Merge aea9b32 into 1b8691a

.gitignore

@@ -38,3 +38,7 @@ bower_components/
 .sass-cache/
 cuckoo/web/src/package-lock.json
 *.map
+
+# Android build files
+stuff/android/build
+stuff/android/tmp.*

.travis.yml

@@ -47,8 +47,9 @@ before_install:
         pip install psycopg2 mysql-python m2crypto==0.24.0 weasyprint==0.36
     else
         brew update || brew update
-        brew install libmagic cairo pango mongodb
-        brew services start mongodb
+        brew tap mongodb/brew
+        brew install libmagic cairo pango mongodb-community
+        brew services start mongodb-community
         # The following wasn't required in the past and therefore may become
         # obsolete once again in the future. Let's wait and see.
         wget https://bootstrap.pypa.io/get-pip.py

cuckoo/auxiliary/mitm.py

@@ -34,7 +34,7 @@ def start(self):
                       "man in the middle interception aborted.", script)
             return
 
-        cert_path = cwd("analyzer", "windows", certificate)
+        cert_path = cwd("analyzer", self.machine.platform, certificate)
         if not os.path.exists(cert_path):
             log.error("Mitmdump root certificate not found at path \"%s\" "
                       "(real path \"%s\"), man in the middle interception "

cuckoo/common/abstracts.py

@@ -1142,7 +1142,7 @@ def get_volatility(self, module=None):
 
     def get_apkinfo(self, section=None, default={}):
         """Return the apkinfo results for this analysis."""
-        apkinfo = self.get_results("apkinfo", {})
+        apkinfo = self.get_results("static", {}).get("apkinfo", {})
         return apkinfo if section is None else apkinfo.get(section, default)
 
     def get_droidmon(self, section=None, default={}):

cuckoo/common/config.py

@@ -343,28 +343,24 @@ class Config(object):
             "avd": {
                 "mode": String("headless"),
                 "emulator_path": Path(
-                    "/home/cuckoo/android-sdk-linux/tools/emulator",
+                    "/home/cuckoo/Android/Sdk/emulator/emulator",
                     exists=True, writable=False, readable=True
                 ),
                 "adb_path": Path(
-                    "/home/cuckoo/android-sdk-linux/platform-tools/adb",
+                    "/home/cuckoo/Android/Sdk/platform-tools/adb",
                     exists=True, writable=False, readable=True
                 ),
-                "avd_path": Path(
-                    "/home/cuckoo/.android/avd",
-                    exists=True, writable=False, readable=True
-                ),
-                "reference_machine": String("cuckoo-bird"),
+                "interface": String("cuckoo_avd_br"),
                 "machines": List(String, "cuckoo1"),
             },
             "*": {
                 "__section__": "cuckoo1",
                 "label": String("cuckoo1"),
                 "platform": String("android"),
-                "ip": String("127.0.0.1"),
-                "emulator_port": Int(5554),
-                "resultserver_ip": String("10.0.2.2"),
-                "resultserver_port": Int(2042),
+                "ip": String("10.3.2.2"),
+                "snapshot": String("cuckoo_snapshot"),
+                "resultserver_ip": String(),
+                "resultserver_port": Int(),
                 "osprofile": String(required=False),
             },
             "__star__": ("avd", "machines"),
@@ -534,10 +530,6 @@ class Config(object):
             "analysisinfo": {
                 "enabled": Boolean(True),
             },
-            "apkinfo": {
-                "enabled": Boolean(False),
-                "decompilation_threshold": Int(5000000),
-            },
             "baseline": {
                 "enabled": Boolean(False),
             },

cuckoo/common/objects.py

@@ -277,6 +277,9 @@ def get_imported_functions(self):
     def get_apk_entry(self):
         """Get the entry point for this APK. The entry point is denoted by a
         package and main activity name."""
+        logging.getLogger("androguard.axml").setLevel(logging.WARNING)
+        logging.getLogger("androguard.core.api_specific_resources").setLevel(logging.WARNING)
+
         filetype = self.get_type()
         if "Zip archive data" not in filetype and "Java archive data" not in filetype:
             return "", ""

cuckoo/common/utils.py

@@ -366,3 +366,13 @@ def cmp_version(first, second, op):
     op = op_lookup.get(op)
 
     return op(LooseVersion(first), LooseVersion(second))
+
+def byteify(data):
+    if isinstance(data, unicode):
+        return data.encode('utf-8')
+    elif isinstance(data, list):
+        return [byteify(elem) for elem in data]
+    elif isinstance(data, dict):
+        return {byteify(k): byteify(v) for k, v in data.items()}
+    else:
+        return data

cuckoo/compat/config.py

@@ -724,6 +724,22 @@ def _206_207(c):
     c["reporting"]["misp"]["min_malscore"] = 0
     c["reporting"]["misp"]["tag"] = "Cuckoo"
     c["reporting"]["misp"]["upload_sample"] = False
+    c["avd"] = {
+        "avd": {
+            "mode": "headless",
+            "emulator_path": "/home/cuckoo/Android/Sdk/emulator/emulator",
+            "adb_path": "/home/cuckoo/Android/Sdk/platform-tools/adb",
+            "interface": "cuckoo_avd_br",
+            "machines": ["cuckoo1"],
+        },
+        "cuckoo1": {
+            "label": "cuckoo1",
+            "platform": "android",
+            "ip": "10.3.2.2",
+            "snapshot": "cuckoo_snapshot",
+        },
+    }
+    c["processing"].pop("apkinfo", None)
 
     return c
 

cuckoo/core/guest.py

@@ -380,11 +380,15 @@ def determine_analyzer_path(self):
     def determine_system_drive(self):
         if self.platform == "windows":
             return "%s/" % self.environ["SYSTEMDRIVE"]
+        elif self.platform == "android":
+            return "/data/local"
         return "/"
 
     def determine_temp_path(self):
         if self.platform == "windows":
             return self.environ["TEMP"]
+        elif self.platform == "android":
+            return self.environ["TMPDIR"]
         return "/tmp"
 
     def upload_analyzer(self, monitor):

cuckoo/core/resultserver.py

@@ -34,7 +34,7 @@
 
 # Directories in which analysis-related files will be stored; also acts as
 # whitelist
-RESULT_UPLOADABLE = ("files", "shots", "buffer",  "extracted", "memory")
+RESULT_UPLOADABLE = ("files", "shots", "buffer",  "extracted", "memory", "logs")
 RESULT_DIRECTORIES = RESULT_UPLOADABLE + ("reports", "logs")
 
 # Prevent malicious clients from using potentially dangerous filenames

cuckoo/data/agent/agent.py

@@ -18,16 +18,26 @@
 import traceback
 import zipfile
 
-import SimpleHTTPServer
-import SocketServer
-
-AGENT_VERSION = "0.10"
+python_version = sys.version_info.major
+
+if python_version > 2:
+    import http.server as SimpleHTTPServer
+    import socketserver as SocketServer
+    TextIO = io.StringIO
+    text_type = str
+else:
+    import SimpleHTTPServer
+    import SocketServer
+    TextIO = io.BytesIO
+    text_type = unicode
+
+AGENT_VERSION = "0.11"
 AGENT_FEATURES = [
     "execpy", "pinning", "logs", "largefile", "unicodepath",
 ]
 
-sys.stdout = io.BytesIO()
-sys.stderr = io.BytesIO()
+sys.stdout = TextIO()
+sys.stderr = TextIO()
 
 class MiniHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
     server_version = "Cuckoo Agent"
@@ -67,7 +77,7 @@ def do_POST(self):
                 if value.filename:
                     request.files[key] = value.file
                 else:
-                    request.form[key] = value.value.decode("utf8")
+                    request.form[key] = text_type(value.value)
 
         self.httpd.handle(self)
 
@@ -115,7 +125,7 @@ def handle(self, obj):
         obj.end_headers()
 
         if isinstance(ret, jsonify):
-            obj.wfile.write(ret.json())
+            obj.wfile.write(ret.json().encode())
         elif isinstance(ret, send_file):
             ret.write(obj.wfile)
 
@@ -240,7 +250,7 @@ def do_mkdir():
     if "dirpath" not in request.form:
         return json_error(400, "No dirpath has been provided")
 
-    mode = int(request.form.get("mode", 0777))
+    mode = int(request.form.get("mode", 0o777))
 
     try:
         os.makedirs(request.form["dirpath"], mode=mode)
@@ -349,14 +359,14 @@ def do_execute():
         return json_error(400, "No command has been provided")
 
     # Execute the command asynchronously? As a shell command?
-    async = "async" in request.form
+    _async = "async" in request.form
     shell = "shell" in request.form
 
     cwd = request.form.get("cwd")
     stdout = stderr = None
 
     try:
-        if async:
+        if _async:
             subprocess.Popen(request.form["command"], shell=shell, cwd=cwd)
         else:
             p = subprocess.Popen(
@@ -376,7 +386,7 @@ def do_execpy():
         return json_error(400, "No Python file has been provided")
 
     # Execute the command asynchronously? As a shell command?
-    async = "async" in request.form
+    _async = "async" in request.form
 
     cwd = request.form.get("cwd")
     stdout = stderr = None
@@ -387,7 +397,7 @@ def do_execpy():
     ]
 
     try:
-        if async:
+        if _async:
             subprocess.Popen(args, cwd=cwd)
         else:
             p = subprocess.Popen(args, cwd=cwd,

cuckoo/data/agent/android-agent.sh

@@ -0,0 +1,8 @@
+# Copyright (C) 2019 Cuckoo Foundation.
+# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
+# See the file 'docs/LICENSE' for copying permission.
+
+export TMPDIR=/data/local/tmp
+cd $TMPDIR
+
+nohup usr/bin/python3 agent.py >/dev/null 2>&1 &