androguard.core package

Submodules

androguard.core.androconf module

class androguard.core.androconf.Color

Bases: object

Black = '\x1b[30m'
Blue = '\x1b[34m'
Bold = '\x1b[1m'
Cyan = '\x1b[36m'
Green = '\x1b[32m'
Grey = '\x1b[37m'
Normal = '\x1b[0m'
Purple = '\x1b[35m'
Red = '\x1b[31m'
Yellow = '\x1b[33m'
class androguard.core.androconf.Configuration

Bases: object

instance = {'BIN_DED': 'ded.sh', 'BIN_DEX2JAR': 'dex2jar.sh', 'BIN_FERNFLOWER': 'fernflower.jar', 'BIN_JAD': 'jad', 'BIN_JADX': 'jadx', 'BIN_JARSIGNER': 'jarsigner', 'BIN_WINEJAD': 'jad.exe', 'COLORS': {'BB': '\x1b[35m', 'BRANCH': '\x1b[34m', 'BRANCH_FALSE': '\x1b[31m', 'BRANCH_TRUE': '\x1b[32m', 'EXCEPTION': '\x1b[36m', 'INSTRUCTION_NAME': '\x1b[33m', 'NORMAL': '\x1b[0m', 'NOTE': '\x1b[31m', 'OFFSET': '\x1b[33m', 'OFFSET_ADDR': '\x1b[32m', 'OUTPUT': {'field': '\x1b[32m', 'literal': '\x1b[32m', 'meth': '\x1b[36m', 'normal': '\x1b[0m', 'offset': '\x1b[35m', 'raw': '\x1b[31m', 'registers': '\x1b[0m', 'string': '\x1b[31m', 'type': '\x1b[34m'}}, 'DEFAULT_API': 16, 'OPTIONS_FERNFLOWER': {'asc': '1', 'dgs': '1'}, 'PRINT_FCT': <built-in method write of _io.TextIOWrapper object>, 'RECODE_ASCII_STRING': False, 'RECODE_ASCII_STRING_METH': None, 'SESSION': None, 'TMP_DIRECTORY': '/tmp'}
exception androguard.core.androconf.InvalidResourceError

Bases: Exception

Invalid Resource Erorr is thrown by load_api_specific_resource_module

androguard.core.androconf.color_range(startcolor, goalcolor, steps)

wrapper for interpolate_tuple that accepts colors as html (“#CCCCC” and such)

androguard.core.androconf.default_colors(obj)
androguard.core.androconf.disable_colors()

Disable colors from the output (color = normal)

androguard.core.androconf.enable_colors(colors)
androguard.core.androconf.interpolate_tuple(startcolor, goalcolor, steps)

Take two RGB color sets and mix them over a specified number of steps. Return the list

androguard.core.androconf.is_android(filename)

Return the type of the file

:param filename : the filename :returns: “APK”, “DEX”, None

androguard.core.androconf.is_android_raw(raw)

Returns a string that describes the type of file, for common Android specific formats

androguard.core.androconf.is_ascii_problem(s)

Test if a string contains other chars than ASCII

Parameters

s (MUTF8Strin) – a string to test

Returns

True if string contains other chars than ASCII, False otherwise

androguard.core.androconf.load_api_specific_resource_module(resource_name, api=None)

Load the module from the JSON files and return a dict, which might be empty if the resource could not be loaded.

If no api version is given, the default one from the CONF dict is used.

Parameters
  • resource_name – Name of the resource to load

  • api – API version

Returns

dict

androguard.core.androconf.make_color_tuple(color)

turn something like “#000000” into 0,0,0 or “#FFFFFF into “255,255,255”

androguard.core.androconf.remove_colors()

Remove colors from the output (no escape sequences)

androguard.core.androconf.rrmdir(directory)

Recursivly delete a directory

Parameters

directory – directory to remove

androguard.core.androconf.save_colors()
androguard.core.androconf.set_options(key, value)

Deprecated since version 3.3.5: Use CONF[key] = value instead

androguard.core.androconf.show_logging(level=20)

enable log messages on stdout

We will catch all messages here! From all loggers…

androguard.core.bytecode module

class androguard.core.bytecode.Buff(offset, buff)

Bases: object

class androguard.core.bytecode.BuffHandle(buff)

Bases: object

BuffHandle is a wrapper around bytes. It gives the ability to jump in the byte stream, just like with BytesIO.

add_idx(idx)

Advance the current offset by idx

Parameters

idx (int) – number of bytes to advance

end()

Test if the current offset is at the end or over the buffer boundary

Return type

bool

get_buff()

Return the whole buffer

Return type

bytearray

get_idx()

Get the current offset in the buffer

Return type

int

length_buff()

Alias for size()

peek(size)

Alias for read_b()

read(size)

Read from the current offset a total number of size bytes and increment the offset by size

Parameters

size (int) – length of bytes to read

Return type

bytearray

readNullString(size)

Read a String with length size at the current offset

Parameters

size (int) – length of the string

Return type

bytearray

read_at(offset, size)

Read bytes from the given offset with length size without incrementing the current offset

Parameters
  • offset (int) – offset to start reading

  • size (int) – length of bytes to read

Return type

bytearray

read_b(size)

Read bytes with length size without incrementing the current offset

Parameters

size (int) – length to read in bytes

Return type

bytearray

readat(off)

Read all bytes from the start of off until the end of the buffer

This method can be used to determine a checksum of a buffer from a given point on.

Parameters

off (int) – starting offset

Return type

bytearray

save(filename)

Save the current buffer to filename

Exisiting files with the same name will be overwritten.

Parameters

filename (str) – the name of the file to save to

set_buff(buff)

Overwrite the current buffer with the content of buff

Parameters

buff (bytearray) – the new buffer

set_idx(idx)

Set the current offset in the buffer

Parameters

idx (int) – offset to set

size()

Get the total size of the buffer

Return type

int

tell()

Alias for get_idx().

Return type

int

androguard.core.bytecode.FormatClassToJava(i)

Transform a java class name into the typed variant found in DEX files.

example:

>>> FormatClassToJava('java.lang.Object')
'Ljava/lang/Object;'
Parameters

i – the input class name

Return type

str

androguard.core.bytecode.FormatClassToPython(i)

Transform a typed class name into a form which can be used as a python attribute

example:

>>> FormatClassToPython('Lfoo/bar/foo/Barfoo$InnerClass;')
'Lfoo_bar_foo_Barfoo_InnerClass'
Parameters

i – classname to transform

Return type

str

androguard.core.bytecode.FormatDescriptorToPython(i)

Format a descriptor into a form which can be used as a python attribute

example:

>>> FormatDescriptorToPython('(Ljava/lang/Long; Ljava/lang/Long; Z Z)V')
'Ljava_lang_LongLjava_lang_LongZZV
Parameters

i – name to transform

Return type

str

androguard.core.bytecode.FormatNameToPython(i)

Transform a (method) name into a form which can be used as a python attribute

example:

>>> FormatNameToPython('<clinit>')
'clinit'
Parameters

i – name to transform

Return type

str

class androguard.core.bytecode.Node(n, s)

Bases: object

androguard.core.bytecode.PrettyShow(m_a, basic_blocks, notes={})
androguard.core.bytecode.PrettyShowEx(exceptions)
class androguard.core.bytecode.TmpBlock(name)

Bases: object

get_name()
androguard.core.bytecode.disable_print_colors()
androguard.core.bytecode.enable_print_colors(colors)
androguard.core.bytecode.get_package_class_name(name)

Return package and class name in a java variant from a typed variant name.

If no package could be found, the package is an empty string.

If the name is an array type, the array is discarded.

example:

>>> get_package_class_name('Ljava/lang/Object;')
('java.lang', 'Object')
>>> get_package_class_name('[[Ljava/lang/Object;')
('java.lang', 'Object')
>>> get_package_class_name('LSomeClass;')
('', 'SomeClass')
Parameters

name – the name

Return type

tuple

Returns

androguard.core.bytecode.method2dot(mx, colors=None)

Export analysis method to dot format.

A control flow graph is created by using the concept of BasicBlocks. Each BasicBlock is a sequence of opcode without any jumps or branch.

Parameters
  • mxMethodAnalysis

  • colors – dict of colors to use, if colors is None the default colors are used

Returns

a string which contains the dot graph

androguard.core.bytecode.method2format(output, _format='png', mx=None, raw=None)

Export method structure as a graph to a specific file format using dot from the graphviz package. The result is written to the file specified via output.

There are two possibilites to give input for this method:

1) use raw argument and pass a dictionary containing the keys name, nodes and edges. This can be created using method2dot(). 2) give a MethodAnalysis.

This function requires pydot!

There is a special format raw which saves the dot buffer before it is handled by pydot.

Parameters
  • output (str) – output filename

  • _format (str) – format type (png, jpg …). Can use all formats which are understood by pydot.

  • mx (androguard.core.analysis.analysis.MethodAnalysis) – specify the MethodAnalysis object

  • raw (dict) – use directly a dot raw buffer if None

androguard.core.bytecode.method2jpg(output, mx, raw=False)

Export method to a jpg file format

Parameters
  • output (string) – output filename

  • mx (MethodAnalysis object) – specify the MethodAnalysis object

  • raw (string) – use directly a dot raw buffer (optional)

androguard.core.bytecode.method2json(mx, directed_graph=False)

Create directed or undirected graph in the json format.

Parameters
  • mxMethodAnalysis

  • directed_graph – True if a directed graph should be created (default: False)

Returns

androguard.core.bytecode.method2json_direct(mx)
Parameters

mxMethodAnalysis

Returns

androguard.core.bytecode.method2json_undirect(mx)
Parameters

mxMethodAnalysis

Returns

androguard.core.bytecode.method2png(output, mx, raw=False)

Export method to a png file format

Parameters
  • output (string) – output filename

  • mx (MethodAnalysis object) – specify the MethodAnalysis object

  • raw (string) – use directly a dot raw buffer

androguard.core.bytecode.object_to_bytes(obj)

Convert a object to a bytearray or call get_raw() of the object if no useful type was found.

androguard.core.bytecode.vm2json(vm)

Get a JSON representation of a DEX file

Parameters

vmDalvikVMFormat

Returns

Module contents