androguard package¶
Subpackages¶
- androguard.core package
- androguard.decompiler package
- Subpackages
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.dad.dast module
- androguard.decompiler.dad.basic_blocks module
- androguard.decompiler.dad.control_flow module
- androguard.decompiler.dad.dataflow module
- androguard.decompiler.dad.decompile module
- androguard.decompiler.dad.graph module
- androguard.decompiler.dad.instruction module
- androguard.decompiler.dad.node module
- androguard.decompiler.dad.opcode_ins module
- androguard.decompiler.dad.util module
- androguard.decompiler.dad.writer module
- Module contents
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.decompiler module
- Module contents
- Subpackages
Submodules¶
androguard.misc module¶
-
androguard.misc.
AnalyzeAPK
(_file, session=None, raw=False)¶ Analyze an android application and setup all stuff for a more quickly analysis! If session is None, no session is used at all. This is the default behaviour. If you like to continue your work later, it might be a good idea to use a session. A default session can be created by using
get_default_session()
.Parameters: - _file (string (for filename) or bytes (for raw)) – the filename of the android application or a buffer which represents the application
- session – A session (default: None)
- raw – boolean if raw bytes are supplied instead of a filename
Return type: return the
APK
, list ofDalvikVMFormat
, andAnalysis
objects
-
androguard.misc.
AnalyzeDex
(filename, session=None)¶ Analyze an android dex file and setup all stuff for a more quickly analysis !
Parameters: - filename (string) – the filename of the android dex file or a buffer which represents the dex file
- session – A session (Default None)
Return type: return a tuple of (sha256hash,
DalvikVMFormat
,Analysis
)
-
androguard.misc.
AnalyzeODex
(filename, session=None)¶ Analyze an android odex file and setup all stuff for a more quickly analysis !
Parameters: - filename (string) – the filename of the android dex file or a buffer which represents the dex file
- session – The Androguard Session to add the ODex to (default: None)
Return type: return a tuple of (sha256hash,
DalvikOdexVMFormat
,Analysis
)
-
androguard.misc.
RunDecompiler
(d, dx, decompiler_name)¶ Run the decompiler on a specific analysis
Parameters: - d (
DalvikVMFormat
object) – the DalvikVMFormat object - dx (
VMAnalysis
object) – the analysis of the format - decompiler (string) – the type of decompiler to use (“dad”, “dex2jad”, “ded”)
- d (
-
androguard.misc.
clean_file_name
(filename, unique=True, replace='_', force_nt=False)¶ Return a filename version, which has no characters in it which are forbidden. On Windows these are for example <, /, ?, …
The intention of this function is to allow distribution of files to different OSes.
Parameters: - filename – string to clean
- unique – check if the filename is already taken and append an integer to be unique (default: True)
- replace – replacement character. (default: ‘_’)
- force_nt – Force shortening of paths like on NT systems (default: False)
Returns: clean string
-
androguard.misc.
get_default_session
()¶ Return the default Session from the configuration or create a new one, if the session in the configuration is None.
-
androguard.misc.
init_print_colors
()¶
-
androguard.misc.
sign_apk
(filename, keystore, storepass)¶ Use jarsigner to sign an APK file.
Parameters: - filename – APK file on disk to sign (path)
- keystore – path to keystore
- storepass – your keystorage passphrase
androguard.session module¶
-
androguard.session.
Load
(filename)¶ load your session!
example:
s = session.Load("mysession.ag")
Parameters: filename (string) – the filename where the session has been saved Return type: the elements of your session :)
-
androguard.session.
Save
(session, filename=None)¶ save your session to use it later.
Returns the filename of the written file. If not filename is given, a file named androguard_session_<DATE>.ag will be created in the current working directory. <DATE> is a timestamp with the following format: %Y-%m-%d_%H%M%S.
This function will overwrite existing files without asking.
If the file could not written, None is returned.
example:
s = session.Session() session.Save(s, "msession.ag")
Parameters: - session – A Session object to save
- filename (string) – output filename to save the session
-
class
androguard.session.
Session
(export_ipython=False)¶ Bases:
object
A Session is able to store multiple APK, DEX or ODEX files and can be pickled to disk in order to resume work later.
The main function used in Sessions is probably
add()
, which adds files to the session and performs analysis on them.Afterwards, the files can be gathered using methods such as
get_objects_apk()
,get_objects_dex()
orget_classes()
.example:
s = Session() digest = s.add("some.apk") print("SHA256 of the file: {}".format(digest)) a, d, dx = s.get_objects_apk("some.apk", digest) print(a.get_package()) # Reset the Session for a fresh set of files s.reset() digest2 = s.add("classes.dex") print("SHA256 of the file: {}".format(digest2)) for h, d, dx in s.get_objects_dex(): print("SHA256 of the DEX file: {}".format(h))
-
add
(filename, raw_data=None, dx=None)¶ Generic method to add a file to the session.
This is the main method to use when adding files to a Session!
If an APK file is supplied, all DEX files are analyzed too. For DEX and ODEX files, only this file is analyzed (what else should be analyzed).
Returns the SHA256 of the analyzed file.
Parameters: - filename – filename to load
- raw_data – bytes of the file, or None to load the file from filename
- dx – An already exiting
Analysis
object
Returns: the sha256 of the file or None on failure
-
addAPK
(filename, data)¶ Add an APK file to the Session and run analysis on it.
Parameters: - filename – (file)name of APK file
- data – binary data of the APK file
Returns: a tuple of SHA256 Checksum and APK Object
-
addDEX
(filename, data, dx=None)¶ Add a DEX file to the Session and run analysis.
Parameters: - filename – the (file)name of the DEX file
- data – binary data of the dex file
- dx – an existing Analysis Object (optional)
Returns: A tuple of SHA256 Hash, DalvikVMFormat Object and Analysis object
-
addDEY
(filename, data, dx=None)¶ Add an ODEX file to the session and run the analysis
-
get_all_apks
()¶ Yields a list of tuples of SHA256 hash of the APK and APK objects of all analyzed APKs in the Session.
-
get_analysis
(current_class)¶ Returns the
Analysis
object which contains the current_class.Parameters: current_class (androguard.core.bytecodes.dvm.ClassDefItem) – The class to search for Return type: androguard.core.analysis.analysis.Analysis
-
get_classes
()¶ Returns all Java Classes from the DEX objects as an array of DEX files.
-
get_digest_by_class
(current_class)¶ Return the SHA256 hash of the object containing the ClassDefItem
Returns the first digest this class was present. For example, if you analyzed an APK, this should return the digest of the APK and not of the DEX file.
-
get_filename_by_class
(current_class)¶ Returns the filename of the DEX file where the class is in.
Returns the first filename this class was present. For example, if you analyzed an APK, this should return the filename of the APK and not of the DEX file.
Parameters: current_class – ClassDefItem Returns: None if class was not found or the filename
-
get_format
(current_class)¶ Returns the
DalvikVMFormat
of a givenClassDefItem
.Parameters: current_class – A ClassDefItem
-
get_nb_strings
()¶ Return the total number of strings in all Analysis objects
-
get_objects_apk
(filename=None, digest=None)¶ Returns APK, DalvikVMFormat and Analysis of a specified APK.
You must specify either filename or digest. It is possible to use both, but in this case only digest is used.
example:
s = Session() digest = s.add("some.apk") a, d, dx = s.get_objects_apk(digest=digest)
example:
s = Session() filename = "some.apk" digest = s.add(filename) a, d, dx = s.get_objects_apk(filename=filename)
Parameters: - filename – the filename of the APK file, only used of digest is None
- digest – the sha256 hash, as returned by
add()
for the APK
Returns: a tuple of (APK, [DalvikVMFormat], Analysis)
-
get_objects_dex
()¶ Yields all dex objects inclduing their Analysis objects
Returns: tuple of (sha256, DalvikVMFormat, Analysis)
-
get_strings
()¶ Yields all StringAnalysis for all unique Analysis objects
-
isOpen
()¶ Test if any file was analyzed in this session
Returns: True if any file was analyzed, False otherwise
-
reset
()¶ Reset the current session, delete all added files.
-
show
()¶ Print information to stdout about the current session. Gets all APKs, all DEX files and all Analysis objects.
-
androguard.util module¶
-
androguard.util.
get_certificate_name_string
(name, short=False, delimiter=', ')¶ Format the Name type of a X509 Certificate in a human readable form.
Parameters: - name (dict or
asn1crypto.x509.Name
) – Name object to return the DN from - short (boolean) – Use short form (default: False)
- delimiter (str) – Delimiter string or character between two parts (default: ‘, ‘)
Return type: str
- name (dict or
-
androguard.util.
read
(filename, binary=True)¶ Open and read a file
Parameters: - filename – filename to open and read
- binary – True if the file should be read as binary
Returns: bytes if binary is True, str otherwise