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
|
||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
|
||
You should have received a copy of the GNU General Public License | ||
along with this program. If not, see <http://www.gnu.org/licenses/>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
#!/usr/bin/python | ||
# -*- coding: utf8 -*- | ||
|
||
#<Androick - OWASP Android Project : Forensic analysis helper> | ||
#Copyright (C) <2013 - 2014> <Florian Pradines> | ||
|
||
#This program is free software: you can redistribute it and/or modify | ||
#it under the terms of the GNU General Public License as published by | ||
#the Free Software Foundation, either version 3 of the License, or | ||
#(at your option) any later version. | ||
# | ||
#This program is distributed in the hope that it will be useful, | ||
#but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
#GNU General Public License for more details. | ||
# | ||
#You should have received a copy of the GNU General Public License | ||
#along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
from subprocess import Popen, PIPE, STDOUT | ||
import getopt | ||
import sys | ||
|
||
from general import * | ||
from device import * | ||
from package import * | ||
|
||
|
||
def main(): | ||
try: | ||
opts, args = getopt.getopt(sys.argv[1:], "ahvAdslmpMD:f:", ["about", "help", "verbose", "all", "datas", "sql", "logs", "manifest", "permissions", "memory-dump" "keyLogs=", "device=", "find="]) | ||
except getopt.GetoptError, err: | ||
print err | ||
help() | ||
sys.exit(2) | ||
|
||
device = "" | ||
find = False | ||
verbose = False | ||
datas = False | ||
sql = False | ||
logs = False | ||
manifest = False | ||
permissions = False | ||
memoryDump = False | ||
keyLogs = [] | ||
|
||
#Parse options | ||
for opt, arg in opts: | ||
if opt in ("-a", "--about"): | ||
about() | ||
sys.exit() | ||
elif opt in ("-h", "--help"): | ||
help() | ||
sys.exit() | ||
elif opt in ("-v", "--verbose"): | ||
verbose = True | ||
elif opt in ("-A", "--all"): | ||
datas = True | ||
sql = True | ||
logs = True | ||
manifest = True | ||
permissions = True | ||
memoryDump = True | ||
elif opt in ("-d", "--datas"): | ||
datas = True | ||
elif opt in ("-s", "--sql"): | ||
sql = True | ||
elif opt in ("-l", "--logs"): | ||
logs = True | ||
elif opt in ("--keyLogs"): | ||
if len(arg) is 0: | ||
help() | ||
sys.exit() | ||
keyLogs = arg.split("|") | ||
elif opt in ("-m", "--manifest"): | ||
manifest = True | ||
elif opt in ("-p", "--permissions"): | ||
permissions = True | ||
elif opt in ("-M", "--memory-dump"): | ||
memoryDump = True | ||
elif opt in ("-D", "--device"): | ||
device = "-s "+ arg | ||
elif opt in ("-f", "--find"): | ||
find = arg | ||
|
||
if len(args) == 0 and find is False: | ||
print "Error : no arguments given" | ||
help() | ||
sys.exit(2) | ||
|
||
if not datas and sql: | ||
print "Error : option -s (--sql) must be used with -d (--datas)" | ||
help() | ||
sys.exit(2) | ||
|
||
if not logs and keyLogs: | ||
print "Error : option --keyLogs must be used with -l (--logs)" | ||
help() | ||
sys.exit(2) | ||
|
||
#start adb server | ||
if verbose: | ||
print "Starting adb server..." | ||
process = Popen(["adb", "start-server"], stderr=STDOUT, stdout=PIPE) | ||
if verbose: | ||
printVerbose (process) | ||
else: | ||
process.communicate() | ||
|
||
#validate given device (if given) | ||
if device != "" and not issetDevice (device): | ||
print "Device not found" | ||
sys.exit(2) | ||
|
||
#find package if asked | ||
if find: | ||
package = Package(find, device) | ||
result = package.find() | ||
if not result: | ||
print "no packages found with this name" | ||
sys.exit() | ||
else: | ||
print "packages found with this name : " | ||
i = 1 | ||
for package in result: | ||
print str(i) +") "+ package | ||
i += 1 | ||
|
||
choices = raw_input("Which packages do you want extract. Ex: 1 3 6 (type 0 to quit) : ").split() | ||
if choices[0] is "0": | ||
sys.exit(0) | ||
|
||
args = [] | ||
for choice in map(int,choices): | ||
if choice < 1 or choice > len(result): | ||
print str(choice) +" is not a good value" | ||
else: | ||
args.append(result[choice - 1]) | ||
|
||
#parse & extract packages | ||
i = 0 | ||
for arg in args: | ||
package = Package(arg, device) | ||
|
||
if len(keyLogs) > i: | ||
key = keyLogs[i].split(",") | ||
key.append(arg) | ||
elif logs: | ||
key = [arg] | ||
else: | ||
key = [] | ||
|
||
package.extract(verbose, datas, sql, key, manifest, permissions, memoryDump) | ||
i += 1 | ||
|
||
if __name__ == "__main__": | ||
main () |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
Version 2.1 (16 May 2014) | ||
- Get application's logs (possibility to choose keywords) | ||
- Generation of manifest file | ||
- Get files permissions | ||
- Get memory heap dump | ||
- Get pkg.odex file | ||
- You can choose exactly what you want extract | ||
- pkg.apk is now named package_name.apk when pulled from external storage | ||
- More informations when not in verbose mode | ||
- real README | ||
- minor bugs | ||
|
||
Version 2.0 (12 September 2013) | ||
- New version rewritten in Python | ||
- You can now extract serveral packages | ||
- When you search a package, you can select the packages you want extract | ||
- Redesigned options | ||
- Possibility of selectionning the device to work with | ||
- Check if a device is connected | ||
- Verify if package exist | ||
- More than one save are allowed | ||
- External SD directory finder optimized | ||
- Many bugfixes | ||
|
||
Version 1.3 (11 July 2013) | ||
- Add licence GNU GPL v3 | ||
- New output directories | ||
|
||
Version 1.2 (June 2013) | ||
- New algorythm for finding databases | ||
- Fixed bug who prevents starting adb | ||
- Download librairies | ||
|
||
Version 1.1 (April 2013) | ||
- Get APK on sd card | ||
- Add Find option | ||
- New algorithm to get the apk's link | ||
|
||
Version 1.0 (March 2013 - Initial Release) | ||
- Get APK (only on phone memory) | ||
- Get Datas (only on phone memory) | ||
- Get Databases (only in the "databases" directory, and with the .db extension) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
Version 2.1 (9 May 2014) | ||
- Get application's logs (possibility to choose keywords) | ||
- Generation of manifest file | ||
- Get files permissions | ||
- Get memory heap dump | ||
- Get pkg.odex file | ||
- You can choose exactly what you want extract | ||
- pkg.apk is now named package_name.apk when pulled from external storage | ||
- More informations when not in verbose mode | ||
- real README | ||
- minor bugs | ||
|
||
Version 2.0 (12 September 2013) | ||
- New version rewritten in Python | ||
- You can now extract serveral packages | ||
- When you search a package, you can select the packages you want extract | ||
- Redesigned options | ||
- Possibility of selectionning the device to work with | ||
- Check if a device is connected | ||
- Verify if package exist | ||
- More than one save are allowed | ||
- External SD directory finder optimized | ||
- Many bugfixes | ||
|
||
Version 1.3 (11 July 2013) | ||
- Add licence GNU GPL v3 | ||
- New output directories | ||
|
||
Version 1.2 (June 2013) | ||
- New algorythm for finding databases | ||
- Fixed bug who prevents starting adb | ||
- Download librairies | ||
|
||
Version 1.1 (April 2013) | ||
- Get APK on sd card | ||
- Add Find option | ||
- New algorithm to get the apk's link | ||
|
||
Version 1.0 (March 2013 - Initial Release) | ||
- Get APK (only on phone memory) | ||
- Get Datas (only on phone memory) | ||
- Get Databases (only in the "databases" directory, and with the .db extension) |
Oops, something went wrong.