Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

report generation improved

  • Loading branch information...
commit 6fd34c08326f6c49cdec378426f832bf92b52363 1 parent c37609d
maaaaz authored
View
269 Report/com.androwarn.sampleapplication.html
@@ -1,269 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
- <head>
- <meta charset="utf-8">
- <title>Androwarn report</title>
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="description" content="">
- <meta name="author" content="">
-
- <!-- Le styles -->
- <link href="css/bootstrap.css" rel="stylesheet">
- <style type="text/css">
- body {
- padding-top: 60px;
- padding-bottom: 40px;
- }
- .sidebar-nav {
- padding: 9px 0;
- }
- </style>
- <link href="css/bootstrap-responsive.css" rel="stylesheet">
-
- <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
- <!--[if lt IE 9]>
- <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
- <![endif]-->
-
- <!-- Le fav and touch icons -->
- <link rel="shortcut icon" href="ico/favicon.ico">
- <link rel="apple-touch-icon-precomposed" sizes="144x144" href="ico/apple-touch-icon-144-precomposed.png">
- <link rel="apple-touch-icon-precomposed" sizes="114x114" href="ico/apple-touch-icon-114-precomposed.png">
- <link rel="apple-touch-icon-precomposed" sizes="72x72" href="ico/apple-touch-icon-72-precomposed.png">
- <link rel="apple-touch-icon-precomposed" href="ico/apple-touch-icon-57-precomposed.png">
- </head>
-
- <body>
-
- <div class="navbar navbar-fixed-top">
- <div class="navbar-inner">
- <div class="container-fluid">
- <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- </a>
- <a class="brand">Androwarn Report</a>
- <div class="nav-collapse">
- <ul class="nav">
- <li><a>com.androwarn.sampleapplication</a></li>
- </ul>
- </div><!--/.nav-collapse -->
- </div>
- </div>
- </div>
-
- <div class="container-fluid">
- <div class="row-fluid">
-
- <div class="span3">
- <div class="well sidebar-nav">
- <ul class="nav nav-list">
- <li class="nav-header">Application Information</li>
- <li class="active"><a href="#Application-Name" data-toggle="tab">Application Name</a></li>
- <li><a href="#Application-Version" data-toggle="tab">Application Version</a></li>
- <li><a href="#Package-Name" data-toggle="tab">Package Name</a></li>
- <li><a href="#Description" data-toggle="tab">Description</a></li>
-
-
- <li class="nav-header">Analysis Results</li>
- <li><a href="#Telephony-Identifiers-Leakage" data-toggle="tab">Telephony Identifiers Leakage</a></li>
- <li><a href="#Device-Settings-Harvesting" data-toggle="tab">Device Settings Harvesting</a></li>
- <li><a href="#Physical-Location-Lookup" data-toggle="tab">Physical Location Lookup</a></li>
- <li><a href="#Connection-Interfaces-Exfiltration" data-toggle="tab">Connection Interfaces Exfiltration</a></li>
- <li><a href="#Telephony-Services-Abuse" data-toggle="tab">Telephony Services Abuse</a></li>
- <li><a href="#Audio-Video-Eavesdropping" data-toggle="tab">Audio Video Eavesdropping</a></li>
-
- <li><a href="#PIM-Data-Leakage" data-toggle="tab">PIM Data Leakage</a></li>
- <li><a href="#Code-Execution" data-toggle="tab">Code Execution</a></li>
-
-
-
- <li class="nav-header">APK File</li>
- <li><a href="#APK-File-Name" data-toggle="tab">APK File Name</a></li>
- <li><a href="#SHA1-hash" data-toggle="tab">SHA1 hash</a></li>
- <li><a href="#File-List" data-toggle="tab">File List</a></li>
- <li><a href="#Certificate-Information" data-toggle="tab">Certificate Information</a></li>
-
-
- <li class="nav-header">AndroidManifest.xml</li>
- <li><a href="#Main-Activity" data-toggle="tab">Main Activity</a></li>
- <li><a href="#Activities" data-toggle="tab">Activities</a></li>
-
- <li><a href="#Receivers" data-toggle="tab">Receivers</a></li>
-
- <li><a href="#Permissions" data-toggle="tab">Permissions</a></li>
- <li><a href="#Features" data-toggle="tab">Features</a></li>
-
-
-
- <li class="nav-header">APIs Used</li>
- <li><a href="#Internal-Packages-List" data-toggle="tab">Internal Packages List</a></li>
-
- <li><a href="#External-Packages-List" data-toggle="tab">External Packages List</a></li>
- <li><a href="#Classes-List" data-toggle="tab">Classes List</a></li>
-
- <li><a href="#External-Classes-List" data-toggle="tab">External Classes List</a></li>
-
- </ul>
- </div><!--/.well -->
- </div><!--/span-->
-
- <div class="span9">
- <div class="hero-unit" id="Package_name">
- <div class="tab-content">
-
- <div class="tab-pane active" id="Application-Name">
-<h2>Application Name</h2><h3>N/A</h3></div>
- <div class="tab-pane" id="Application-Version">
-<h2>Application Version</h2>
-<h3>1.0</h3>
-</div>
- <div class="tab-pane" id="Package-Name">
-<h2>Package Name</h2>
-<h3>com.androwarn.sampleapplication</h3>
-</div>
- <div class="tab-pane" id="Description"> N/A
-<h2>Description</h2>
-<h3>N/A</h3>
-</div>
-
-
- <div class="tab-pane" id="Telephony-Identifiers-Leakage">
-<h2>Telephony Identifiers Leakage</h2>
-<h3>This application reads the operator name</h3><h3>This application reads the Cell ID value</h3><h3>This application reads the Location Area Code value</h3><h3>This application reads the numeric name (MCC+MNC) of current registered operator.</h3><h3>This application reads the unique device ID for example, the IMEI for GSM and the MEID or ESN for CDMA phones</h3><h3>This application reads the unique subscriber ID for example, the IMSI for a GSM phone</h3><h3>This application reads the SIM's serial number</h3>
-</div>
- <div class="tab-pane" id="Device-Settings-Harvesting">
-<h2>Device Settings Harvesting</h2>
-<h3>This application reads the software version number for the device, for example, the IMEI/SV for GSM phones</h3><h3>This application reads the phone's current state</h3>
-</div>
- <div class="tab-pane" id="Physical-Location-Lookup">
-<h2>Physical Location Lookup</h2>
-<h3>This application reads location information from available providers</h3>
-</div>
- <div class="tab-pane" id="Connection-Interfaces-Exfiltration">
-<h2>Connection Interfaces Exfiltration</h2>
-<h3>This application reads WiFi credentials</h3>
-</div>
- <div class="tab-pane" id="Telephony-Services-Abuse">
-<h2>Telephony Services Abuse</h2>
-<h3>This application makes phone calls</h3><h3>This application sends an SMS message 'Premium SMS' to the '12345' phone number</h3>
-</div>
- <div class="tab-pane" id="Audio-Video-Eavesdropping">
-<h2>Audio Video Eavesdropping</h2>
-<h3>This application records audio from the 'VOICE_CALL' source </h3><h3>This application captures video from the 'CAMERA' source</h3>
-</div>
-
- <div class="tab-pane" id="PIM-Data-Leakage">
-<h2>PIM Data Leakage</h2>
-<h3>This application reads or edits contact data</h3><h3>This application reads the SMS inbox</h3>
-</div>
- <div class="tab-pane" id="Code-Execution">
-<h2>Code Execution</h2>
-<h3>This application loads a native library: 'nativecode'</h3><h3>This application executes a UNIX command</h3>
-</div>
-
-
-
- <div class="tab-pane" id="APK-File-Name">
-<h2>APK File Name</h2>
-<h3>SampleApplication.apk</h3>
-</div>
- <div class="tab-pane" id="SHA1-hash">
-<h2>SHA1 hash</h2>
-<h3>f99d85a4e877dcc27c889c88a27e833d592baf71</h3>
-</div>
- <div class="tab-pane" id="File-List">
-<h2>File List</h2>
-<h3>META-INF/MANIFEST.MF</h3><h3>META-INF/MAZ.SF</h3><h3>META-INF/MAZ.RSA</h3><h3>META-INF/CERT.SF</h3><h3>META-INF/CERT.RSA</h3><h3>res/layout/main.xml</h3><h3>AndroidManifest.xml</h3><h3>resources.arsc</h3><h3>classes.dex</h3><h3>lib/x86/libnativecode.so</h3><h3>lib/armeabi/libnativecode.so</h3>
-</div>
- <div class="tab-pane" id="Certificate-Information">
-<h2>Certificate Information</h2>
-<h3>Issuer:<br/> C=US, ST=, L=, O=Android,<br/> OU=, CN=Android Debug</h3><h3>Subject:<br/> C=US, ST=, L=, O=Android,<br/> OU=, CN=Android Debug</h3><h3>Serial number: 4F97C24C</h3><h3>SHA-1 thumbprint: 9902B65085B9E16BDA5CFFE1982A00C9F36D7607</h3>
-</div>
-
-
- <div class="tab-pane" id="Main-Activity">
-<h2>Main Activity</h2>
-<h3>com.androwarn.sampleapplication.SampleApplication</h3>
-</div>
- <div class="tab-pane" id="Activities">
-<h2>Activities</h2>
-<h3>com.androwarn.sampleapplication.SampleApplication</h3>
-</div>
-
- <div class="tab-pane" id="Receivers">
-<h2>Receivers</h2>
-<h3>com.androwarn.sampleapplication.BusterReceiver</h3>
-</div>
-
- <div class="tab-pane" id="Permissions">
-<h2>Permissions</h2>
-<h3>android.permission.READ_PHONE_STATE</h3><h3>android.permission.ACCESS_NETWORK_STATE</h3><h3>android.permission.RECORD_AUDIO</h3><h3>android.permission.WRITE_EXTERNAL_STORAGE</h3><h3>android.permission.CALL_PHONE</h3><h3>android.permission.ACCESS_FINE_LOCATION</h3><h3>android.permission.ACCESS_COARSE_LOCATION</h3><h3>android.permission.READ_CONTACTS</h3><h3>android.permission.WRITE_CONTACTS</h3><h3>android.permission.INTERNET</h3><h3>android.permission.RECORD_VIDEO</h3><h3>android.permission.CAMERA</h3><h3>android.permission.RECEIVE_SMS</h3><h3>android.permission.READ_SMS</h3><h3>android.permission.WRITE_SMS</h3><h3>android.permission.SEND_SMS</h3>
-</div>
- <div class="tab-pane" id="Features">
-<h2>Features</h2>
-<h3>android.hardware.telephony</h3>
-</div>
-
-
-
- <div class="tab-pane" id="Internal-Packages-List">
-<h2>Internal Packages List</h2>
-<h3>com.androwarn.sampleapplication</h3>
-</div>
-
- <div class="tab-pane" id="External-Packages-List">
-<h2>External Packages List</h2>
-<h3>com.androwarn.sampleapplication</h3>
-</div>
- <div class="tab-pane" id="Classes-List">
-<h2>Classes List</h2>
-<h3>android.app.Activity</h3><h3>android.content.BroadcastReceiver</h3><h3>android.content.ContentProviderOperation</h3><h3>android.content.ContentResolver</h3><h3>android.content.ContentValues</h3><h3>android.content.Intent</h3><h3>android.content.OperationApplicationException</h3><h3>android.database.Cursor</h3><h3>android.location.Location</h3><h3>android.location.LocationManager</h3><h3>android.media.MediaRecorder</h3><h3>android.net.Uri</h3><h3>android.net.wifi.WifiConfiguration</h3><h3>android.os.Bundle</h3><h3>android.os.Environment</h3><h3>android.os.RemoteException</h3><h3>android.telephony.SmsManager</h3><h3>android.telephony.TelephonyManager</h3><h3>android.telephony.gsm.GsmCellLocation</h3><h3>android.telephony.gsm.SmsMessage</h3><h3>android.util.Log</h3><h3>com.androwarn.sampleapplication.BusterReceiver</h3><h3>com.androwarn.sampleapplication.NativeCode</h3><h3>com.androwarn.sampleapplication.SampleApplication</h3><h3>java.io.BufferedReader</h3><h3>java.io.File</h3><h3>java.io.FileNotFoundException</h3><h3>java.io.FileOutputStream</h3><h3>java.io.IOException</h3><h3>java.io.InputStreamReader</h3><h3>java.io.OutputStream</h3><h3>java.lang.Integer</h3><h3>java.lang.NullPointerException</h3><h3>java.lang.NumberFormatException</h3><h3>java.lang.Object</h3><h3>java.lang.Process</h3><h3>java.lang.Runtime</h3><h3>java.lang.RuntimeException</h3><h3>java.lang.String</h3><h3>java.lang.StringBuffer</h3><h3>java.lang.StringBuilder</h3><h3>java.lang.System</h3><h3>java.net.InetAddress</h3><h3>java.net.Socket</h3><h3>java.net.UnknownHostException</h3><h3>java.util.ArrayList</h3><h3>java.util.Arrays</h3><h3>java.util.Iterator</h3><h3>java.util.List</h3>
-</div>
-
- <div class="tab-pane" id="External-Classes-List">
-<h2>External Classes List</h2>
-<h3>com.androwarn.sampleapplication.BusterReceiver</h3><h3>com.androwarn.sampleapplication.NativeCode</h3><h3>com.androwarn.sampleapplication.R</h3><h3>com.androwarn.sampleapplication.SampleApplication</h3>
-</div>
-
- </div>
- </div>
- </div><!--/span-->
-
- </div><!--/row-->
-
- <hr>
-
- <footer>
- <p>&copy; Androwarn 2012 - Thomas Debize</p>
- <p><a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/fr/"><img alt="Licence Creative Commons" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/3.0/fr/80x15.png" /></a></p>
- </footer>
-
- </div><!--/.fluid-container-->
-
- <!-- Le javascript
- ================================================== -->
- <!-- Placed at the end of the document so the pages load faster -->
- <script src="js/jquery.js"></script>
- <script src="js/bootstrap-transition.js"></script>
- <script src="js/bootstrap-alert.js"></script>
- <script src="js/bootstrap-modal.js"></script>
- <script src="js/bootstrap-dropdown.js"></script>
- <script src="js/bootstrap-scrollspy.js"></script>
- <script src="js/bootstrap-tab.js"></script>
- <script src="js/bootstrap-tooltip.js"></script>
- <script src="js/bootstrap-popover.js"></script>
- <script src="js/bootstrap-button.js"></script>
- <script src="js/bootstrap-collapse.js"></script>
- <script src="js/bootstrap-carousel.js"></script>
- <script src="js/bootstrap-typeahead.js"></script>
-
- <script>
- $(function () {
- $('#myTab a:last').tab('show');
- })
- </script>
-
- </body>
-</html>
View
380 Report/template/template.html
@@ -1,259 +1,173 @@
-{%- macro render_menu_li(dashname, data, active) -%}
-{%- if data and active -%}
-<li class="active"><a href="#{{ dashname }}" data-toggle="tab">{{ dashname|replace('-', ' ') }}</a></li>
-{%- elif data and not(active) -%}
-<li><a href="#{{ dashname }}" data-toggle="tab">{{ dashname|replace('-', ' ') }}</a></li>
-{%- endif -%}
-{%- endmacro -%}
-
-{%- macro render_string(unique_string_in_list) -%}
-{%- if unique_string_in_list -%}
- {%- for item in unique_string_in_list -%}
- {{ item|striptags }}
- {%- endfor -%}
-{%- endif -%}
-{%- endmacro -%}
-
-{%- macro render_list(list) -%}
-{%- if list -%}
- {%- for item in list -%}
- {{ item }}
- {%- endfor -%}
+{%- macro render_string_h_level(string, h_level) -%}
+{%- if string -%}
+ <h{{h_level}}>{{ string|replace("\n","<br/><br/>") }}</h{{h_level}}>
{%- endif -%}
{%- endmacro -%}
{%- macro render_list_h_level(list, h_level) -%}
{%- if list -%}
- {%- for item in list -%}
- <h{{h_level}}>{{ item|replace('\n',"<br/>") }}</h{{h_level}}>
- {%- endfor -%}
+ {%- for item in list -%}
+ <h{{h_level}}>{{ item|replace("\n","<br/><br/>") }}</h{{h_level}}>
+ {%- endfor -%}
{%- endif -%}
-{%- endmacro -%}
-
+{%- endmacro -%}
-{%- macro render_div_content_active(category, list) -%}
-{%- if list -%}
-<div class="tab-pane active" id="{{ category }}">
-<h2>{{ category|replace('-', ' ') }}</h2>
- {%- for item in list -%}
- <h3>{{ item|striptags }}</h3>
- {%- endfor -%}
-</div>
+{%- macro render_application_name(data) -%}
+{%- if data -%}
+ {%- for key, value in data[0]["application_information"] -%}
+ {%- if key == "package_name" -%}
+ {{ value[0]|striptags }}
+ {%- endif -%}
+ {%- endfor -%}
{%- endif -%}
{%- endmacro -%}
-{%- macro render_div_content(category, list) -%}
-{%- if list -%}
-<div class="tab-pane" id="{{ category }}">
-<h2>{{ category|replace('-', ' ') }}</h2>
-{{ render_list_h_level(list, 3) }}
-</div>
+{%- macro render_menu(data) -%}
+{%- if data -%}
+ {%- for item in data -%}
+ {%- for nav_menu_header, nav_menu_item in item.iteritems() -%}
+ <li class="nav-header">{{ nav_menu_header|replace('_', ' ')|title }}</li>
+ {% for name,content in nav_menu_item -%}
+ {%- if content -%}
+ {%- if name == "application_name" -%}
+ <li class="active"><a href="#{{ name|replace('_', '-') }}" data-toggle="tab">{{ name|replace('_', ' ')|title }}</a></li>
+ {%- else -%}
+ <li><a href="#{{ name|replace('_', '-') }}" data-toggle="tab">{{ name|replace('_', ' ')|title }}</a></li>
+ {%- endif -%}
+ {%- endif %}
+ {% endfor %}
+ {%- endfor -%}
+ {%- endfor -%}
{%- endif -%}
{%- endmacro -%}
-
-{%- macro render_div_content_description(category, desc, icon) -%}
-{%- if desc -%}
-<div class="tab-pane" id="{{ category }}"> {{ render_list(icon) }}
-<h2>{{ category|replace('-', ' ') }}</h2>
-{{ render_list_h_level(desc, 3) }}
-</div>
+{%- macro render_content(data) -%}
+{%- if data -%}
+ {%- for item in data -%}
+ {%- for nav_menu_header, nav_menu_item in item.iteritems() -%}
+ {%- for name,content in nav_menu_item %}
+ {%- if content -%}
+ {%- if name == "application_name" %}
+ <div class="tab-pane active" id="{{ name|replace('_', '-') }}">
+ {%- else %}
+ <div class="tab-pane" id="{{ name|replace('_', '-') }}">
+ {%- endif %}
+ {{ render_string_h_level(name|replace('_', ' ')|title, 2) }}
+ {{ render_list_h_level(content, 3) }}
+ </div>
+ {% endif -%}
+ {% endfor -%}
+ {%- endfor -%}
+ {%- endfor -%}
{%- endif -%}
{%- endmacro -%}
<!DOCTYPE html>
<html lang="en">
<head>
- <meta charset="utf-8">
- <title>Androwarn report</title>
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="description" content="">
- <meta name="author" content="">
-
- <!-- Le styles -->
- <link href="css/bootstrap.css" rel="stylesheet">
- <style type="text/css">
- body {
- padding-top: 60px;
- padding-bottom: 40px;
- }
- .sidebar-nav {
- padding: 9px 0;
- }
- </style>
- <link href="css/bootstrap-responsive.css" rel="stylesheet">
-
- <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
- <!--[if lt IE 9]>
- <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
- <![endif]-->
-
- <!-- Le fav and touch icons -->
- <link rel="shortcut icon" href="ico/favicon.ico">
- <link rel="apple-touch-icon-precomposed" sizes="144x144" href="ico/apple-touch-icon-144-precomposed.png">
- <link rel="apple-touch-icon-precomposed" sizes="114x114" href="ico/apple-touch-icon-114-precomposed.png">
- <link rel="apple-touch-icon-precomposed" sizes="72x72" href="ico/apple-touch-icon-72-precomposed.png">
- <link rel="apple-touch-icon-precomposed" href="ico/apple-touch-icon-57-precomposed.png">
+ <meta charset="utf-8">
+ <title>Androwarn report</title>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <meta name="description" content="">
+ <meta name="author" content="">
+
+ <!-- Le styles -->
+ <link href="css/bootstrap.css" rel="stylesheet">
+ <style type="text/css">
+ body {
+ padding-top: 60px;
+ padding-bottom: 40px;
+ }
+ .sidebar-nav {
+ padding: 9px 0;
+ }
+ </style>
+ <link href="css/bootstrap-responsive.css" rel="stylesheet">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+ <![endif]-->
+
+ <!-- Le fav and touch icons -->
+ <link rel="shortcut icon" href="ico/favicon.ico">
+ <link rel="apple-touch-icon-precomposed" sizes="144x144" href="ico/apple-touch-icon-144-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" sizes="114x114" href="ico/apple-touch-icon-114-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" sizes="72x72" href="ico/apple-touch-icon-72-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" href="ico/apple-touch-icon-57-precomposed.png">
</head>
<body>
- <div class="navbar navbar-fixed-top">
- <div class="navbar-inner">
- <div class="container-fluid">
- <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- </a>
- <a class="brand">Androwarn Report</a>
- <div class="nav-collapse">
- <ul class="nav">
- <li><a>{{ render_string(application_package_name) }}</a></li>
- </ul>
- </div><!--/.nav-collapse -->
- </div>
- </div>
- </div>
-
- <div class="container-fluid">
- <div class="row-fluid">
-
- <div class="span3">
- <div class="well sidebar-nav">
- <ul class="nav nav-list">
- <li class="nav-header">Application Information</li>
- {{ render_menu_li("Application-Name", application_name, True) }}
- {{ render_menu_li("Application-Version", application_version, False) }}
- {{ render_menu_li("Package-Name", application_package_name, False) }}
- {{ render_menu_li("Description", application_description, False) }}
-
-
- <li class="nav-header">Analysis Results</li>
- {{ render_menu_li("Telephony-Identifiers-Leakage", telephony_identifiers_leakage, False) }}
- {{ render_menu_li("Device-Settings-Harvesting", device_settings_harvesting, False) }}
- {{ render_menu_li("Physical-Location-Lookup", location_lookup, False) }}
- {{ render_menu_li("Connection-Interfaces-Exfiltration", connection_interfaces_exfiltration, False) }}
- {{ render_menu_li("Telephony-Services-Abuse", telephony_services_abuse, False) }}
- {{ render_menu_li("Audio-Video-Eavesdropping", media_recorder_abuse, False) }}
- {{ render_menu_li("Suspicious-Connection-Establishment", suspicious_connection_establishment, False) }}
- {{ render_menu_li("PIM-Data-Leakage", PIM_data_leakage, False) }}
- {{ render_menu_li("Code-Execution", code_execution, False) }}
-
-
-
- <li class="nav-header">APK File</li>
- {{ render_menu_li("APK-File-Name", apk_file_name, False) }}
- {{ render_menu_li("SHA1-hash", apk_file_SHA1_hash, False) }}
- {{ render_menu_li("File-List", file_list, False) }}
- {{ render_menu_li("Certificate-Information", certificate_information, False) }}
-
-
- <li class="nav-header">AndroidManifest.xml</li>
- {{ render_menu_li("Main-Activity", main_activity, False) }}
- {{ render_menu_li("Activities", activities, False) }}
- {{ render_menu_li("Services", services, False) }}
- {{ render_menu_li("Receivers", receivers, False) }}
- {{ render_menu_li("Providers", providers, False) }}
- {{ render_menu_li("Permissions", permissions, False) }}
- {{ render_menu_li("Features", features, False) }}
- {{ render_menu_li("Libraries", libraries, False) }}
-
-
- <li class="nav-header">APIs Used</li>
- {{ render_menu_li("Internal-Packages-List", internal_packages_list, False) }}
- {{ render_menu_li("Internal-New-Packages-List", internal_new_packages_list, False) }}
- {{ render_menu_li("External-Packages-List", external_packages_list, False) }}
- {{ render_menu_li("Classes-List", classes_list, False) }}
- {{ render_menu_li("Internal-NewClasses-List", internal_new_classes_list, False) }}
- {{ render_menu_li("External-Classes-List", external_classes_list, False) }}
-
- </ul>
- </div><!--/.well -->
- </div><!--/span-->
-
- <div class="span9">
- <div class="hero-unit" id="Package_name">
- <div class="tab-content">
-
- {{ render_div_content_active("Application-Name", application_name) }}
- {{ render_div_content("Application-Version", application_version) }}
- {{ render_div_content("Package-Name", application_package_name) }}
- {{ render_div_content_description("Description", application_description, application_icon) }}
-
-
- {{ render_div_content("Telephony-Identifiers-Leakage", telephony_identifiers_leakage) }}
- {{ render_div_content("Device-Settings-Harvesting", device_settings_harvesting) }}
- {{ render_div_content("Physical-Location-Lookup", location_lookup) }}
- {{ render_div_content("Connection-Interfaces-Exfiltration", connection_interfaces_exfiltration) }}
- {{ render_div_content("Telephony-Services-Abuse", telephony_services_abuse) }}
- {{ render_div_content("Audio-Video-Eavesdropping", media_recorder_abuse) }}
- {{ render_div_content("Suspicious-Connection-Establishment", suspicious_connection_establishment) }}
- {{ render_div_content("PIM-Data-Leakage", PIM_data_leakage) }}
- {{ render_div_content("Code-Execution", code_execution) }}
-
-
-
- {{ render_div_content("APK-File-Name", apk_file_name) }}
- {{ render_div_content("SHA1-hash", apk_file_SHA1_hash) }}
- {{ render_div_content("File-List", file_list) }}
- {{ render_div_content("Certificate-Information", certificate_information) }}
-
-
- {{ render_div_content("Main-Activity", main_activity) }}
- {{ render_div_content("Activities", activities) }}
- {{ render_div_content("Services", services) }}
- {{ render_div_content("Receivers", receivers) }}
- {{ render_div_content("Providers", providers) }}
- {{ render_div_content("Permissions", permissions) }}
- {{ render_div_content("Features", features) }}
- {{ render_div_content("Libraries", libraries) }}
-
-
- {{ render_div_content("Internal-Packages-List", internal_packages_list) }}
- {{ render_div_content("Internal-NewPackages-List", internal_new_packages_list) }}
- {{ render_div_content("External-Packages-List", external_packages_list) }}
- {{ render_div_content("Classes-List", classes_list) }}
- {{ render_div_content("Internal-New-Classes-List", internal_new_classes_list) }}
- {{ render_div_content("External-Classes-List", external_classes_list) }}
-
- </div>
- </div>
- </div><!--/span-->
-
- </div><!--/row-->
-
- <hr>
-
- <footer>
- <p>&copy; Androwarn 2012 - Thomas Debize</p>
- <p><a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/fr/"><img alt="Licence Creative Commons" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/3.0/fr/80x15.png" /></a></p>
- </footer>
-
- </div><!--/.fluid-container-->
-
- <!-- Le javascript
- ================================================== -->
- <!-- Placed at the end of the document so the pages load faster -->
- <script src="js/jquery.js"></script>
- <script src="js/bootstrap-transition.js"></script>
- <script src="js/bootstrap-alert.js"></script>
- <script src="js/bootstrap-modal.js"></script>
- <script src="js/bootstrap-dropdown.js"></script>
- <script src="js/bootstrap-scrollspy.js"></script>
- <script src="js/bootstrap-tab.js"></script>
- <script src="js/bootstrap-tooltip.js"></script>
- <script src="js/bootstrap-popover.js"></script>
- <script src="js/bootstrap-button.js"></script>
- <script src="js/bootstrap-collapse.js"></script>
- <script src="js/bootstrap-carousel.js"></script>
- <script src="js/bootstrap-typeahead.js"></script>
-
- <script>
- $(function () {
- $('#myTab a:last').tab('show');
- })
- </script>
+ <div class="navbar navbar-fixed-top">
+ <div class="navbar-inner">
+ <div class="container-fluid">
+ <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </a>
+ <a class="brand">Androwarn Report</a>
+ <div class="nav-collapse">
+ <ul class="nav">
+ <li><a>{{ render_application_name(data) }}</a></li>
+ </ul>
+ </div><!--/.nav-collapse -->
+ </div>
+ </div>
+ </div>
+
+ <div class="container-fluid">
+ <div class="row-fluid">
+
+ <div class="span3">
+ <div class="well sidebar-nav">
+ <ul class="nav nav-list">
+ {{ render_menu(data) }}
+ </ul>
+ </div><!--/.well -->
+ </div><!--/span-->
+
+ <div class="span9">
+ <div class="hero-unit" id="Package_name">
+ <div class="tab-content">
+ {{ render_content(data) }}
+ </div>
+ </div>
+ </div><!--/span-->
+
+ </div><!--/row-->
+ <hr>
+
+ <footer>
+ <p>&copy; Androwarn 2012 - Thomas Debize</p>
+ <p><a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/fr/"><img alt="Licence Creative Commons" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/3.0/fr/80x15.png" /></a></p>
+ </footer>
+
+ </div><!--/.fluid-container-->
+
+ <!-- Le javascript
+ ================================================== -->
+ <!-- Placed at the end of the document so the pages load faster -->
+ <script src="js/jquery.js"></script>
+ <script src="js/bootstrap-transition.js"></script>
+ <script src="js/bootstrap-alert.js"></script>
+ <script src="js/bootstrap-modal.js"></script>
+ <script src="js/bootstrap-dropdown.js"></script>
+ <script src="js/bootstrap-scrollspy.js"></script>
+ <script src="js/bootstrap-tab.js"></script>
+ <script src="js/bootstrap-tooltip.js"></script>
+ <script src="js/bootstrap-popover.js"></script>
+ <script src="js/bootstrap-button.js"></script>
+ <script src="js/bootstrap-collapse.js"></script>
+ <script src="js/bootstrap-carousel.js"></script>
+ <script src="js/bootstrap-typeahead.js"></script>
+
+ <script>
+ $(function () {
+ $('#myTab a:last').tab('show');
+ })
+ </script>
</body>
</html>
View
19 androwarn.py
@@ -21,7 +21,7 @@
# Global imports
-import sys, os, re, logging
+import sys, re, logging
# OptionParser imports
from optparse import OptionParser
@@ -51,10 +51,11 @@
option_0 = { 'name' : ('-i', '--input'), 'help' : 'APK file to analyze', 'nargs' : 1 }
option_1 = { 'name' : ('-v', '--verbose'), 'help' : 'Verbosity level { 1-3 } ( ESSENTIAL, ADVANCED, EXPERT )', 'nargs' : 1 }
option_2 = { 'name' : ('-r', '--report'), 'help' : 'Report type { txt, html }', 'nargs' : 1 }
-option_3 = { 'name' : ('-L', '--log-level'), 'help' : 'Log level { DEBUG, INFO, WARN, ERROR, CRITICAL }', 'nargs' : 1 }
-option_4 = { 'name' : ('-n', '--no-connection'), 'help' : 'Disable lookups on Google Play ', 'nargs' : 0 }
+option_3 = { 'name' : ('-d', '--display-report'), 'help' : 'Display analysis results to stdout', 'nargs' : 0 }
+option_4 = { 'name' : ('-L', '--log-level'), 'help' : 'Log level { DEBUG, INFO, WARN, ERROR, CRITICAL }', 'nargs' : 1 }
+option_5 = { 'name' : ('-n', '--no-connection'), 'help' : 'Disable lookups on Google Play', 'nargs' : 0 }
-options = [option_0, option_1, option_2, option_3, option_4]
+options = [option_0, option_1, option_2, option_3, option_4, option_5]
def main(options, arguments) :
@@ -90,12 +91,15 @@ def main(options, arguments) :
a, d, x = AnalyzeAPK(APK_FILE)
+ package_name = grab_application_package_name(a)
+
data = perform_analysis(APK_FILE, a, d, x, no_connection)
- #Brace yourself, a massive debug dump is coming
- #dump_analysis_results(data)
+ if (options.display_report != None) :
+ # Brace yourself, a massive debug dump is coming
+ dump_analysis_results(data,sys.stdout)
- generate_report(data, verbosity, report)
+ generate_report(package_name, data, verbosity, report)
if __name__ == "__main__" :
parser = OptionParser()
@@ -105,5 +109,4 @@ def main(options, arguments) :
parser.add_option(*param, **option)
options, arguments = parser.parse_args()
- #sys.argv[:] = arguments
main(options, arguments)
View
161 androwarn/analysis/analysis.py
@@ -85,12 +85,14 @@ def AnalyzeDex(filename, raw=False) :
#ExportVMToPython( d )
androconf.debug("VMAnalysis ...")
- dx = uVMAnalysis( d )
+ dx = VMAnalysis( d )
+ #dx = uVMAnalysis( d )
d.set_vmanalysis( dx )
return d, dx
+# Consolidate all data
def perform_analysis(apk_file, a, d, x, no_connection) :
"""
@param apk_file : apk file path
@@ -98,92 +100,79 @@ def perform_analysis(apk_file, a, d, x, no_connection) :
@param d : a DalvikVMFormat instance
@param x : a VMAnalysis instance
- @rtype : a dictionary of strings lists { "apk_files" : ["1", "2", "3"...], "application_name" : ['example'], ...}
+ @rtype : a list of dictionaries of strings lists [ { "Application_info": [("Application_name", ["com.test.test"]), ("Application_version", ["1.0", ".1"])] } ]
"""
- data = {}
-
- # Application
- data['application_package_name'] = [grab_application_package_name(a)]
- app_name, app_description, app_icon = grab_application_name_description_icon(data['application_package_name'][0], no_connection)
- data['application_name'] = [app_name]
- data['application_description'] = [app_description]
- data['application_icon'] = [app_icon]
- data['application_version'] = [grab_androidversion_name(a)]
-
- # APK
- data['apk_file_SHA1_hash'] = [grab_apk_file_sha1_hash(apk_file)]
- data['apk_file_name'] = [grab_filename(a)]
- data['file_list'] = grab_file_list(a)
-
-
- # Manifest
- data['main_activity'] = [grab_main_activity(a)]
- data['activities'] = grab_activities(a)
- data['services'] = grab_services(a)
- data['receivers'] = grab_receivers(a)
- data['providers'] = grab_providers(a)
- data['permissions'] = grab_permissions(a)
- data['features'] = grab_features(a)
- data['libraries'] = grab_libraries(a)
- data['certificate_information'] = grab_certificate_information(a)
-
-
- # Code
- # -- Classes
- data['classes_list'] = grab_classes_list(x)
- data['internal_new_classes_list'] = grab_internal_new_classes_list(x)
- data['external_classes_list'] = grab_external_classes_list(x)
- # -- Packages
- data['internal_packages_list'] = grab_internal_packages_list(x)
- data['internal_new_packages_list'] = grab_internal_new_packages_list(x)
- data['external_packages_list'] = grab_external_packages_list(x)
-
-
- # Malicious Behaviours Detection
- # -- Telephony identifiers leakage
- data['telephony_identifiers_leakage'] = detect_Telephony_Operator_lookup(x)
- data['telephony_identifiers_leakage'].extend( detect_Telephony_CellID_lookup(x) )
- data['telephony_identifiers_leakage'].extend( detect_Telephony_LAC_lookup(x) )
- data['telephony_identifiers_leakage'].extend( detect_Telephony_MCCMNC_lookup(x) )
- data['telephony_identifiers_leakage'].extend( detect_Telephony_DeviceID_lookup(x) )
- data['telephony_identifiers_leakage'].extend( detect_Telephony_IMSI_lookup(x) )
- data['telephony_identifiers_leakage'].extend( detect_Telephony_SimSerialNumber_lookup(x) )
-
-
- # -- Device settings harvesting
- data['device_settings_harvesting'] = detect_Telephony_DeviceSoftwareVersion_lookup(x)
- data['device_settings_harvesting'] .extend( detect_Telephony_phone_state_lookup(x) )
-
-
- # -- Physical location lookup
- data['location_lookup'] = detect_Location_lookup(x)
-
-
- # -- Connection interfaces information exfiltration
- data['connection_interfaces_exfiltration'] = detect_WiFi_Credentials_lookup(x)
-
-
- # -- Telephony services abuse
- data['telephony_services_abuse'] = detect_Telephony_Phone_Call_abuse(x)
- data['telephony_services_abuse'] .extend( detect_Telephony_SMS_abuse(x) )
-
-
- # -- Audio/Video eavesdropping
- data['media_recorder_abuse'] = detect_MediaRecorder_Voice_record(x)
- data['media_recorder_abuse'] .extend (detect_MediaRecorder_Video_capture(x) )
-
- # -- Suspicious connection establishment
- data['suspicious_connection_establishment'] = detect_Socket_use(x)
-
-
- # -- PIM data leakage
- data['PIM_data_leakage'] = detect_ContactAccess_lookup(x)
- data['PIM_data_leakage'] .extend( detect_Telephony_SMS_read(x) )
-
-
- # -- Native code execution
- data['code_execution'] = detect_Library_loading(x)
- data['code_execution'] .extend( detect_UNIX_command_execution(x) )
+ # application general information
+ app_package_name = grab_application_package_name(a)
+ app_name, app_description, app_icon = grab_application_name_description_icon(app_package_name, no_connection)
+
+
+ # data gathering
+ data = []
+
+ data.append(
+ { "application_information" :
+ [
+ ( "application_name", [app_name] ),
+ ( "application_version", [grab_androidversion_name(a)] ),
+ ( "package_name", [app_package_name] ),
+ ( "description", [app_description] )#inserer icone dans desc
+ ]
+ }
+ )
+
+ data.append(
+ { "analysis_results" :
+ [
+ ( "telephony_identifiers_leakage", gather_telephony_identifiers_leakage(x) ),
+ ( "device_settings_harvesting", gather_device_settings_harvesting(x) ),
+ ( "location_lookup", gather_location_lookup(x) ),
+ ( "connection_interfaces_exfiltration", gather_connection_interfaces_exfiltration(x) ),
+ ( "telephony_services_abuse", gather_telephony_services_abuse(x) ),
+ ( "audio_video_eavesdropping", gather_audio_video_eavesdropping(x) ),
+ ( "suspicious_connection_establishment",gather_suspicious_connection_establishment(x) ),
+ ( "PIM_data_leakage", gather_PIM_data_leakage(x) ),
+ ( "code_execution", gather_code_execution(x) ),
+ ],
+ }
+ )
+
+ data.append(
+ { "apk_file" :
+ [
+ ( "apk_file_name", [grab_filename(a)] ),
+ ( "SHA-1_hash", [grab_apk_file_sha1_hash(apk_file)] ),
+ ( "file_list", grab_file_list(a) ),
+ ( "certificate_information", grab_certificate_information(a) )
+ ]
+ }
+ )
+
+ data.append(
+ { "androidmanifest.xml" :
+ [
+ ( "main_activity", [grab_main_activity(a)] ),
+ ( "activities", grab_activities(a) ),
+ ( "receivers", grab_services(a) ),
+ ( "providers", grab_providers(a) ),
+ ( "permissions", grab_permissions(a) ),
+ ( "features", grab_features(a) ),
+ ( "librairies", grab_libraries(a) )
+ ]
+ }
+ )
+
+ data.append(
+ { "apis_used" :
+ [
+ ( "classes_list", grab_classes_list(x) ),
+ ( "internal_classes_list", grab_internal_classes_list(x) ),
+ ( "external_classes_list", grab_external_classes_list(x) ),
+ ( "internal_packages_list", grab_internal_packages_list(x) ),
+ ( "external_packages_list", grab_external_packages_list(x) )
+ ]
+ }
+ )
return data
View
46 androwarn/report/report.py
@@ -114,31 +114,7 @@
]
-def w_list(list, file) :
- """
- @param list : a list
- @param file : output file
- """
- if list :
- for i in list :
- file.write("- %s\n" % i)
-
-def w_title(string, file) :
- """
- @param string : a string to be titled
- @param file : output file
- """
- # Title it and replace underscores with spaces
- string = string.replace('_', ' ')
- string = ' '.join(word.capitalize() for word in string.split())
- file.write("[+] %s:\n" % string)
-def w_simple_string(string, file) :
- """
- @param string : a unique string
- @param file : output file
- """
- file.write("%s\n" % string)
def generate_report_txt(data,verbosity, report, output_file) :
"""
@@ -148,16 +124,10 @@ def generate_report_txt(data,verbosity, report, output_file) :
@param output_file : output file name
"""
output_file = "%s%s.txt" % (OUTPUT_DIR, output_file)
- with open(output_file, 'w') as f_out :
- w_simple_string("===== Androwarn Report =====", f_out)
- for item in data_level :
- key = item.keys()[0]
- if (item[key] <= int(verbosity)) and (key in data) and (len(data[key]) > 0):
- w_title(key,f_out)
- w_list(data[key], f_out)
- w_simple_string('', f_out)
-
- f_out.close()
+
+ with open(output_file, 'w') as fd :
+ dump_analysis_results(data, fd)
+ fd.close()
print("[+] Analysis successfully completed and TXT file report available '%s'" % output_file)
@@ -168,22 +138,22 @@ def generate_report_html(data, verbosity, report, output_file) :
@param report : report type
@param output_file : output file name
"""
- env = Environment( loader = FileSystemLoader(OUTPUT_DIR), trim_blocks=True, newline_sequence='\n')
+ env = Environment( loader = FileSystemLoader(OUTPUT_DIR), trim_blocks=False, newline_sequence='\n')
template = env.get_template(HTML_TEMPLATE_FILE)
# In this case we are forced to dump the html into the Report folder as it contains css/img/ico
output_file = "%s%s.html" % (OUTPUT_DIR, output_file.split('/')[-1])
- template.stream(data).dump(output_file, encoding='utf-8')
+ template.stream(data=data).dump(output_file, encoding='utf-8')
print("[+] Analysis successfully completed and HTML file report available '%s'" % output_file)
-def generate_report(data, verbosity, report) :
+def generate_report(package_name, data, verbosity, report) :
"""
@param data : analysis result list
@param verbosity : desired verbosity
@param report : report type
"""
- output_file = data['application_package_name'][0]
+ output_file = package_name
if cmp(report, REPORT_TXT) == 0 :
generate_report_txt(data,verbosity, report, output_file)
View
13 androwarn/search/malicious_behaviours/Audio_video_interception.py
@@ -84,3 +84,16 @@ def detect_MediaRecorder_Video_capture(x) :
return formatted_str
+
+def gather_audio_video_eavesdropping(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend ( detect_MediaRecorder_Voice_record(x) )
+ result.extend ( detect_MediaRecorder_Video_capture(x) )
+
+ return result
View
12 androwarn/search/malicious_behaviours/Geolocation_information.py
@@ -53,3 +53,15 @@ def detect_Location_lookup(x) :
formatted_str.append(local_formatted_str)
return formatted_str
+
+def gather_location_lookup(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Location_lookup(x) )
+
+ return result
View
15 androwarn/search/malicious_behaviours/PIM_leakage.py
@@ -44,6 +44,7 @@ def detect_ContactAccess_lookup(x) :
detector_1 = search_field(x, "Landroid/provider/ContactsContract$CommonDataKinds$Phone;")
detectors = [detector_1]
+ #print "detectors %s" % detectors
if detector_tab_is_not_empty(detectors) :
local_formatted_str = 'This application reads or edits contact data'
@@ -83,3 +84,17 @@ def detect_Telephony_SMS_read(x) :
log.warn("Detector result '%s' is not a PathVariable instance" % res)
return formatted_str
+
+
+def gather_PIM_data_leakage(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_ContactAccess_lookup(x) )
+ result.extend( detect_Telephony_SMS_read(x) )
+
+ return result
View
18 androwarn/search/malicious_behaviours/code_execution.py
@@ -41,12 +41,11 @@ def detect_Library_loading(x) :
@rtype : a list of formatted strings
"""
formatted_str = []
-
+
structural_analysis_results = x.tainted_packages.search_methods("Ljava/lang/System","loadLibrary", ".")
for result in xrange(len(structural_analysis_results)) :
- registers = data_flow_analysis(structural_analysis_results, result, x)
-
+ registers = data_flow_analysis(structural_analysis_results, result, x)
local_formatted_str = "This application loads a native library"
# If we're lucky enough to directly have the library's name
@@ -82,3 +81,16 @@ def detect_UNIX_command_execution(x) :
return formatted_str
+
+def gather_code_execution(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Library_loading(x) )
+ result.extend( detect_UNIX_command_execution(x) )
+
+ return result
View
12 androwarn/search/malicious_behaviours/connection_interfaces.py
@@ -63,3 +63,15 @@ def detect_WiFi_Credentials_lookup(x) :
return formatted_str
+
+def gather_connection_interfaces_exfiltration(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_WiFi_Credentials_lookup(x) )
+
+ return result
View
13 androwarn/search/malicious_behaviours/device_settings.py
@@ -86,3 +86,16 @@ def detect_Telephony_DeviceSoftwareVersion_lookup(x) :
return formatted_str
+
+def gather_device_settings_harvesting(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Telephony_DeviceSoftwareVersion_lookup(x) )
+ result.extend( detect_Telephony_phone_state_lookup(x) )
+
+ return result
View
12 androwarn/search/malicious_behaviours/remote_connection.py
@@ -56,3 +56,15 @@ def detect_Socket_use(x) :
formatted_str.append(local_formatted_str)
return formatted_str
+
+def gather_suspicious_connection_establishment(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Socket_use(x) )
+
+ return result
View
18 androwarn/search/malicious_behaviours/telephony_identifiers.py
@@ -183,3 +183,21 @@ def detect_Telephony_SimSerialNumber_lookup(x) :
return formatted_str
+
+def gather_telephony_identifiers_leakage(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Telephony_Operator_lookup(x) )
+ result.extend( detect_Telephony_CellID_lookup(x) )
+ result.extend( detect_Telephony_LAC_lookup(x) )
+ result.extend( detect_Telephony_MCCMNC_lookup(x) )
+ result.extend( detect_Telephony_DeviceID_lookup(x) )
+ result.extend( detect_Telephony_IMSI_lookup(x) )
+ result.extend( detect_Telephony_SimSerialNumber_lookup(x) )
+
+ return result
View
14 androwarn/search/malicious_behaviours/telephony_services.py
@@ -81,3 +81,17 @@ def detect_Telephony_Phone_Call_abuse(x) :
log.warn("Detector result '%s' is not a PathVariable instance" % res)
return formatted_str
+
+
+def gather_telephony_services_abuse(x) :
+ """
+ @param x : a VMAnalysis instance
+
+ @rtype : a list strings for the concerned category, for exemple [ 'This application makes phone calls', "This application sends an SMS message 'Premium SMS' to the '12345' phone number" ]
+ """
+ result = []
+
+ result.extend( detect_Telephony_Phone_Call_abuse(x) )
+ result.extend( detect_Telephony_SMS_abuse(x) )
+
+ return result
View
17 androwarn/search/manifest/manifest.py
@@ -147,17 +147,22 @@ def grab_certificate_information(apk) :
success, cert = grab_certificate(apk, cert_found)
- cert_info = []
+
if success != True :
log.error("Can not read the certificate %s from the APK" % cert_found)
- return cert_info
+ return []
+ cert_info_issuer = ["Issuer:", "C=%s" % cert.issuerC(), "ST=%s" % cert.issuerS(), "L=%s" % cert.issuerL(), "O=%s" % cert.issuerO() , "OU=%s" % cert.issuerOU() , "CN=%s\n" % cert.issuerCN() ]
+ cert_info_subject = ["Subject:", "C=%s" % cert.subjectC(), "ST=%s" % cert.subjectS(), "L=%s" % cert.subjectL(), "O=%s" % cert.subjectO() , "OU=%s" % cert.subjectOU() , "CN=%s\n" % cert.subjectCN() ]
+
+ cert_info = []
+
+ cert_info.extend(cert_info_issuer)
+ cert_info.extend(cert_info_subject)
- cert_info.append("Issuer:\n\tC=%s, ST=%s, L=%s, O=%s,\n\tOU=%s, CN=%s" % (cert.issuerC(), cert.issuerS(), cert.issuerL(), cert.issuerO(), cert.issuerOU(), cert.issuerCN()))
- cert_info.append("Subject:\n\tC=%s, ST=%s, L=%s, O=%s,\n\tOU=%s, CN=%s" % (cert.subjectC(), cert.subjectS(), cert.subjectL(), cert.subjectO(), cert.subjectOU(), cert.subjectCN()))
- cert_info.append("Serial number: %s" % cert.serialNumber())
- cert_info.append("SHA-1 thumbprint: %s" % cert.sha1Thumbprint())
+ cert_info.append("Serial number: %s\n" % cert.serialNumber())
+ cert_info.append("SHA-1 thumbprint: %s\n" % cert.sha1Thumbprint())
return cert_info
####################################
View
33 androwarn/util/util.py
@@ -27,7 +27,6 @@
import re, logging
from HTMLParser import HTMLParser
-
# Logguer
log = logging.getLogger('log')
@@ -59,6 +58,7 @@ def detector_tab_is_not_empty(list) :
return True
return False
+# Log extra information
def log_result_path_information(res, res_prefix, res_type) :
"""
@param res : a result from the detector's result list
@@ -77,6 +77,7 @@ def log_result_path_information(res, res_prefix, res_type) :
#log.info("%s %s found '%s'\n\t=> %s %s %s %s " % (res_prefix, res_type, res_info, path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor() ) )
log.info("%s %s found '%s'\n\t=> access_flag %s, index %s, method_index %s" % (res_prefix, res_type, res_info, access, idx, m_idx ) )
+# HTML Sanitizer
class MLStripper(HTMLParser):
def __init__(self):
self.reset()
@@ -101,18 +102,36 @@ def strip_HTML_tags(html):
return s.get_data()
-def dump_analysis_results(data) :
+# Dump
+def flush_simple_string(string, file) :
+ """
+ @param string : a unique string
+ @param file : output file descriptor
+ """
+ file.write("%s\n" % string)
+
+def dump_analysis_results(data, file_descriptor) :
"""
@param data : analysis results list
+ @param file_descriptor : dump output, file or sys.stdout
@rtype : void - it only prints out the list
"""
- for i in data :
- print "[+] Item\t: '%s'" % i
- print "[+] Data\t: %s" % data[i]
- print "[+] Data type\t: %s" % type(data[i])
- print
+ # Watch out for encoding error while priting
+ flush_simple_string("===== Androwarn Report =====", file_descriptor)
+ if data :
+ for item in data :
+ for category, element_tuple in item.iteritems() :
+ flush_simple_string("[+] %s" % category.encode('ascii','ignore').replace('_',' ').title(), file_descriptor)
+ for name,content in element_tuple :
+ if content :
+ flush_simple_string("\t[.] %s" % (str(name).encode('ascii','ignore').replace('_',' ').title().ljust(40)), file_descriptor)
+ for element in content :
+ flush_simple_string("\t\t- %s" % element.encode('ascii','ignore').replace('_',' ').title(), file_descriptor)
+ flush_simple_string("", file_descriptor)
+ flush_simple_string("", file_descriptor)
+# Classes harvesting
def search_class(x, package_name) :
"""
@param x : a VMAnalysis instance
Please sign in to comment.
Something went wrong with that request. Please try again.