Permalink
Browse files

parsed smali files into tree structure

  • Loading branch information...
0 parents commit 2c51cfe8c08f2b1082e7eea3e1614feb32bacc69 @kelwin committed Jul 2, 2012
Showing with 42,696 additions and 0 deletions.
  1. 0 README
  2. 0 androguard/__init__.py
  3. BIN androguard/__init__.pyc
  4. 0 androguard/core/__init__.py
  5. BIN androguard/core/__init__.pyc
  6. 0 androguard/core/analysis/__init__.py
  7. BIN androguard/core/analysis/__init__.pyc
  8. +2,272 −0 androguard/core/analysis/analysis.py
  9. BIN androguard/core/analysis/analysis.pyc
  10. +446 −0 androguard/core/analysis/ganalysis.py
  11. +880 −0 androguard/core/analysis/risk.py
  12. +391 −0 androguard/core/analysis/sign.py
  13. BIN androguard/core/analysis/sign.pyc
  14. +222 −0 androguard/core/androconf.py
  15. BIN androguard/core/androconf.pyc
  16. +267 −0 androguard/core/androgen.py
  17. BIN androguard/core/androgen.pyc
  18. 0 androguard/core/binaries/__init__.py
  19. +107 −0 androguard/core/binaries/elf.py
  20. +212 −0 androguard/core/binaries/idapipe.py
  21. +162 −0 androguard/core/binaries/idawrapper.py
  22. +462 −0 androguard/core/bytecode.py
  23. BIN androguard/core/bytecode.pyc
  24. 0 androguard/core/bytecodes/__init__.py
  25. BIN androguard/core/bytecodes/__init__.pyc
  26. +4,379 −0 androguard/core/bytecodes/api_permissions.py
  27. BIN androguard/core/bytecodes/api_permissions.pyc
  28. +966 −0 androguard/core/bytecodes/apk.py
  29. BIN androguard/core/bytecodes/apk.pyc
  30. +67 −0 androguard/core/bytecodes/arm.py
  31. +4,313 −0 androguard/core/bytecodes/dvm.py
  32. BIN androguard/core/bytecodes/dvm.pyc
  33. +176 −0 androguard/core/bytecodes/dvm_permissions.py
  34. BIN androguard/core/bytecodes/dvm_permissions.pyc
  35. +3,446 −0 androguard/core/bytecodes/jvm.py
  36. BIN androguard/core/bytecodes/jvm.pyc
  37. +138 −0 androguard/core/bytecodes/jvm_generate.py
  38. +33 −0 androguard/core/bytecodes/libdvm/Makefile
  39. 0 androguard/core/bytecodes/libdvm/__init__.py
  40. +99 −0 androguard/core/bytecodes/libdvm/buff.cc
  41. +69 −0 androguard/core/bytecodes/libdvm/buff.h
  42. +1,886 −0 androguard/core/bytecodes/libdvm/dvm.cc
  43. +302 −0 androguard/core/bytecodes/libdvm/dvm.h
  44. +69 −0 androguard/core/bytecodes/libdvm/test_dvm.py
  45. 0 androguard/core/data/__init__.py
  46. +396 −0 androguard/core/data/data.py
  47. 0 androguard/core/debugger/__init__.py
  48. 0 androguard/decompiler/__init__.py
  49. +286 −0 androguard/decompiler/decompiler.py
  50. +9 −0 apkil/__init__.py
  51. BIN apkil/__init__.pyc
  52. +2 −0 apkil/apk.py
  53. +24 −0 apkil/logger.py
  54. BIN apkil/logger.pyc
  55. +352 −0 apkil/smali.py
  56. BIN apkil/smali.pyc
  57. BIN examples/HelloChinese.apk
  58. BIN examples/HelloChinese.dex
  59. BIN examples/HelloChinese.zip
  60. +64 −0 examples/HelloChinese/org/honeynet/test/HelloWorldActivity.smali
  61. +24 −0 examples/HelloChinese/org/honeynet/test/R$attr.smali
  62. +28 −0 examples/HelloChinese/org/honeynet/test/R$drawable.smali
  63. +28 −0 examples/HelloChinese/org/honeynet/test/R$id.smali
  64. +28 −0 examples/HelloChinese/org/honeynet/test/R$layout.smali
  65. +30 −0 examples/HelloChinese/org/honeynet/test/R$string.smali
  66. +25 −0 examples/HelloChinese/org/honeynet/test/R.smali
  67. BIN examples/classes.dex
  68. BIN examples/new.apk
  69. +34 −0 examples/new/org/honeynet/test/HelloWorldActivity.smali
  70. +7 −0 examples/new/org/honeynet/test/R$attr.smali
  71. +8 −0 examples/new/org/honeynet/test/R$drawable.smali
  72. +8 −0 examples/new/org/honeynet/test/R$id.smali
  73. +8 −0 examples/new/org/honeynet/test/R$layout.smali
  74. +9 −0 examples/new/org/honeynet/test/R$string.smali
  75. +7 −0 examples/new/org/honeynet/test/R.smali
  76. +868 −0 ref/RBTree/RBTree.py
  77. +42 −0 ref/RBTree/README
  78. +331 −0 ref/RBTree/s_rbt.txt
  79. +28 −0 ref/blist-1.3.4/LICENSE
  80. +15 −0 ref/blist-1.3.4/MANIFEST.in
  81. +202 −0 ref/blist-1.3.4/PKG-INFO
  82. +179 −0 ref/blist-1.3.4/README.rst
  83. +7,684 −0 ref/blist-1.3.4/_blist.c
  84. +92 −0 ref/blist-1.3.4/_btuple.py
  85. +142 −0 ref/blist-1.3.4/_sorteddict.py
  86. +647 −0 ref/blist-1.3.4/_sortedlist.py
  87. +202 −0 ref/blist-1.3.4/blist.egg-info/PKG-INFO
  88. +30 −0 ref/blist-1.3.4/blist.egg-info/SOURCES.txt
  89. +1 −0 ref/blist-1.3.4/blist.egg-info/dependency_links.txt
  90. +1 −0 ref/blist-1.3.4/blist.egg-info/not-zip-safe
  91. +5 −0 ref/blist-1.3.4/blist.egg-info/top_level.txt
  92. +248 −0 ref/blist-1.3.4/blist.h
  93. +8 −0 ref/blist-1.3.4/blist.py
  94. +481 −0 ref/blist-1.3.4/distribute_setup.py
  95. +2,116 −0 ref/blist-1.3.4/prototype/blist.py
  96. +5 −0 ref/blist-1.3.4/setup.cfg
  97. +46 −0 ref/blist-1.3.4/setup.py
  98. +340 −0 ref/blist-1.3.4/speed_test.py
  99. 0 ref/blist-1.3.4/test/__init__.py
  100. +161 −0 ref/blist-1.3.4/test/btuple_tests.py
  101. +558 −0 ref/blist-1.3.4/test/list_tests.py
  102. +678 −0 ref/blist-1.3.4/test/mapping_tests.py
  103. +332 −0 ref/blist-1.3.4/test/seq_tests.py
  104. +81 −0 ref/blist-1.3.4/test/sorteddict_tests.py
  105. +614 −0 ref/blist-1.3.4/test/sortedlist_tests.py
  106. +39 −0 ref/blist-1.3.4/test/test_list.py
  107. +1,536 −0 ref/blist-1.3.4/test/test_set.py
  108. +415 −0 ref/blist-1.3.4/test/test_support.py
  109. +840 −0 ref/blist-1.3.4/test/unittest.py
  110. +368 −0 ref/blist-1.3.4/test_blist.py
  111. +582 −0 ref/btree.py
  112. +38 −0 test.py
0 README
No changes.
No changes.
Binary file not shown.
No changes.
Binary file not shown.
No changes.
Binary file not shown.

Large diffs are not rendered by default.

Oops, something went wrong.
Binary file not shown.

Large diffs are not rendered by default.

Oops, something went wrong.

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,391 @@
+# This file is part of Androguard.
+#
+# Copyright (C) 2012, Anthony Desnos <desnos at t0t0.fr>
+# All rights reserved.
+#
+# Androguard is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Androguard is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with Androguard. If not, see <http://www.gnu.org/licenses/>.
+
+
+from androguard.core.analysis.analysis import TAINTED_PACKAGE_CREATE, TAINTED_PACKAGE_CALL
+from androguard.core.bytecodes import dvm
+
+TAINTED_PACKAGE_INTERNAL_CALL = 2
+FIELD_ACCESS = { "R" : 0, "W" : 1 }
+PACKAGE_ACCESS = { TAINTED_PACKAGE_CREATE : 0, TAINTED_PACKAGE_CALL : 1, TAINTED_PACKAGE_INTERNAL_CALL : 2 }
+class Sign :
+ def __init__(self) :
+ self.levels = {}
+ self.hlevels = []
+
+ def add(self, level, value) :
+ self.levels[ level ] = value
+ self.hlevels.append( level )
+
+ def get_level(self, l) :
+ return self.levels[ "L%d" % l ]
+
+ def get_string(self) :
+ buff = ""
+ for i in self.hlevels :
+ buff += self.levels[ i ]
+ return buff
+
+ def get_list(self) :
+ return self.levels[ "sequencebb" ]
+
+class Signature :
+ def __init__(self, tainted_information) :
+ self.__tainted = tainted_information
+
+ self._cached_signatures = {}
+ self._cached_fields = {}
+ self._cached_packages = {}
+
+ self._global_cached = {}
+
+ self.levels = {
+ # Classical method signature with basic blocks, strings, fields, packages
+ "L0" : {
+ 0 : ( "_get_strings_a", "_get_fields_a", "_get_packages_a" ),
+ 1 : ( "_get_strings_pa", "_get_fields_a", "_get_packages_a" ),
+ 2 : ( "_get_strings_a", "_get_fields_a", "_get_packages_pa_1" ),
+ 3 : ( "_get_strings_a", "_get_fields_a", "_get_packages_pa_2" ),
+ },
+
+ # strings
+ "L1" : [ "_get_strings_a1" ],
+
+ # exceptions
+ "L2" : [ "_get_exceptions" ],
+
+ # fill array data
+ "L3" : [ "_get_fill_array_data" ],
+ }
+
+ self.classes_names = None
+ self._init_caches()
+
+ def _get_sequence_bb(self, analysis_method) :
+ l = []
+
+ for i in analysis_method.basic_blocks.get() :
+ buff = ""
+ if len(i.get_ins()) > 5 :
+ for ins in i.get_ins() :
+ buff += ins.get_name()
+ if buff != "" :
+ l.append( buff )
+
+ return l
+
+ def _get_sequence_bb2(self, analysis_method) :
+ l = []
+
+ buff = ""
+ nb = 0
+ for i in analysis_method.basic_blocks.get() :
+ if nb == 0 :
+ buff = ""
+
+ for ins in i.get_ins() :
+ buff += ins.get_name()
+ nb += 1
+
+ if nb > 5 :
+ l.append( buff )
+ nb = 0
+
+ if nb != 0 :
+ l.append( buff )
+
+ return l
+
+ def _get_hex(self, analysis_method) :
+ code = analysis_method.get_method().get_code()
+ if code == None :
+ return ""
+
+ buff = ""
+ for i in code.get_bc().get() :
+ buff += dvm.clean_name_instruction( i )
+ buff += dvm.static_operand_instruction( i )
+
+ return buff
+
+ def _get_bb(self, analysis_method, functions, options) :
+ bbs = []
+ for b in analysis_method.basic_blocks.get() :
+ l = []
+ l.append( (b.start, "B") )
+ l.append( (b.start, "[") )
+
+ internal = []
+
+ op_value = b.get_last().get_op_value()
+
+ # return
+ if op_value >= 0x0e and op_value <= 0x11 :
+ internal.append( (b.end-1, "R") )
+
+ # if
+ elif op_value >= 0x32 and op_value <= 0x3d :
+ internal.append( (b.end-1, "I") )
+
+ # goto
+ elif op_value >= 0x28 and op_value <= 0x2a :
+ internal.append( (b.end-1, "G") )
+
+ # sparse or packed switch
+ elif op_value >= 0x2b and op_value <= 0x2c :
+ internal.append( (b.end-1, "G") )
+
+
+ for f in functions :
+ try :
+ internal.extend( getattr( self, f )( analysis_method, options ) )
+ except TypeError :
+ internal.extend( getattr( self, f )( analysis_method ) )
+
+ internal.sort()
+
+ for i in internal :
+ if i[0] >= b.start and i[0] < b.end :
+ l.append( i )
+
+ del internal
+
+ l.append( (b.end, "]") )
+
+ bbs.append( ''.join(i[1] for i in l) )
+ return bbs
+
+ def _init_caches(self) :
+ if self._cached_fields == {} :
+ for f_t, f in self.__tainted["variables"].get_fields() :
+ self._cached_fields[ f ] = f_t.get_paths_length()
+ n = 0
+ for f in sorted( self._cached_fields ) :
+ self._cached_fields[ f ] = n
+ n += 1
+
+ if self._cached_packages == {} :
+ for m_t, m in self.__tainted["packages"].get_packages() :
+ self._cached_packages[ m ] = m_t.get_paths_length()
+ n = 0
+ for m in sorted( self._cached_packages ) :
+ self._cached_packages[ m ] = n
+ n += 1
+
+ def _get_fill_array_data(self, analysis_method) :
+ buff = ""
+ for b in analysis_method.basic_blocks.get() :
+ for i in b.ins :
+ if i.get_name() == "FILL-ARRAY-DATA" :
+ buff_tmp = i.get_operands()
+ for j in range(0, len(buff_tmp)) :
+ buff += "\\x%02x" % ord( buff_tmp[j] )
+ return buff
+
+ def _get_exceptions(self, analysis_method) :
+ buff = ""
+
+ method = analysis_method.get_method()
+ code = method.get_code()
+ if code == None or code.get_tries_size() <= 0 :
+ return buff
+
+ handler_catch_list = code.get_handlers()
+
+ for handler_catch in handler_catch_list.get_list() :
+ for handler in handler_catch.get_handlers() :
+ buff += analysis_method.get_vm().get_cm_type( handler.get_type_idx() )
+ return buff
+
+ def _get_strings_a1(self, analysis_method) :
+ buff = ""
+
+ strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
+ for s in strings_method :
+ for path in strings_method[s] :
+ buff += s.replace('\n', ' ')
+ return buff
+
+ def _get_strings_pa(self, analysis_method) :
+ l = []
+
+ strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
+ for s in strings_method :
+ for path in strings_method[s] :
+ l.append( (path.get_bb().start + path.get_idx(), "S%d" % len(s) ) )
+ return l
+
+
+ def _get_strings_a(self, analysis_method) :
+ key = "SA-%s" % analysis_method
+ if key in self._global_cached :
+ return self._global_cached[ key ]
+
+ l = []
+
+ strings_method = self.__tainted["variables"].get_strings_by_method( analysis_method.get_method() )
+ for s in strings_method :
+ for path in strings_method[s] :
+ l.append( (path.get_bb().start + path.get_idx(), "S") )
+
+ self._global_cached[ key ] = l
+ return l
+
+ def _get_fields_a(self, analysis_method) :
+ key = "FA-%s" % analysis_method
+ if key in self._global_cached :
+ return self._global_cached[ key ]
+
+ fields_method = self.__tainted["variables"].get_fields_by_method( analysis_method.get_method() )
+
+ l = []
+
+ for f in fields_method :
+ for path in fields_method[ f ] :
+ #print (path.get_bb().start + path.get_idx(), "F%d" % FIELD_ACCESS[ path.get_access_flag() ])
+ l.append( (path.get_bb().start + path.get_idx(), "F%d" % FIELD_ACCESS[ path.get_access_flag() ]) )
+
+ self._global_cached[ key ] = l
+ return l
+
+ def _get_packages_a(self, analysis_method) :
+ packages_method = self.__tainted["packages"].get_packages_by_method( analysis_method.get_method() )
+
+ l = []
+
+ for m in packages_method :
+ for path in packages_method[ m ] :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s" % (PACKAGE_ACCESS[ path.get_access_flag() ]) ) )
+ return l
+
+ def _get_packages(self, analysis_method, include_packages) :
+ l = self._get_packages_pa_1( analysis_method, include_packages )
+ return "".join([ i[1] for i in l ])
+
+ def _get_packages_pa_1(self, analysis_method, include_packages) :
+ key = "PA1-%s-%s" % (analysis_method, include_packages)
+ if key in self._global_cached :
+ return self._global_cached[ key ]
+
+ packages_method = self.__tainted["packages"].get_packages_by_method( analysis_method.get_method() )
+ if self.classes_names == None :
+ self.classes_names = analysis_method.get_vm().get_classes_names()
+
+ l = []
+
+
+ for m in packages_method :
+ for path in packages_method[ m ] :
+ present = False
+ for i in include_packages :
+ if m.find(i) == 0 :
+ present = True
+ break
+
+ if path.get_access_flag() == 1 :
+ if path.get_class_name() in self.classes_names :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s" % (PACKAGE_ACCESS[ 2 ]) ) )
+ else :
+ if present == True :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s{%s%s%s}" % (PACKAGE_ACCESS[ path.get_access_flag() ], path.get_class_name(), path.get_name(), path.get_descriptor()) ) )
+ else :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s" % (PACKAGE_ACCESS[ path.get_access_flag() ]) ) )
+ else :
+ if present == True :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s{%s}" % (PACKAGE_ACCESS[ path.get_access_flag() ], m) ) )
+ else :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s" % (PACKAGE_ACCESS[ path.get_access_flag() ]) ) )
+
+ self._global_cached[ key ] = l
+ return l
+
+ def _get_packages_pa_2(self, analysis_method, include_packages) :
+ packages_method = self.__tainted["packages"].get_packages_by_method( analysis_method.get_method() )
+
+ l = []
+
+ for m in packages_method :
+ for path in packages_method[ m ] :
+ present = False
+ for i in include_packages :
+ if m.find(i) == 0 :
+ present = True
+ break
+
+ if present == True :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s" % (PACKAGE_ACCESS[ path.get_access_flag() ]) ) )
+ continue
+
+
+ if path.get_access_flag() == 1 :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s{%s%s%s}" % (PACKAGE_ACCESS[ path.get_access_flag() ], path.get_class_name(), path.get_name(), path.get_descriptor()) ) )
+ else :
+ l.append( (path.get_bb().start + path.get_idx(), "P%s{%s}" % (PACKAGE_ACCESS[ path.get_access_flag() ], m) ) )
+
+ return l
+
+ def get_method(self, analysis_method, signature_type, signature_arguments={}) :
+ key = "%s-%s-%s" % (analysis_method, signature_type, signature_arguments)
+ if key in self._cached_signatures :
+ return self._cached_signatures[ key ]
+
+ s = Sign()
+
+ #print signature_type, signature_arguments
+ for i in signature_type.split(":") :
+ # print i, signature_arguments[ i ]
+ if i == "L0" :
+ _type = self.levels[ i ][ signature_arguments[ i ][ "type" ] ]
+ try :
+ _arguments = signature_arguments[ i ][ "arguments" ]
+ except KeyError :
+ _arguments = []
+
+ value = self._get_bb( analysis_method, _type, _arguments )
+ s.add( i, ''.join(z for z in value) )
+
+ elif i == "L4" :
+ try :
+ _arguments = signature_arguments[ i ][ "arguments" ]
+ except KeyError :
+ _arguments = []
+
+ value = self._get_packages( analysis_method, _arguments )
+ s.add( i , value )
+
+ elif i == "hex" :
+ value = self._get_hex( analysis_method )
+ s.add( i, value )
+
+ elif i == "sequencebb" :
+ _type = ('_get_strings_a', '_get_fields_a', '_get_packages_pa_1')
+ _arguments = ['Landroid', 'Ljava']
+
+ #value = self._get_bb( analysis_method, _type, _arguments )
+ #s.add( i, value )
+
+ value = self._get_sequence_bb( analysis_method )
+ s.add( i, value )
+
+ else :
+ for f in self.levels[ i ] :
+ value = getattr( self, f )( analysis_method )
+ s.add( i, value )
+
+ self._cached_signatures[ key ] = s
+ return s
Binary file not shown.
Oops, something went wrong.

0 comments on commit 2c51cfe

Please sign in to comment.