updates

README.md

@@ -1,11 +1,13 @@
-![1024x512](https://user-images.githubusercontent.com/37318022/40054882-d783bc50-5878-11e8-9dbd-493404f5169f.png)
+## FROM INDIA, TO THE WORLD :blue_heart:
+
+![Logo](Docs/logo/banner.png)
 
 ---
 
 ![BUILD STATUS](https://travis-ci.org/abhi-r3v0/Adhrit.svg?branch=master)   [![Open Source Love](https://badges.frapsoft.com/os/v2/open-source.svg?v=103)](https://www.github.com/abhi-r3v0/Adhrit)  [![GPL Licence](https://badges.frapsoft.com/os/gpl/gpl.png?v=103)](https://www.github.com/abhi-r3v0/Adhrit)
 
 
-Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent on reversing and basic reconnaissance of Android applications. The project is still under progress and will continually incorporate features with time. Feel free to report the issues. Feature requests and suggestions are always welcome! 
+Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent on reversing and basic reconnaissance of Android applications. The project is still under progress and will continually incorporate features with time. Feel free to report the issues. Feature requests and suggestions are always welcome!
 
 ---
 
@@ -15,15 +17,15 @@ Adhrit is an open source Android APK reversing and analysis tool that can help s
 * Disassembles native libraries
 * Extracts jar out of dex.
 * Extracts source code in Java.
-* Extracts source code in Smali. 
+* Extracts source code in Smali.
 * Recompiles smali into APK
 * Signs the APK
 * Checks for virtual apps/droppers
 * Checks for bytecode injection points and write it to a file.
 * Analyzes permissions used by the application.
 * Dumps the Manifest.
 * Dumps the certificate details.
-* Checks for malware footprints in the VirusTotal database.  
+* Checks for malware footprints in the VirusTotal database.
 
 ---
 
@@ -34,13 +36,19 @@ Adhrit is an open source Android APK reversing and analysis tool that can help s
 
 ---
 
-### USAGE:
+### SETUP
 
 1. Dowload the zip or clone the package and extract the tool ( ```git clone https://github.com/abhi-r3v0/Adhrit.git``` ).
-2. Place the application in the tool directory. 
+2. Open ```config``` and input your VirusTotal API key without any quotes. ([Click here to know how to obtain your VT API key](https://community.mcafee.com/t5/Documents/How-to-get-a-VirusTotal-public-API-Key/ta-p/552797))
 3. Open a terminal and cd into the directory.
 4. Run ```python installer.py``` for installing the necessary tools.
-5. Use ```python adhrit.py -h``` for usage help.
+
+---
+
+### USAGE:
+
+1. Place the application (apk file) in the tool directory.
+2. Use ```python adhrit.py -h``` for usage help.
 
 Example:  ```python adhrit.py -a my_app.apk```
 
@@ -70,7 +78,7 @@ Example:  ```python adhrit.py -a my_app.apk```
 
 ### PRESENTATION:
 
-[Cysinfo](https://cysinfo.com/12th-meetup-analysis-android-apk-using-adhrit/)
+[Cysinfo Cyber Security Meetup](https://cysinfo.com/12th-meetup-analysis-android-apk-using-adhrit/)
 
 ---
 
@@ -80,26 +88,6 @@ Example:  ```python adhrit.py -a my_app.apk```
 
 ---
 
-## CONTRIBUTING:
-
-* Have any cool idea? Here's how you can implement it:
-
-1. Create a ```module_name.py``` and place it in the ```recons``` directory.
-2. Define a class with a relevant name and define a function that takes```apk_name``` as a parameter. [eg: ```my_func(apk_name)```]
-3. Open ```adhrit.py``` and import the new class from recons. You can look at the already existing imports as an example.
-4. Define a new function inside the class ```Adhrit``` in this format: ```my_new_func(self, apk_name)```. Call the imported function here. [eg: ```my_func(apk_name)```]
-5. Create a new argument in the argument parser for the new included ```my_new_func```
-6. Call the function with the argument.
-
-Voila! Send us a PR. We'll review it and add it to the project.
-
-#### THINGS TO REMEMBER:
-
-* Follow the pep8 conventions.
-* Comment wherever necessary.
-
----
-
 ## THE SQUAD:
 
 #### PROJECT LEAD:
@@ -165,6 +153,6 @@ For example, if your file name is ```my.app.apk```, rename it to ```myapp.apk```
 
 ---
 
-## From India, to the world :blue_heart:
+
 
 

adhrit.py

@@ -109,7 +109,6 @@ def main():
         adhrit.vappsearch(args.a)
         adhrit.smaliextractor(args.a)
         adhrit.smali_inj(args.a)
-        adhrit.nativedebug(args.a)
 
     elif args.r:
         adhrit.apkripper(args.r)

config

@@ -0,0 +1,5 @@
+[config-data]
+
+vt_api_key =
+emulator_path =
+

recons/smali_extract.py

@@ -10,7 +10,7 @@ def smali_de(apk_name):
     print "[+] SOURCE EXTRATION IN SMALI"
     print "----------------------------------------------------"
     snamesplit = apk_name.split('.')[0]
-    SmaliCmd = 'java -jar tools/apktool.jar d -f ' + apk_name + ' -o apk/' + snamesplit
+    SmaliCmd = 'java -jar tools/apktool.jar d -f ' + apk_name
     os.system(SmaliCmd)
     if os.path.isdir(snamesplit):
         print "\n\t[+] Extraction complete."
@@ -35,7 +35,7 @@ def apk_sign(apk_name):
     print "[+] SIGNING APK"
     print "------------------------------------------------"
     snamesplit = apk_name.split('.')[0]
-    sdir = 'apk/' + snamesplit + '/' + snamesplit + '/dist/' + snamesplit + '.apk'
+    sdir = snamesplit + '/dist/' + snamesplit + '.apk'
     if os.path.exists(sdir):
         signCmd = 'java -jar tools/sign.jar ' + snamesplit + '/dist/' + snamesplit + '.apk'
         os.system(signCmd)
@@ -58,7 +58,7 @@ def inj_check(apk_name):
     smali_dir = 'smali'
     if os.path.isdir('smali_copy'):
         os.system('rm -r smali_copy')
-    os.system('cp -R ' + 'apk/' + snamesplit + '/' + smali_dir + ' smali_copy')
+    os.system('cp -R ' + snamesplit + '/' + smali_dir + ' smali_copy')
     if os.path.isdir('smali_copy'):
         os.chdir('smali_copy')
         ignore_dirs = ['android', 'org', 'google', 'localytics']

recons/virustotal.py

@@ -1,11 +1,17 @@
 # !/usr/bin/env python
 
+import ConfigParser
 import requests
 import hashlib
 from prettytable import PrettyTable
 
 
 def api_check(apk_name):
+    config = ConfigParser.ConfigParser()
+    config.readfp((open(r'config')))
+
+    vt_apikey = config.get('config-data', 'vt_api_key')
+
     print "\n"
     print "--------------------------------------------------"
     print "[+] SCANNING FOR MALWARE TRACE"
@@ -19,28 +25,33 @@ def api_check(apk_name):
             msum.update(chunk)
     md5digest = msum.hexdigest()
 
-    parameters = {'apikey': '099d11fe87377f9c8cfe0ae00b5c40fd04f7d4c425972cf09e4cd47d82a0c6df', 'resource': md5digest}
+    parameters = {'apikey': vt_apikey, 'resource': md5digest}
     header = {
         "Accepted-Encoding": "gzip, deflate",
         "User-Agent": "gzip, Test"
     }
 
-    response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',
+    try:
+        response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',
                             params=parameters, headers=header)
-    json_response = response.json()
-    if json_response['response_code'] == 0:
-        print "\t[!] Error Getting Details. Aborting\n"
-        return
-    if json_response['positives'] > 0:
-        print "\n\t[+] Positives Found: " + str(json_response['positives'])
-        pos = 1
-        for engine, det in json_response['scans'].iteritems():
-            if det["detected"]:
-                t.add_row([engine, det["result"]])
-    else:
-        print "\n[-] No Positives Found"
+        json_response = response.json()
+
+        if json_response['response_code'] == 0:
+            print "\t[!] Error Getting Details. Aborting\n"
+            return
+        if json_response['positives'] > 0:
+            print "\n\t[+] Positives Found: " + str(json_response['positives'])
+            pos = 1
+            for engine, det in json_response['scans'].iteritems():
+                if det["detected"]:
+                    t.add_row([engine, det["result"]])
+        else:
+            print "\n[-] No Positives Found"
+
+    except:
+        print "\n Error connecting to VirusTotal"
 
     if pos == 1:
         print t
 
-    print "\n"
+    print "\n"

tools/JarConverter.sh

@@ -45,5 +45,7 @@ else
     done
 fi
 
+# call d2j_invoke.sh to setup java environment
 #"$PRGDIR/d2j_invoke.sh" "com.googlecode.dex2jar.tools.Dex2jarCmd" "$@"
+
 java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.Dex2jarCmd" "$@"