My favorites | Sign in
Project Home Downloads Wiki Issues Source
Repository:
Checkout   Browse   Changes   Clones  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env python

import sys
import hashlib

import pyDes

PATH_INSTALL = "./"
sys.path.append(PATH_INSTALL + "./")
sys.path.append(PATH_INSTALL + "/core")
sys.path.append(PATH_INSTALL + "/core/bytecodes")
sys.path.append(PATH_INSTALL + "/core/analysis")

from androguard import *
import analysis

TEST = "./geinimi/geinimi.apk"

_a = AndroguardS( TEST )
_d = _a.get_vm()
_x = analysis.VM_BCA( _d )

#print _a.get_strings()

KEY = "\x01\x02\x03\x04\x05\x06\x07\x08"
_des = pyDes.des( KEY )

#_x.tainted_packages.export_call_graph("toto.dot", "Lcom/swampy/sexpos/pos")

tainted_string = _x.tainted_variables.get_string( "DES" )
if tainted_string != None :
print "\t -->", tainted_string.get_info()
for path in tainted_string.get_paths() :
print "\t\t =>", path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor(), path.get_bb().get_name(), "%x" % ( path.get_bb().start + path.get_idx() )

tainted_field = _x.tainted_variables.get_field( "Lcom/swampy/sexpos/pos/e/k;", "b", "[B" )
if tainted_field != None :
print "\t -->", tainted_field.get_info()
for path in tainted_field.get_paths() :
print "\t\t =>", path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor(), path.get_bb().get_name(), "%x" % (path.get_bb().start + path.get_idx() )


tainted_field = _x.tainted_variables.get_field( "Lcom/swampy/sexpos/pos/e/p;", "a", "[[B" )
if tainted_field != None :
print "\t -->", tainted_field.get_info()
for path in tainted_field.get_paths() :
print "\t\t =>", path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor(), path.get_bb().get_name(), "%x" % (path.get_bb().start + path.get_idx() )
if path.get_access_flag() == "W" :
b = ""
for ins in path.get_method().get_code().get_bc().get() :
if ins.get_name() == "FILL-ARRAY-DATA" :
b += ins.op.data

print repr( _des.decrypt( b ) )

tainted_field = _x.tainted_variables.get_field( "Lcom/swampy/sexpos/pos/a;", "g", "Ljava/lang/String;" )
if tainted_field != None :
print "\t -->", tainted_field.get_info()
for path in tainted_field.get_paths() :
print "\t\t =>", path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor(), path.get_bb().get_name(), "%x" % (path.get_bb().start + path.get_idx() )

tainted_method = _x.tainted_packages.get_method( "Lcom/swampy/sexpos/pos/e/q;", "a", "(Ljava/lang/String;)Ljava/lang/String;" )
for path in tainted_method :
print path.get_access_flag(), path.get_method().get_class_name(), path.get_method().get_name(), path.get_method().get_descriptor(), path.get_bb().get_name(), "%x" % (path.get_bb().start + path.get_idx() )

Change log

0136ea839f68 by po...@camelot on Jan 6, 2011   Diff
add zlib to libncd
add pysco into bytecodes
Go to: 
Project members, sign in to write a code review

Older revisions

26a041cd986a by po...@camelot on Jan 6, 2011   Diff
add example of geinimi analysis
All revisions of this file

File info

Size: 2889 bytes, 64 lines
Powered by Google Project Hosting