androguard package¶
Subpackages¶
- androguard.core package
- androguard.decompiler package
- Subpackages
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.dad.dast module
- androguard.decompiler.dad.basic_blocks module
- androguard.decompiler.dad.control_flow module
- androguard.decompiler.dad.dataflow module
- androguard.decompiler.dad.decompile module
- androguard.decompiler.dad.graph module
- androguard.decompiler.dad.instruction module
- androguard.decompiler.dad.node module
- androguard.decompiler.dad.opcode_ins module
- androguard.decompiler.dad.util module
- androguard.decompiler.dad.writer module
- Module contents
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.decompiler module
- Module contents
- Subpackages
Submodules¶
androguard.misc module¶
-
androguard.misc.
AnalyzeAPK
(_file, session=None, raw=False)¶ Analyze an android application and setup all stuff for a more quickly analysis! If session is None, no session is used at all. This is the default behaviour. If you like to continue your work later, it might be a good idea to use a session. A default session can be created by using
get_default_session()
.- Parameters
_file (string (for filename) or bytes (for raw)) – the filename of the android application or a buffer which represents the application
session – A session (default: None)
raw – boolean if raw bytes are supplied instead of a filename
- Return type
return the
APK
, list ofDalvikVMFormat
, andAnalysis
objects
-
androguard.misc.
AnalyzeDex
(filename, session=None)¶ Analyze an android dex file and setup all stuff for a more quickly analysis !
- Parameters
filename (string) – the filename of the android dex file or a buffer which represents the dex file
session – A session (Default None)
- Return type
return a tuple of (sha256hash,
DalvikVMFormat
,Analysis
)
-
androguard.misc.
AnalyzeODex
(filename, session=None)¶ Analyze an android odex file and setup all stuff for a more quickly analysis !
- Parameters
filename (string) – the filename of the android dex file or a buffer which represents the dex file
session – The Androguard Session to add the ODex to (default: None)
- Return type
return a tuple of (sha256hash,
DalvikOdexVMFormat
,Analysis
)
-
androguard.misc.
RunDecompiler
(d, dx, decompiler_name)¶ Run the decompiler on a specific analysis
- Parameters
d (
DalvikVMFormat
object) – the DalvikVMFormat objectdx (
VMAnalysis
object) – the analysis of the formatdecompiler (string) – the type of decompiler to use (“dad”, “dex2jad”, “ded”)
-
androguard.misc.
clean_file_name
(filename, unique=True, replace='_', force_nt=False)¶ Return a filename version, which has no characters in it which are forbidden. On Windows these are for example <, /, ?, …
The intention of this function is to allow distribution of files to different OSes.
- Parameters
filename – string to clean
unique – check if the filename is already taken and append an integer to be unique (default: True)
replace – replacement character. (default: ‘_’)
force_nt – Force shortening of paths like on NT systems (default: False)
- Returns
clean string
-
androguard.misc.
get_default_session
()¶ Return the default Session from the configuration or create a new one, if the session in the configuration is None.
- Return type
-
androguard.misc.
init_print_colors
()¶
-
androguard.misc.
sign_apk
(filename, keystore, storepass)¶ Use jarsigner to sign an APK file.
- Parameters
filename – APK file on disk to sign (path)
keystore – path to keystore
storepass – your keystorage passphrase
androguard.session module¶
-
androguard.session.
Load
(filename)¶ load your session!
example:
s = session.Load("mysession.ag")
- Parameters
filename (string) – the filename where the session has been saved
- Return type
the elements of your session :)
-
androguard.session.
Save
(session, filename=None)¶ save your session to use it later.
Returns the filename of the written file. If not filename is given, a file named androguard_session_<DATE>.ag will be created in the current working directory. <DATE> is a timestamp with the following format: %Y-%m-%d_%H%M%S.
This function will overwrite existing files without asking.
If the file could not written, None is returned.
example:
s = session.Session() session.Save(s, "msession.ag")
- Parameters
session – A Session object to save
filename (string) – output filename to save the session
-
class
androguard.session.
Session
(export_ipython=False)¶ Bases:
object
A Session is able to store multiple APK, DEX or ODEX files and can be pickled to disk in order to resume work later.
The main function used in Sessions is probably
add()
, which adds files to the session and performs analysis on them.Afterwards, the files can be gathered using methods such as
get_objects_apk()
,get_objects_dex()
orget_classes()
.example:
s = Session() digest = s.add("some.apk") print("SHA256 of the file: {}".format(digest)) a, d, dx = s.get_objects_apk("some.apk", digest) print(a.get_package()) # Reset the Session for a fresh set of files s.reset() digest2 = s.add("classes.dex") print("SHA256 of the file: {}".format(digest2)) for h, d, dx in s.get_objects_dex(): print("SHA256 of the DEX file: {}".format(h))
-
add
(filename, raw_data=None, dx=None)¶ Generic method to add a file to the session.
This is the main method to use when adding files to a Session!
If an APK file is supplied, all DEX files are analyzed too. For DEX and ODEX files, only this file is analyzed (what else should be analyzed).
Returns the SHA256 of the analyzed file.
- Parameters
filename – filename to load
raw_data – bytes of the file, or None to load the file from filename
dx – An already exiting
Analysis
object
- Returns
the sha256 of the file or None on failure
-
addAPK
(filename, data)¶ Add an APK file to the Session and run analysis on it.
- Parameters
filename – (file)name of APK file
data – binary data of the APK file
- Returns
a tuple of SHA256 Checksum and APK Object
-
addDEX
(filename, data, dx=None, postpone_xref=False)¶ Add a DEX file to the Session and run analysis.
- Parameters
filename – the (file)name of the DEX file
data – binary data of the dex file
dx – an existing Analysis Object (optional)
postpone_xref – True if no xref shall be created, and will be called manually
- Returns
A tuple of SHA256 Hash, DalvikVMFormat Object and Analysis object
-
addDEY
(filename, data, dx=None)¶ Add an ODEX file to the session and run the analysis
-
get_all_apks
()¶ Yields a list of tuples of SHA256 hash of the APK and APK objects of all analyzed APKs in the Session.
-
get_analysis
(current_class)¶ Returns the
Analysis
object which contains the current_class.- Parameters
current_class (androguard.core.bytecodes.dvm.ClassDefItem) – The class to search for
- Return type
-
get_classes
()¶ Returns all Java Classes from the DEX objects as an array of DEX files.
-
get_digest_by_class
(current_class)¶ Return the SHA256 hash of the object containing the ClassDefItem
Returns the first digest this class was present. For example, if you analyzed an APK, this should return the digest of the APK and not of the DEX file.
-
get_filename_by_class
(current_class)¶ Returns the filename of the DEX file where the class is in.
Returns the first filename this class was present. For example, if you analyzed an APK, this should return the filename of the APK and not of the DEX file.
- Parameters
current_class – ClassDefItem
- Returns
None if class was not found or the filename
-
get_format
(current_class)¶ Returns the
DalvikVMFormat
of a givenClassDefItem
.- Parameters
current_class – A ClassDefItem
-
get_nb_strings
()¶ Return the total number of strings in all Analysis objects
-
get_objects_apk
(filename=None, digest=None)¶ Returns APK, DalvikVMFormat and Analysis of a specified APK.
You must specify either filename or digest. It is possible to use both, but in this case only digest is used.
example:
s = Session() digest = s.add("some.apk") a, d, dx = s.get_objects_apk(digest=digest)
example:
s = Session() filename = "some.apk" digest = s.add(filename) a, d, dx = s.get_objects_apk(filename=filename)
- Parameters
filename – the filename of the APK file, only used of digest is None
digest – the sha256 hash, as returned by
add()
for the APK
- Returns
a tuple of (APK, [DalvikVMFormat], Analysis)
-
get_objects_dex
()¶ Yields all dex objects inclduing their Analysis objects
- Returns
tuple of (sha256, DalvikVMFormat, Analysis)
-
get_strings
()¶ Yields all StringAnalysis for all unique Analysis objects
-
isOpen
()¶ Test if any file was analyzed in this session
- Returns
True if any file was analyzed, False otherwise
-
reset
()¶ Reset the current session, delete all added files.
-
show
()¶ Print information to stdout about the current session. Gets all APKs, all DEX files and all Analysis objects.
-
androguard.util module¶
-
androguard.util.
get_certificate_name_string
(name, short=False, delimiter=', ')¶ Format the Name type of a X509 Certificate in a human readable form.
- Parameters
name (dict or
asn1crypto.x509.Name
) – Name object to return the DN fromshort (boolean) – Use short form (default: False)
delimiter (str) – Delimiter string or character between two parts (default: ‘, ‘)
- Return type
str
-
androguard.util.
read
(filename, binary=True)¶ Open and read a file
- Parameters
filename – filename to open and read
binary – True if the file should be read as binary
- Returns
bytes if binary is True, str otherwise