version 2.1

.gitignore

@@ -0,0 +1,3 @@
+*.pyc
+*.pyo
+*.py~

README.md

@@ -1,2 +1,73 @@
-Androick
-========
+# Androick
+
+Androick is a python tool to help in forensics analysis on android.
+Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs.
+It is easy to use and avoid all repetitives tasks !
+
+
+## Installation
+Simply clone this git repository
+
+### Dependencies
+
+#### Python
+-	python >= 2.6
+-	[Python-magic](https://github.com/ahupp/python-magic/)
+
+#### SDK
+-	aapt
+-	adb
+-	hprof-conv
+
+#### Others
+-	a rooted device
+-	sqlite3	
+
+## How to use
+	1) show help message
+		./androick.py -h
+
+	2) show informations
+		./androick.py -a
+
+	3) select device to use
+		./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+		./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	4) find package name
+		./androick.py [-v] -f <Part of package name>
+
+	5) download all related things of application
+		./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	6) select only things you want extract
+		./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] [-m --memory-dump]  [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	7) how to use option --keyLogs
+			--keyLogs="key1,key2,key3"
+		if more than one package
+			--keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3"
+		
+		Example :
+			./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player
+
+	/!\ The memory dump option will mostly not works with production builds
+
+## Author
+Written by Florian Pradines (Phonesec), this tool is a referenced OWASP Android security project since 2013.
+
+You can contact me via my [website](http://florianpradines.com)
+
+## Licence
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.

README.md~

@@ -0,0 +1,73 @@
+# Androick
+
+Androick is a python tool to help in forensics analysis on android.
+Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs.
+It is easy to use and avoid all repetitives tasks !
+
+
+## Installation
+Simply clone this git repository
+
+### Dependencies
+
+#### Python
+-	python >= 2.6
+-	[Python-magic](https://github.com/ahupp/python-magic/)
+
+#### SDK
+-	aapt
+-	adb
+-	hprof-conv
+
+#### Others
+-	a rooted device
+-	sqlite3	
+
+## How to use
+	1) show help message
+		./androick.py -h
+
+	2) show informations
+		./androick.py -a
+
+	3) select device to use
+		./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+		./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	4) find package name
+		./androick.py [-v] -f <Part of package name>
+
+	5) download all related things of application
+		./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	6) select only things you want extract
+		./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] [-m --memory-dump]  [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
+
+	7) how to use option --keyLogs
+			--keyLogs="key1,key2,key3"
+		if more than one package
+			--keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3"
+
+		Example :
+			./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player
+
+	/!\ The memory dump option will mostly not works with production builds
+
+## Author
+Written by Florian Pradines (Phonesec), this tool is a referenced OWASP Android security project since 2013.
+
+You can contact me via my [website](http://florianpradines.com)
+
+## Licence
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.

androick.py

@@ -0,0 +1,158 @@
+#!/usr/bin/python
+# -*- coding: utf8 -*-
+
+#<Androick - OWASP Android Project : Forensic analysis helper>
+#Copyright (C) <2013 - 2014>  <Florian Pradines>
+
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from subprocess import Popen, PIPE, STDOUT
+import getopt
+import sys
+
+from general import *
+from device import *
+from package import *
+
+
+def main():
+	try:
+		opts, args = getopt.getopt(sys.argv[1:], "ahvAdslmpMD:f:", ["about", "help", "verbose", "all", "datas", "sql", "logs", "manifest", "permissions", "memory-dump" "keyLogs=", "device=", "find="])
+	except getopt.GetoptError, err:
+		print err
+		help()
+		sys.exit(2)
+
+	device 		= ""
+	find 		= False
+	verbose 	= False
+	datas 		= False
+	sql 		= False
+	logs 		= False
+	manifest 	= False
+	permissions = False
+	memoryDump 	= False
+	keyLogs 	= []
+
+	#Parse options
+	for opt, arg in opts:
+		if opt in ("-a", "--about"):
+			about()
+			sys.exit()
+		elif opt in ("-h", "--help"):
+			help()
+			sys.exit()
+		elif opt in ("-v", "--verbose"):
+			verbose = True
+		elif opt in ("-A", "--all"):
+			datas 		= True
+			sql 		= True
+			logs 		= True
+			manifest 	= True
+			permissions = True
+			memoryDump = True
+		elif opt in ("-d", "--datas"):
+			datas = True
+		elif opt in ("-s", "--sql"):
+			sql = True
+		elif opt in ("-l", "--logs"):
+			logs = True
+		elif opt in ("--keyLogs"):
+			if len(arg) is 0:
+				help()
+				sys.exit()
+			keyLogs = arg.split("|")
+		elif opt in ("-m", "--manifest"):
+			manifest = True
+		elif opt in ("-p", "--permissions"):
+			permissions = True
+		elif opt in ("-M", "--memory-dump"):
+			memoryDump = True
+		elif opt in ("-D", "--device"):
+			device = "-s "+ arg
+		elif opt in ("-f", "--find"):
+			find = arg
+
+	if len(args) == 0 and find is False:
+		print "Error : no arguments given"
+		help()
+		sys.exit(2)
+
+	if not datas and sql:
+		print "Error : option -s (--sql) must be used with -d (--datas)"
+		help()
+		sys.exit(2)
+
+	if not logs and keyLogs:
+		print "Error : option --keyLogs must be used with -l (--logs)"
+		help()
+		sys.exit(2)
+
+	#start adb server
+	if verbose:
+		print "Starting adb server..."
+	process = Popen(["adb", "start-server"], stderr=STDOUT, stdout=PIPE)
+	if verbose:
+		printVerbose (process)
+	else:
+		process.communicate()
+
+	#validate given device (if given)
+	if device != "" and not issetDevice (device):
+		print "Device not found"
+		sys.exit(2)
+
+	#find package if asked
+	if find:
+		package = Package(find, device)
+		result = package.find()
+		if not result:
+			print "no packages found with this name"
+			sys.exit()
+		else:
+			print "packages found with this name : "
+			i = 1
+			for package in result:
+				print str(i) +") "+ package
+				i += 1
+
+			choices = raw_input("Which packages do you want extract. Ex: 1 3 6 (type 0 to quit) : ").split()
+			if choices[0] is "0":
+				sys.exit(0)
+
+			args = []
+			for choice in map(int,choices):
+				if choice < 1 or choice > len(result):
+					print str(choice) +" is not a good value"
+				else:
+					args.append(result[choice - 1])
+
+	#parse & extract packages
+	i = 0
+	for arg in args:
+		package = Package(arg, device)
+
+		if len(keyLogs) > i:
+			key = keyLogs[i].split(",")
+			key.append(arg)
+		elif logs:
+			key = [arg]
+		else:
+			key = []
+
+		package.extract(verbose, datas, sql, key, manifest, permissions, memoryDump)
+		i += 1
+
+if __name__ == "__main__":
+	main ()

changelog

@@ -0,0 +1,42 @@
+Version 2.1 (16 May 2014)
+- Get application's logs (possibility to choose keywords)
+- Generation of manifest file
+- Get files permissions
+- Get memory heap dump
+- Get pkg.odex file
+- You can choose exactly what you want extract
+- pkg.apk is now named package_name.apk when pulled from external storage
+- More informations when not in verbose mode
+- real README
+- minor bugs
+
+Version 2.0 (12 September 2013)
+- New version rewritten in Python
+- You can now extract serveral packages
+- When you search a package, you can select the packages you want extract
+- Redesigned options
+- Possibility of selectionning the device to work with
+- Check if a device is connected
+- Verify if package exist
+- More than one save are allowed
+- External SD directory finder optimized
+- Many bugfixes
+
+Version 1.3 (11 July 2013)
+- Add licence GNU GPL v3
+- New output directories
+
+Version 1.2 (June 2013)
+- New algorythm for finding databases
+- Fixed bug who prevents starting adb
+- Download librairies
+
+Version 1.1 (April 2013)
+- Get APK on sd card
+- Add Find option
+- New algorithm to get the apk's link
+
+Version 1.0 (March 2013 - Initial Release)
+- Get APK (only on phone memory)
+- Get Datas (only on phone memory)
+- Get Databases (only in the "databases" directory, and with the .db extension)

changelog~

@@ -0,0 +1,42 @@
+Version 2.1 (9 May 2014)
+- Get application's logs (possibility to choose keywords)
+- Generation of manifest file
+- Get files permissions
+- Get memory heap dump
+- Get pkg.odex file
+- You can choose exactly what you want extract
+- pkg.apk is now named package_name.apk when pulled from external storage
+- More informations when not in verbose mode
+- real README
+- minor bugs
+
+Version 2.0 (12 September 2013)
+- New version rewritten in Python
+- You can now extract serveral packages
+- When you search a package, you can select the packages you want extract
+- Redesigned options
+- Possibility of selectionning the device to work with
+- Check if a device is connected
+- Verify if package exist
+- More than one save are allowed
+- External SD directory finder optimized
+- Many bugfixes
+
+Version 1.3 (11 July 2013)
+- Add licence GNU GPL v3
+- New output directories
+
+Version 1.2 (June 2013)
+- New algorythm for finding databases
+- Fixed bug who prevents starting adb
+- Download librairies
+
+Version 1.1 (April 2013)
+- Get APK on sd card
+- Add Find option
+- New algorithm to get the apk's link
+
+Version 1.0 (March 2013 - Initial Release)
+- Get APK (only on phone memory)
+- Get Datas (only on phone memory)
+- Get Databases (only in the "databases" directory, and with the .db extension)