androguard.core.bytecodes package

The bytecodes modules are one very important core feature of Androguard. They contain parsers for APK, AXML, DEX, ODEX and DEY files as well for formats used inside these formats. These might be MUTF-8 for string encoding in DEX files as well as the widely used LEB128 encoding for numbers.

The most important modules might be androguard.core.bytecodes.apk.APK and androguard.core.bytecodes.dvm.DalvikVMFormat.

Submodules

androguard.core.bytecodes.apk module

class androguard.core.bytecodes.apk.APK(filename, raw=False, magic_file=None, skip_analysis=False, testzip=False)

Bases: object

files

Returns a dictionary of filenames and detected magic type

Returns:dictionary of files and their mime type
get_activities()

Return the android:name attribute of all activities

Return type:a list of str
get_all_dex()

Return the raw data of all classes dex files

Return type:a generator of bytes
get_android_manifest_axml()

Return the AXMLPrinter object which corresponds to the AndroidManifest.xml file

Return type:AXMLPrinter
get_android_manifest_xml()

Return the parsed xml object which corresponds to the AndroidManifest.xml file

Return type:Element
get_android_resources()

Return the ARSCParser object which corresponds to the resources.arsc file

Return type:ARSCParser
get_androidversion_code()

Return the android version code

This information is read from the AndroidManifest.xml

Return type:str
get_androidversion_name()

Return the android version name

This information is read from the AndroidManifest.xml

Return type:str
get_app_icon(max_dpi=65536)

Return the first icon file name, which density is not greater than max_dpi, unless exact icon resolution is set in the manifest, in which case return the exact file.

This information is read from the AndroidManifest.xml

From https://developer.android.com/guide/practices/screens_support.html

  • ldpi (low) ~120dpi
  • mdpi (medium) ~160dpi
  • hdpi (high) ~240dpi
  • xhdpi (extra-high) ~320dpi
  • xxhdpi (extra-extra-high) ~480dpi
  • xxxhdpi (extra-extra-extra-high) ~640dpi
Return type:str
get_app_name()

Return the appname of the APK

This name is read from the AndroidManifest.xml

Return type:str
get_certificate(filename)

Return a X.509 certificate object by giving the name in the apk file

Parameters:filename – filename of the signature file in the APK
Returns:a Certificate certificate
get_certificate_der(filename)

Return the DER coded X.509 certificate from the signature file.

Parameters:filename – Signature filename in APK
Returns:DER coded X.509 certificate as binary
get_certificates_der_v2()

Return a list of DER coded X.509 certificates from the v2 signature

get_certificates_v2()

Return a list of cryptography.x509.Certificate which are found in the v2 signing block. Note that we simply extract all certificates regardless of the signer. Therefore this is just a list of all certificates found in all signers.

get_declared_permissions()

Returns list of the declared permissions.

Return type:list of strings
get_declared_permissions_details()

Returns declared permissions with the details.

Return type:dict
get_details_permissions()

Return permissions with details

Return type:dict of {permission: [protectionLevel, label, description]}
get_dex()

Return the raw data of the classes dex file

This will give you the data of the file called classes.dex inside the APK. If the APK has multiple DEX files, you need to use get_all_dex().

Return type:bytes
get_dex_names()

Return the names of all DEX files found in the APK. This method only accounts for “offical” dex files, i.e. all files in the root directory of the APK named classes.dex or classes[0-9]+.dex

Return type:a list of str
get_effective_target_sdk_version()

Return the effective targetSdkVersion, always returns int > 0.

If the targetSdkVersion is not set, it defaults to 1. This is set based on defaults as defined in: https://developer.android.com/guide/topics/manifest/uses-sdk-element.html

Return type:int
get_element(tag_name, attribute, **attribute_filter)

Return element in xml files which match with the tag name and the specific attribute

Parameters:
  • tag_name (string) – specify the tag name
  • attribute (string) – specify the attribute
Return type:

string

get_elements(tag_name, attribute, with_namespace=True)

Return elements in xml files which match with the tag name and the specific attribute

Parameters:
  • tag_name – a string which specify the tag name
  • attribute – a string which specify the attribute
get_features()

Return a list of all android:names found for the tag uses-feature in the AndroidManifest.xml

Returns:list
get_file(filename)

Return the raw data of the specified filename inside the APK

Return type:bytes
get_filename()

Return the filename of the APK

Return type:str
get_files()

Return the file names inside the APK.

Return type:a list of str
get_files_crc32()

Calculates and returns a dictionary of filenames and CRC32

Returns:dict of filename: CRC32
get_files_information()

Return the files inside the APK with their associated types and crc32

Return type:str, str, int
get_files_types()

Return the files inside the APK with their associated types (by using python-magic)

Return type:a dictionnary
get_intent_filters(itemtype, name)

Find intent filters for a given item and name.

Intent filter are attached to activities, services or receivers. You can search for the intent filters of such items and get a dictionary of all attached actions and intent categories.

Parameters:
  • itemtype – the type of parent item to look for, e.g. activity, service or receiver
  • name – the android:name of the parent item, e.g. activity name
Returns:

a dictionary with the keys action and category containing the android:name of those items

get_libraries()

Return the android:name attributes for libraries

Return type:list
get_main_activity()

Return the name of the main activity

This value is read from the AndroidManifest.xml

Return type:str
get_max_sdk_version()

Return the android:maxSdkVersion attribute

Return type:string
get_min_sdk_version()

Return the android:minSdkVersion attribute

Return type:string
get_package()

Return the name of the package

This information is read from the AndroidManifest.xml

Return type:str
get_permissions()

Return permissions

Return type:list of str
get_providers()

Return the android:name attribute of all providers

Return type:a list of string
get_raw()

Return raw bytes of the APK

Return type:bytes
get_receivers()

Return the android:name attribute of all receivers

Return type:a list of string
get_requested_aosp_permissions()

Returns requested permissions declared within AOSP project.

This includes several other permissions as well, which are in the platform apps.

Return type:list of str
get_requested_aosp_permissions_details()

Returns requested aosp permissions with details.

Return type:dictionary
get_requested_permissions = DeprecationWarning(<function APK.get_requested_permissions>,)
get_requested_third_party_permissions()

Returns list of requested permissions not declared within AOSP project.

Return type:list of strings
get_services()

Return the android:name attribute of all services

Return type:a list of str
get_signature()

Return the data of the first signature file found (v1 Signature / JAR Signature)

Return type:First signature name or None if not signed
get_signature_name()

Return the name of the first signature file found.

get_signature_names()

Return a list of the signature file names (v1 Signature / JAR Signature)

Return type:List of filenames matching a Signature
get_signatures()

Return a list of the data of the signature files. Only v1 / JAR Signing.

Return type:list of bytes
get_target_sdk_version()

Return the android:targetSdkVersion attribute

Return type:string
get_uses_implied_permission_list()

Return all permissions implied by the target SDK or other permissions.

Return type:list of string
is_androidtv()

Checks if this application does not require a touchscreen, as this is the rule to get into the TV section of the Play Store See: https://developer.android.com/training/tv/start/start.html for more information.

Returns:True if ‘android.hardware.touchscreen’ is not required, False otherwise
is_leanback()

Checks if this application is build for TV (Leanback support) by checkin if it uses the feature ‘android.software.leanback’

Returns:True if leanback feature is used, false otherwise
is_multidex()

Test if the APK has multiple DEX files

Returns:True if multiple dex found, otherwise False
is_signed()

Returns true if either a v1 or v2 (or both) signature was found.

is_signed_v1()

Returns true if a v1 / JAR signature was found.

Returning True does not mean that the file is properly signed! It just says that there is a signature file which needs to be validated.

is_signed_v2()

Returns true of a v2 / APK signature was found.

Returning True does not mean that the file is properly signed! It just says that there is a signature file which needs to be validated.

is_valid_APK()

Return true if the APK is valid, false otherwise. An APK is seen as valid, if the AndroidManifest.xml could be successful parsed. This does not mean that the APK has a valid signature nor that the APK can be installed on an Android system.

Return type:boolean
is_wearable()

Checks if this application is build for wearables by checking if it uses the feature ‘android.hardware.type.watch’ See: https://developer.android.com/training/wearables/apps/creating.html for more information.

Not every app is setting this feature (not even the example Google provides), so it might be wise to not 100% rely on this feature.

Returns:True if wearable, False otherwise
new_zip(filename, deleted_files=None, new_files={})

Create a new zip file

Parameters:
  • filename (string) – the output filename of the zip
  • deleted_files (None or a string) – a regex pattern to remove specific file
  • new_files (a dictionnary (key:filename, value:content of the file)) – a dictionnary of new files
show()
exception androguard.core.bytecodes.apk.BrokenAPKError

Bases: androguard.core.bytecodes.apk.Error

exception androguard.core.bytecodes.apk.Error

Bases: Exception

Base class for exceptions in this module.

exception androguard.core.bytecodes.apk.FileNotPresent

Bases: androguard.core.bytecodes.apk.Error

androguard.core.bytecodes.apk.parse_lxml_dom(tree)
androguard.core.bytecodes.apk.show_Certificate(cert, short=False)

Print Fingerprints, Issuer and Subject of an X509 Certificate.

Parameters:
  • cert (cryptography.x509.Certificate) – X509 Certificate to print
  • short (Boolean) – Print in shortform for DN (Default: False)

androguard.core.bytecodes.dvm module

class androguard.core.bytecodes.dvm.AnnotationElement(buff, cm)

Bases: object

This class can parse an annotation_element of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_element
  • cm (ClassManager) – a ClassManager object
get_length()
get_name_idx()

Return the element name, represented as an index into the string_ids section

Return type:int
get_obj()
get_raw()
get_value()

Return the element value (EncodedValue)

Return type:a EncodedValue object
show()
class androguard.core.bytecodes.dvm.AnnotationItem(buff, cm)

Bases: object

This class can parse an annotation_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_item
  • cm (ClassManager) – a ClassManager object
get_annotation()

Return the encoded annotation contents

Return type:a EncodedAnnotation object
get_length()
get_obj()
get_off()
get_raw()
get_visibility()

Return the intended visibility of this annotation

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationOffItem(buff, cm)

Bases: object

This class can parse an annotation_off_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_off_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
show()
class androguard.core.bytecodes.dvm.AnnotationSetItem(buff, cm)

Bases: object

This class can parse an annotation_set_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_item
  • cm (ClassManager) – a ClassManager object
get_annotation_off_item()

Return the offset from the start of the file to an annotation

Return type:a list of AnnotationOffItem
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationSetRefItem(buff, cm)

Bases: object

This class can parse an annotation_set_ref_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_item
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the referenced annotation set or 0 if there are no annotations for this element.

Return type:int
get_obj()
get_raw()
show()
class androguard.core.bytecodes.dvm.AnnotationSetRefList(buff, cm)

Bases: object

This class can parse an annotation_set_ref_list_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotation_set_ref_list_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return elements of the list

Return type:AnnotationSetRefItem
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.AnnotationsDirectoryItem(buff, cm)

Bases: object

This class can parse an annotations_directory_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the annotations_directory_item
  • cm (ClassManager) – a ClassManager object
get_annotated_fields_size()

Return the count of fields annotated by this item

Return type:int
get_annotated_methods_size()

Return the count of methods annotated by this item

Return type:int
get_annotated_parameters_size()

Return the count of method parameter lists annotated by this item

Return type:int
get_class_annotations_off()

Return the offset from the start of the file to the annotations made directly on the class, or 0 if the class has no direct annotations

Return type:int
get_field_annotations()

Return the list of associated field annotations

Return type:a list of FieldAnnotation
get_length()
get_method_annotations()

Return the list of associated method annotations

Return type:a list of MethodAnnotation
get_obj()
get_off()
get_parameter_annotations()

Return the list of associated method parameter annotations

Return type:a list of ParameterAnnotation
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ClassDataItem(buff, cm)

Bases: object

This class can parse a class_data_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the class_data_item
  • cm (ClassManager) – a ClassManager object
get_direct_methods()

Return the defined direct (any of static, private, or constructor) methods, represented as a sequence of encoded elements

Return type:a list of EncodedMethod objects
get_direct_methods_size()

Return the number of direct methods defined in this item

Return type:int
get_fields()

Return static and instance fields

Return type:a list of EncodedField objects
get_instance_fields()

Return the defined instance fields, represented as a sequence of encoded elements

Return type:a list of EncodedField objects
get_instance_fields_size()

Return the number of instance fields defined in this item

Return type:int
get_length()
get_methods()

Return direct and virtual methods

Return type:a list of EncodedMethod objects
get_obj()
get_off()
get_raw()
get_static_fields()

Return the defined static fields, represented as a sequence of encoded elements

Return type:a list of EncodedField objects
get_static_fields_size()

Return the number of static fields defined in this item

Return type:int
get_virtual_methods()

Return the defined virtual (none of static, private, or constructor) methods, represented as a sequence of encoded elements

Return type:a list of EncodedMethod objects
get_virtual_methods_size()

Return the number of virtual methods defined in this item

Return type:int
reload()
set_off(off)
set_static_fields(value)
show()
class androguard.core.bytecodes.dvm.ClassDefItem(buff, cm)

Bases: object

This class can parse a class_def_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the class_def_item
  • cm (ClassManager) – a ClassManager object
get_access_flags()

Return the access flags for the class (public, final, etc.)

Return type:int
get_access_flags_string()

Return the access flags string of the class

Return type:string
get_annotations_off()

Return the offset from the start of the file to the annotations structure for this class, or 0 if there are no annotations on this class.

Return type:int
get_ast()
get_class_data()

Return the associated class_data_item

Return type:a ClassDataItem object
get_class_data_off()

Return the offset from the start of the file to the associated class data for this item, or 0 if there is no class data for this class

Return type:int
get_class_idx()

Return the index into the type_ids list for this class

Return type:int
get_fields()

Return all fields of this class

Return type:a list of EncodedField objects
get_interfaces()

Return the name of the interface

Return type:string
get_interfaces_off()

Return the offset from the start of the file to the list of interfaces, or 0 if there are none

Return type:int
get_length()
get_methods()

Return all methods of this class

Return type:a list of EncodedMethod objects
get_name()

Return the name of this class

Return type:int
get_obj()
get_raw()
get_source()
get_source_ext()
get_source_file_idx()

Return the index into the string_ids list for the name of the file containing the original source for (at least most of) this class, or the special value NO_INDEX to represent a lack of this information

Return type:int
get_static_values_off()

Return the offset from the start of the file to the list of initial values for static fields, or 0 if there are none (and all static fields are to be initialized with 0 or null)

Return type:int
get_superclass_idx()

Return the index into the type_ids list for the superclass

Return type:int
get_superclassname()

Return the name of the super class

Return type:string
reload()
set_name(value)
show()
source()

Return the source code of the entire class

Return type:string
class androguard.core.bytecodes.dvm.ClassHDefItem(size, buff, cm)

Bases: object

This class can parse a list of class_def_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of class_def_item
  • cm (ClassManager) – a ClassManager object
get_class_idx(idx)
get_length()
get_method(name_class, name_method)
get_names()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ClassManager(vm, config)

Bases: object

This class is used to access to all elements (strings, type, proto …) of the dex format

add_type_item(type_item, c_item, item)
get_all_engine()
get_ascii_string(s)
get_class_data_item(off)
get_code(idx)
get_debug_off(off)
get_encoded_array_item(off)
get_engine()
get_field(idx)
get_field_ref(idx)
get_item_by_offset(offset)
get_lazy_analysis()
get_method(idx)
get_method_ref(idx)
get_next_offset_item(idx)
get_obj_by_offset(offset)
get_odex_format()
get_proto(idx)
get_raw_string(idx)
get_string(idx)
get_string_by_offset(offset)
get_type(idx)
get_type_list(off)
get_type_ref(idx)
set_decompiler(decompiler)
set_hook_class_name(class_def, value)
set_hook_field_name(encoded_field, value)
set_hook_method_name(encoded_method, value)
set_hook_string(idx, value)
class androguard.core.bytecodes.dvm.CodeItem(size, buff, cm)

Bases: object

get_code(off)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ConstString(orig_ins, value)

Bases: androguard.core.bytecodes.dvm.Instruction21c

Simulate a const-string instruction.

get_operands(idx=-1)

Return all operands

Return type:list
get_raw_string()
class androguard.core.bytecodes.dvm.DBGBytecode(cm, op_value)

Bases: object

add(value, ttype)
get_obj()
get_op_value()
get_raw()
get_value()
show()
class androguard.core.bytecodes.dvm.DCode(class_manager, offset, size, buff)

Bases: object

This class represents the instructions of a method

Parameters:
  • class_manager (ClassManager object) – the ClassManager
  • offset (int) – the offset of the buffer
  • size (int) – the total size of the buffer
  • buff (string) – a raw buffer where are the instructions
add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
get_ins_off(off)

Get a particular instruction by using the address

Parameters:off (int) – address of the instruction
Return type:an Instruction object
get_insn()

Get the insn buffer

Return type:string
get_instruction(idx, off=None)

Get a particular instruction by using (default) the index of the address if specified

Parameters:
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
Return type:

an Instruction object

get_instructions()

Get the instructions

Return type:a generator of each Instruction (or a cached list of instructions if you have setup instructions)
get_length()

Return the length of this object

Return type:int
get_raw()

Return the raw buffer of this object

Return type:bytearray
is_cached_instructions()
off_to_pos(off)

Get the position of an instruction by using the address

Parameters:off (int) – address of the instruction
Return type:int
reload()
set_idx(idx)

Set the start address of the buffer

Parameters:idx (int) – the index
set_insn(insn)

Set a new raw buffer to disassemble

Parameters:insn (string) – the buffer
set_instructions(instructions)

Set the instructions

Parameters:instructions (a list of Instruction) – the list of instructions
show()

Display (with a pretty print) this object

class androguard.core.bytecodes.dvm.DalvikCode(buff, cm)

Bases: object

This class represents the instructions of a method

Parameters:
  • buff (string) – a raw buffer where are the instructions
  • cm (ClassManager object) – the ClassManager
add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
get_bc()

Return the associated code object

Return type:DCode
get_debug()

Return the associated debug object

Return type:DebugInfoItem
get_debug_info_off()

Get the offset from the start of the file to the debug info (line numbers + local variable info) sequence for this code, or 0 if there simply is no information

Return type:int
get_handlers()

Get the bytes representing a list of lists of catch types and associated handler addresses.

Return type:EncodedCatchHandlerList
get_ins_size()

Get the number of words of incoming arguments to the method that this code is for

Return type:int
get_insns_size()

Get the size of the instructions list, in 16-bit code units

Return type:int
get_instruction(idx, off=None)
get_length()
get_obj()
get_off()
get_outs_size()

Get the number of words of outgoing argument space required by this code for method invocation

Return type:int
get_raw()

Get the reconstructed code as bytearray

Return type:bytearray
get_registers_size()

Get the number of registers used by this code

Return type:int
get_size()
get_tries()

Get the array indicating where in the code exceptions are caught and how to handle them

Return type:a list of TryItem objects
get_tries_size()

Get the number of TryItem for this instance

Return type:int
reload()
set_idx(idx)
set_off(off)
show()
class androguard.core.bytecodes.dvm.DalvikOdexVMFormat(buff, decompiler=None, config=None, using_api=None)

Bases: androguard.core.bytecodes.dvm.DalvikVMFormat

This class can parse an odex file

Parameters:
  • buff (string) – a string which represents the odex file
  • decompiler (object) – associate a decompiler object to display the java source code
Example:

DalvikOdexVMFormat( read(“classes.odex”) )

get_buff()
get_dependencies()

Return the odex dependencies object

Return type:an OdexDependencies object
get_format_type()

Return the type

Return type:a string
save()

Do not use !

class androguard.core.bytecodes.dvm.DalvikVMFormat(buff, decompiler=None, config=None, using_api=None)

Bases: androguard.core.bytecode._Bytecode

This class can parse a classes.dex file of an Android application (APK).

Parameters:
  • buff (string) – a string which represents the classes.dex file
  • decompiler (object) – associate a decompiler object to display the java source code
Example:

DalvikVMFormat( read(“classes.dex”) )

colorize_operands(operands, colors)
create_python_export()

Export classes/methods/fields’ names in the python namespace

disassemble(offset, size)

Disassembles a given offset in the DEX file

Parameters:
  • offset (int) – offset to disassemble in the file (from the beginning of the file)
  • size
fix_checksums(buff)

Fix a dex format buffer by setting all checksums

Return type:string
get_BRANCH_DVM_OPCODES()
get_all_fields()

Return a list of field items

Return type:a list of FieldIdItem objects
get_api_version()

This method returns api version that should be used for loading api specific resources.

Return type:int
get_class(name)

Return a specific class

Parameters:name – the name of the class
Return type:a ClassDefItem object
get_class_manager()

This function returns a ClassManager object which allow you to get access to all index references (strings, methods, fields, ….)

Return type:ClassManager object
get_classes()

Return all classes

Return type:a list of ClassDefItem objects
get_classes_def_item()

This function returns the class def item

Return type:ClassHDefItem object
get_classes_names(update=False)

Return the names of classes

Parameters:update – True indicates to recompute the list. Maybe needed after using a MyClass.set_name().
Return type:a list of string
get_cm_field(idx)

Get a specific field by using an index

Parameters:idx (int) – index of the field
get_cm_method(idx)

Get a specific method by using an index

Parameters:idx (int) – index of the method
get_cm_string(idx)

Get a specific string by using an index

Parameters:idx (int) – index of the string
get_cm_type(idx)

Get a specific type by using an index

Parameters:idx (int) – index of the type
get_codes_item()

This function returns the code item

Return type:CodeItem object
get_debug_info_item()

This function returns the debug info item

Return type:DebugInfoItem object
get_determineException()
get_determineNext()
get_field(name)

Return a list all fields which corresponds to the regexp

Parameters:name – the name of the field (a python regexp)
Return type:a list with all EncodedField objects
get_field_descriptor(class_name, field_name, descriptor)

Return the specific field

Parameters:
  • class_name (string) – the class name of the field
  • field_name (string) – the name of the field
  • descriptor (string) – the descriptor of the field
Return type:

None or a EncodedField object

get_fields()

Return all field objects

Return type:a list of EncodedField objects
get_fields_class(class_name)

Return all fields of a specific class

Parameters:class_name (string) – the class name
Return type:a list with EncodedField objects
get_fields_id_item()

This function returns the field id item

Return type:FieldHIdItem object
get_format()
get_format_type()

Return the type

Return type:a string
get_header_item()

This function returns the header item

Return type:HeaderItem object
get_len_methods()

Return the number of methods

Return type:int
get_method(name)

Return a list all methods which corresponds to the regexp

Parameters:name – the name of the method (a python regexp)
Return type:a list with all EncodedMethod objects
get_method_by_idx(idx)

Return a specific method by using an index :param idx: the index of the method :type idx: int

Return type:None or an EncodedMethod object
get_method_descriptor(class_name, method_name, descriptor)

Return the specific method

Parameters:
  • class_name (string) – the class name of the method
  • method_name (string) – the name of the method
  • descriptor (string) – the descriptor of the method
Return type:

None or a EncodedMethod object

get_methods()

Return all method objects

Return type:a list of EncodedMethod objects
get_methods_class(class_name)

Return all methods of a specific class

Parameters:class_name (string) – the class name
Return type:a list with EncodedMethod objects
get_methods_descriptor(class_name, method_name)

Return the specific methods of the class

Parameters:
  • class_name (string) – the class name of the method
  • method_name (string) – the name of the method
Return type:

None or a EncodedMethod object

get_methods_id_item()

This function returns the method id item

Return type:MethodHIdItem object
get_operand_html(operand, registers_colors, colors, escape_fct, wrap_fct)
get_regex_strings(regular_expressions)

Return all target strings matched the regex

Parameters:regular_expressions (string) – the python regex
Return type:a list of strings matching the regex expression
get_string_data_item()

This function returns the string data item

Return type:StringDataItem object
get_strings()

Return all strings

The strings will have escaped surrogates, if only a single high or low surrogate is found. Complete surrogates are put together into the representing 32bit character.

Return type:a list with all strings used in the format (types, names …)
get_strings_unicode()

Return all strings

This method will return pure UTF-16 strings. This is the “exact” same string as used in Java. Those strings can be problematic for python, as they can contain surrogates as well as “broken” surrogate pairs, ie single high or low surrogates. Such a string can for example not be printed. To avoid such problems, there is an escape mechanism to detect such lonely surrogates and escape them in the string. Of course, this results in a different string than in the Java Source!

Use get_strings() as a general purpose and get_strings_unicode() if you require the exact string from the Java Source. You can always escape the string from get_strings_unicode() using the function androguard.core.bytecodes.mutf8.patch_string()

Return type:a list with all strings used in the format (types, names …)
get_vmanalysis()

The Analysis Object should contain all the information required, inclduing the DalvikVMFormats.

list_classes_hierarchy()
print_classes_hierarchy()
save()

Return the dex (with the modifications) into raw format (fix checksums) (beta: do not use !)

Return type:string
set_decompiler(decompiler)
set_vmanalysis(analysis)

The Analysis Object should contain all the information required, inclduing the DalvikVMFormats.

show()

Show the all information in the object

class androguard.core.bytecodes.dvm.DebugInfoItem(buff, cm)

Bases: object

get_bytecodes()
get_line_start()
get_off()
get_parameter_names()
get_parameters_size()
get_raw()
get_translated_parameter_names()
reload()
show()
class androguard.core.bytecodes.dvm.DebugInfoItemEmpty(buff, cm)

Bases: object

get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedAnnotation(buff, cm)

Bases: object

This class can parse an encoded_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_annotation
  • cm (ClassManager) – a ClassManager object
get_elements()

Return the elements of the annotation, represented directly in-line (not as offsets)

Return type:a list of AnnotationElement objects
get_length()
get_obj()
get_raw()
get_size()

Return the number of name-value mappings in this annotation

:rtype:int

get_type_idx()

Return the type of the annotation. This must be a class (not array or primitive) type

Return type:int
show()
class androguard.core.bytecodes.dvm.EncodedArray(buff, cm)

Bases: object

This class can parse an encoded_array of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_array
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_size()

Return the number of elements in the array

Return type:int
get_values()

Return a series of size encoded_value byte sequences in the format specified by this section, concatenated sequentially

Return type:a list of EncodedValue objects
show()
class androguard.core.bytecodes.dvm.EncodedArrayItem(buff, cm)

Bases: object

This class can parse an encoded_array_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_array_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
get_value()

Return the bytes representing the encoded array value

Return type:a EncodedArray object
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedCatchHandler(buff, cm)

Bases: object

This class can parse an encoded_catch_handler of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler
  • cm (ClassManager) – a ClassManager object
get_catch_all_addr()

Return the bytecode address of the catch-all handler. This element is only present if size is non-positive.

Return type:int
get_handlers()

Return the stream of abs(size) encoded items, one for each caught type, in the order that the types should be tested.

Return type:a list of EncodedTypeAddrPair objects
get_length()
get_off()
get_raw()
Return type:bytearray
get_size()

Return the number of catch types in this list

Return type:int
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedCatchHandlerList(buff, cm)

Bases: object

This class can parse an encoded_catch_handler_list of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_catch_handler_list
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return the actual list of handler lists, represented directly (not as offsets), and concatenated sequentially

Return type:a list of EncodedCatchHandler objects
get_obj()
get_off()
get_raw()
Return type:bytearray
get_size()

Return the size of this list, in entries

Return type:int
set_off(off)
show()
class androguard.core.bytecodes.dvm.EncodedField(buff, cm)

Bases: object

This class can parse an encoded_field of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded field
  • cm (ClassManager) – a ClassManager object
adjust_idx(val)
get_access_flags()

Return the access flags of the field

Return type:int
get_access_flags_string()

Return the access flags string of the field

Return type:string
get_class_name()

Return the class name of the field

Return type:string
get_descriptor()

Return the descriptor of the field

The descriptor of a field is the type of the field.

Return type:string
get_field_idx()

Return the real index of the method

Return type:int
get_field_idx_diff()

Return the index into the field_ids list for the identity of this field (includes the name and descriptor), represented as a difference from the index of previous element in the list

Return type:int
get_init_value()

Return the init value object of the field

Return type:EncodedValue
get_name()

Return the name of the field

Return type:string
get_obj()
get_raw()
get_size()
load()
reload()
set_init_value(value)

Setup the init value object of the field

Parameters:value (EncodedValue) – the init value
set_name(value)
show()

Display the information (with a pretty print) about the field

class androguard.core.bytecodes.dvm.EncodedMethod(buff, cm)

Bases: object

This class can parse an encoded_method of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_method
  • cm (ClassManager) – a ClassManager object
access_flags = None

access flags of the method

add_inote(msg, idx, off=None)

Add a message to a specific instruction by using (default) the index of the address if specified

Parameters:
  • msg (string) – the message
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
add_note(msg)

Add a message to this method

Parameters:msg (string) – the message
adjust_idx(val)
code_off = None

offset of the code section

each_params_by_register(nb, proto)

From the Dalvik Bytecode documentation:

> The N arguments to a method land in the last N registers > of the method’s invocation frame, in order. > Wide arguments consume two registers. > Instance methods are passed a this reference as their first argument.

This method will print a description of the register usage to stdout.

Parameters:
  • nb – number of registers
  • proto – descriptor of method
get_access_flags()

Return the access flags of the method

Return type:int
get_access_flags_string()

Return the access flags string of the method

A description of all access flags can be found here: https://source.android.com/devices/tech/dalvik/dex-format#access-flags

Return type:string
get_address()

Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native

Return type:int
get_class_name()

Return the class name of the method

Return type:string
get_code()

Return the code object associated to the method

Return type:DalvikCode object or None if no Code
get_code_off()

Return the offset from the start of the file to the code structure for this method, or 0 if this method is either abstract or native

Return type:int
get_debug()

Return the debug object associated to this method

Return type:DebugInfoItem
get_descriptor()

Return the descriptor of the method A method descriptor will have the form (A A A …)R Where A are the arguments to the method and R is the return type. Basic types will have the short form, i.e. I for integer, V for void and class types will be named like a classname, e.g. Ljava/lang/String;.

Typical descriptors will look like this: ` (I)I   // one integer argument, integer return (C)Z   // one char argument, boolean as return (Ljava/lang/CharSequence; I)I   // CharSequence and integer as argyument, integer as return (C)Ljava/lang/String;  // char as argument, String as return. `

More information about type descriptors are found here: https://source.android.com/devices/tech/dalvik/dex-format#typedescriptor

Return type:string
get_information()
get_instruction(idx, off=None)

Get a particular instruction by using (default) the index of the address if specified

Parameters:
  • idx (int) – index of the instruction (the position in the list of the instruction)
  • off (int) – address of the instruction
Return type:

an Instruction object

get_instructions()

Get the instructions

Return type:a generator of each Instruction (or a cached list of instructions if you have setup instructions)
get_length()

Return the length of the associated code of the method

Return type:int
get_locals()
get_method_idx()

Return the real index of the method

Return type:int
get_method_idx_diff()

Return index into the method_ids list for the identity of this method (includes the name and descriptor), represented as a difference from the index of previous element in the lis

Return type:int
get_name()

Return the name of the method

Return type:string
get_raw()
get_size()
get_source()
get_triple()
is_cached_instructions()
load()
method_idx_diff = None

method index diff in the corresponding section

reload()
set_code_idx(idx)

Set the start address of the buffer to disassemble

Parameters:idx (int) – the index
set_instructions(instructions)

Set the instructions

Parameters:instructions (a list of Instruction) – the list of instructions
set_name(value)
show()

Display the information (with a pretty print) about the method

show_info()

Display the basic information about the method

show_notes()

Display the notes about the method

source()

Return the source code of this method

Return type:string
class androguard.core.bytecodes.dvm.EncodedTypeAddrPair(buff)

Bases: object

This class can parse an encoded_type_addr_pair of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_type_addr_pair
  • cm (ClassManager) – a ClassManager object
get_addr()

Return the bytecode address of the associated exception handler

Return type:int
get_length()
get_obj()
get_raw()
get_type_idx()

Return the index into the type_ids list for the type of the exception to catch

Return type:int
show()
class androguard.core.bytecodes.dvm.EncodedValue(buff, cm)

Bases: object

This class can parse an encoded_value of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the encoded_value
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_value()

Return the bytes representing the value, variable in length and interpreted differently for different value_type bytes, though always little-endian

Return type:an object representing the value
get_value_arg()
get_value_type()
show()
exception androguard.core.bytecodes.dvm.Error

Bases: Exception

Base class for exceptions in this module.

class androguard.core.bytecodes.dvm.ExportObject

Bases: object

class androguard.core.bytecodes.dvm.FakeNop(length)

Bases: androguard.core.bytecodes.dvm.Instruction10x

Simulate a nop instruction.

get_length()

Return the length of the instruction

Return type:int
class androguard.core.bytecodes.dvm.FieldAnnotation(buff, cm)

Bases: object

This class can parse a field_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the field_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the field

Return type:int
get_field_idx()

Return the index into the field_ids list for the identity of the field being annotated

Return type:int
get_length()
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.FieldHIdItem(size, buff, cm)

Bases: object

This class can parse a list of field_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of field_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
gets()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.FieldIdItem(buff, cm)

Bases: object

This class can parse a field_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the field_id_item
  • cm (ClassManager) – a ClassManager object
get_class_idx()

Return the index into the type_ids list for the definer of this field

Return type:int
get_class_name()

Return the class name of the field

Return type:string
get_descriptor()

Return the descriptor of the field

Return type:string
get_length()
get_list()
get_name()

Return the name of the field

Return type:string
get_name_idx()

Return the index into the string_ids list for the name of this field

Return type:int
get_obj()
get_raw()
get_type()

Return the type of the field

Return type:string
get_type_idx()

Return the index into the type_ids list for the type of this field

Return type:int
reload()
show()
class androguard.core.bytecodes.dvm.FieldIdItemInvalid

Bases: object

get_class_name()
get_descriptor()
get_list()
get_name()
get_type()
show()
class androguard.core.bytecodes.dvm.FillArrayData(buff)

Bases: object

This class can parse a FillArrayData instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_data()

Return the data of this instruction (the payload)

Return type:string
get_formatted_operands()
get_hex()
get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.HeaderItem(size, buff, cm)

Bases: object

This class can parse an header_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the header_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.Instruction

Bases: object

This class represents a dalvik instruction

get_formatted_operands()
get_hex()
get_kind()

Return the ‘kind’ argument of the instruction

Return type:int
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_name()

Return the name of the instruction

Return type:string
get_op_value()

Return the value of the opcode

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_translated_kind()

Return the translated value of the ‘kind’ argument

Return type:string
show(idx)

Print the instruction

show_buff(idx)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.Instruction10t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 10t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction10x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 10x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction11n(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 11n format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction11x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 11x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction12x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 12x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction20bc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 20bc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction20t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 20t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction21c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_raw_string()
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_string()
class androguard.core.bytecodes.dvm.Instruction21h(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21h format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction21s(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21s format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction21t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 21t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction22b(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22b format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction22c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction22cs(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22cs format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction22s(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22s format

get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction22t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction22x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 22x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction23x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 23x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction30t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 30t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction31c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 31c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_raw_string()
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
get_string()

Return the string associated to the ‘kind’ argument

Return type:string
class androguard.core.bytecodes.dvm.Instruction31i(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3li format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction31t(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 31t format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_off()
class androguard.core.bytecodes.dvm.Instruction32x(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 32x format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction35c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction35mi(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35mi format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction35ms(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 35ms format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rmi(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rmi format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction3rms(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 3rms format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction40sc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 40sc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction41c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 41c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction51l(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 51l format

get_formatted_operands()
get_length()

Return the length of the instruction

Return type:int
get_literals()

Return the associated literals

Return type:list of int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
class androguard.core.bytecodes.dvm.Instruction52c(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 52c format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.Instruction5rc(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents all instructions which have the 5rc format

get_length()

Return the length of the instruction

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
get_ref_kind()

Return the value of the ‘kind’ argument

Return type:value
class androguard.core.bytecodes.dvm.InstructionInvalid(cm, buff)

Bases: androguard.core.bytecodes.dvm.Instruction

This class represents an invalid instruction

get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
exception androguard.core.bytecodes.dvm.InvalidInstruction

Bases: androguard.core.bytecodes.dvm.Error

class androguard.core.bytecodes.dvm.LinearSweepAlgorithm

Bases: object

This class is used to disassemble a method. The algorithm used by this class is linear sweep.

get_instructions(cm, size, insn, idx)
Parameters:
  • cm (ClassManager object) – a ClassManager object
  • size (int) – the total size of the buffer
  • insn (string) – a raw buffer where are the instructions
  • idx (int) – a start address in the buffer
Return type:

a generator of Instruction objects

class androguard.core.bytecodes.dvm.MapItem(buff, cm)

Bases: object

get_item()
get_length()
get_obj()
get_off()
get_offset()
get_raw()
get_size()
get_type()
parse()
reload()
set_item(item)
show()
class androguard.core.bytecodes.dvm.MapList(cm, off, buff)

Bases: object

This class can parse the “map_list” of the dex format

https://source.android.com/devices/tech/dalvik/dex-format#map-list

get_class_manager()
get_item_type(ttype)

Get a particular item type

Parameters:ttype – a string which represents the desired type
Return type:None or the item object
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()

Print with a pretty display the MapList object

class androguard.core.bytecodes.dvm.MethodAnnotation(buff, cm)

Bases: object

This class can parse a method_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the method_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the method

Return type:int
get_length()
get_method_idx()

Return the index into the method_ids list for the identity of the method being annotated

Return type:int
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.MethodHIdItem(size, buff, cm)

Bases: object

This class can parse a list of method_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of method_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.MethodIdItem(buff, cm)

Bases: object

This class can parse a method_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the method_id_item
  • cm (ClassManager) – a ClassManager object
get_class_idx()

Return the index into the type_ids list for the definer of this method

Return type:int
get_class_name()

Return the class name of the method

Return type:string
get_descriptor()

Return the descriptor

Return type:string
get_length()
get_list()
get_name()

Return the name of the method

Return type:string
get_name_idx()

Return the index into the string_ids list for the name of this method

Return type:int
get_obj()
get_proto()

Return the prototype of the method

Return type:string
get_proto_idx()

Return the index into the proto_ids list for the prototype of this method

Return type:int
get_raw()
get_real_descriptor()

Return the real descriptor (i.e. without extra spaces)

Return type:string
get_triple()
reload()
show()
class androguard.core.bytecodes.dvm.MethodIdItemInvalid

Bases: object

get_class_name()
get_descriptor()
get_list()
get_name()
get_proto()
show()
class androguard.core.bytecodes.dvm.OdexDependencies(buff)

Bases: object

This class can parse the odex dependencies

Parameters:buff – a Buff object string which represents the odex dependencies
get_dependencies()

Return the list of dependencies

Return type:a list of strings
get_raw()
class androguard.core.bytecodes.dvm.OdexHeaderItem(buff)

Bases: object

This class can parse the odex header

Parameters:buff – a Buff object string which represents the odex dependencies
get_raw()
show()
class androguard.core.bytecodes.dvm.OffObj(o)

Bases: object

class androguard.core.bytecodes.dvm.PackedSwitch(buff)

Bases: object

This class can parse a PackedSwitch instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_formatted_operands()
get_hex()
get_keys()

Return the keys of the instruction

Return type:a list of long
get_length()
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)

Return an additional output of the instruction

Return type:string
get_output(idx=-1)

Return an additional output of the instruction

rtype:string
get_raw()
get_targets()

Return the targets (address) of the instruction

Return type:a list of long
get_values()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.ParameterAnnotation(buff, cm)

Bases: object

This class can parse a parameter_annotation of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the parameter_annotation
  • cm (ClassManager) – a ClassManager object
get_annotations_off()

Return the offset from the start of the file to the list of annotations for the method parameters

Return type:int
get_length()
get_method_idx()

Return the index into the method_ids list for the identity of the method whose parameters are being annotated

Return type:int
get_obj()
get_off()
get_raw()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ProtoHIdItem(size, buff, cm)

Bases: object

This class can parse a list of proto_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of proto_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.ProtoIdItem(buff, cm)

Bases: object

This class can parse a proto_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the proto_id_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_parameters_off()

Return the offset from the start of the file to the list of parameter types for this prototype, or 0 if this prototype has no parameters

Return type:int
get_parameters_off_value()

Return the string associated to the parameters_off

Return type:string
get_raw()
get_return_type_idx()

Return the index into the type_ids list for the return type of this prototype

Return type:int
get_return_type_idx_value()

Return the string associated to the return_type_idx

Return type:string
get_shorty_idx()

Return the index into the string_ids list for the short-form descriptor string of this prototype

Return type:int
get_shorty_idx_value()

Return the string associated to the shorty_idx

Return type:string
reload()
show()
class androguard.core.bytecodes.dvm.ProtoIdItemInvalid

Bases: object

get_params()
get_return_type()
get_shorty()
show()
class androguard.core.bytecodes.dvm.SparseSwitch(buff)

Bases: object

This class can parse a SparseSwitch instruction

Parameters:buff – a Buff object which represents a buffer where the instruction is stored
add_note(msg)

Add a note to this instruction

Parameters:msg (objects (string)) – the message
get_formatted_operands()
get_hex()
get_keys()

Return the keys of the instruction

Return type:a list of long
get_length()
get_name()

Return the name of the instruction

Return type:string
get_notes()

Get all notes from this instruction

Return type:a list of objects
get_op_value()

Get the value of the opcode

Return type:int
get_operands(idx=-1)

Return an additional output of the instruction

Return type:string
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()
get_targets()

Return the targets (address) of the instruction

Return type:a list of long
get_values()
show(pos)

Print the instruction

show_buff(pos)

Return the display of the instruction

Return type:string
class androguard.core.bytecodes.dvm.StringDataItem(buff, cm)

Bases: object

This class can parse a string_data_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the string_data_item
  • cm (ClassManager) – a ClassManager object
get()

Returns a printable string. In this case, all lonely surrogates are escaped, thus are represented in the string as 6 characters: ud853 Valid surrogates are encoded as 32bit values, ie. 𤽜.

get_data()

Return a series of MUTF-8 code units (a.k.a. octets, a.k.a. bytes) followed by a byte of value 0

Return type:string
get_length()

Get the length of the raw string including the ULEB128 coded length and the null byte terminator

Returns:int
get_obj()
get_off()
get_raw()

Returns the raw string including the ULEB128 coded length and null byte string terminator

Returns:bytes
get_unicode()

Returns an Unicode String This is the actual string. Beware that some strings might be not decodeable with usual UTF-16 decoder, as they use surrogates that are not supported by python.

get_utf16_size()

Return the size of this string, in UTF-16 code units

:rtype:int

reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.StringIdItem(buff, cm)

Bases: object

This class can parse a string_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the string_id_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_off()
get_raw()
get_string_data_off()

Return the offset from the start of the file to the string data for this item

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.TryItem(buff, cm)

Bases: object

This class represents the try_item format

Parameters:
  • buff (string) – a raw buffer where are the try_item format
  • cm (ClassManager object) – the ClassManager
get_handler_off()

Get the offset in bytes from the start of the associated EncodedCatchHandlerList to the EncodedCatchHandler for this entry.

Return type:int
get_insn_count()

Get the number of 16-bit code units covered by this entry

Return type:int
get_length()
get_off()
get_raw()
get_start_addr()

Get the start address of the block of code covered by this entry. The address is a count of 16-bit code units to the start of the first covered instruction.

Return type:int
set_off(off)
class androguard.core.bytecodes.dvm.TypeHIdItem(size, buff, cm)

Bases: object

This class can parse a list of type_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the list of type_id_item
  • cm (ClassManager) – a ClassManager object
get(idx)
get_length()
get_obj()
get_off()
get_raw()
get_type()

Return the list of type_id_item

Return type:a list of TypeIdItem objects
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.TypeIdItem(buff, cm)

Bases: object

This class can parse a type_id_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_id_item
  • cm (ClassManager) – a ClassManager object
get_descriptor_idx()

Return the index into the string_ids list for the descriptor string of this type

Return type:int
get_descriptor_idx_value()

Return the string associated to the descriptor

Return type:string
get_length()
get_obj()
get_raw()
reload()
show()
class androguard.core.bytecodes.dvm.TypeItem(buff, cm)

Bases: object

This class can parse a type_item of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_item
  • cm (ClassManager) – a ClassManager object
get_length()
get_obj()
get_raw()
get_string()

Return the type string

Return type:string
get_type_idx()

Return the index into the type_ids list

Return type:int
show()
class androguard.core.bytecodes.dvm.TypeList(buff, cm)

Bases: object

This class can parse a type_list of a dex file

Parameters:
  • buff (Buff object) – a string which represents a Buff object of the type_list
  • cm (ClassManager) – a ClassManager object
get_length()
get_list()

Return the list of TypeItem

Return type:a list of TypeItem objects
get_obj()
get_off()
get_pad()

Return the alignment string

Return type:string
get_raw()
get_size()

Return the size of the list, in entries

Return type:int
get_string()

Return the concatenation of all strings

Return type:string
get_type_list_off()

Return the offset of the item

Return type:int
reload()
set_off(off)
show()
class androguard.core.bytecodes.dvm.Unresolved(cm, data)

Bases: androguard.core.bytecodes.dvm.Instruction

get_length()

Return the length of the instruction

Return type:int
get_name()

Return the name of the instruction

Return type:string
get_op_value()

Return the value of the opcode

Return type:int
get_operands(idx=-1)

Return all operands

Return type:list
get_output(idx=-1)

Return an additional output of the instruction

Return type:string
get_raw()

Return the object in a raw format

Return type:string
androguard.core.bytecodes.dvm.clean_name_instruction(instruction)
androguard.core.bytecodes.dvm.determineException(vm, m)
androguard.core.bytecodes.dvm.determineNext(i, end, m)
androguard.core.bytecodes.dvm.get_access_flags_string(value)

Transform an access flag field to the corresponding string

Parameters:value (int) – the value of the access flags
Return type:string
androguard.core.bytecodes.dvm.get_byte(buff)
androguard.core.bytecodes.dvm.get_bytecodes_method(dex_object, ana_object, method)
androguard.core.bytecodes.dvm.get_bytecodes_methodx(method, mx)
androguard.core.bytecodes.dvm.get_extented_instruction(cm, op_value, buff)
androguard.core.bytecodes.dvm.get_instruction(cm, op_value, buff, odex=False)
androguard.core.bytecodes.dvm.get_instruction_payload(op_value, buff)
androguard.core.bytecodes.dvm.get_kind(cm, kind, value)

Return the value of the ‘kind’ argument

Parameters:
  • cm (ClassManager) – a ClassManager object
  • kind (int) – the type of the ‘kind’ argument
  • value (int) – the value of the ‘kind’ argument
Return type:

string

androguard.core.bytecodes.dvm.get_optimized_instruction(cm, op_value, buff)
androguard.core.bytecodes.dvm.get_params_info(nb, proto)
androguard.core.bytecodes.dvm.get_sbyte(buff)
androguard.core.bytecodes.dvm.get_type(atype, size=None)

Retrieve the type of a descriptor (e.g : I)

androguard.core.bytecodes.dvm.read_null_terminated_string(f)

Read a null terminated string from a file-like object.

Parameters:f – file-like object
Return type:bytearray
androguard.core.bytecodes.dvm.readsleb128(buff)
androguard.core.bytecodes.dvm.readuleb128(buff)
androguard.core.bytecodes.dvm.readuleb128p1(buff)
androguard.core.bytecodes.dvm.readusleb128(buff)
androguard.core.bytecodes.dvm.static_operand_instruction(instruction)
androguard.core.bytecodes.dvm.writesleb128(value)
androguard.core.bytecodes.dvm.writeuleb128(value)

androguard.core.bytecodes.axml module

class androguard.core.bytecodes.axml.ARSCComplex(buff, parent=None)

Bases: object

class androguard.core.bytecodes.axml.ARSCHeader(buff)

Bases: object

SIZE = 8
class androguard.core.bytecodes.axml.ARSCParser(raw_buff)

Bases: object

Parser for resource.arsc files

class ResourceResolver(android_resources, config=None)

Bases: object

put_ate_value(result, ate, config)
put_item_value(result, item, config, complex_)
resolve(res_id)
get_bool_resources(package_name, locale='\x00\x00')
get_color_resources(package_name, locale='\x00\x00')
get_dimen_resources(package_name, locale='\x00\x00')
get_id(package_name, rid, locale='\x00\x00')
get_id_resources(package_name, locale='\x00\x00')
get_integer_resources(package_name, locale='\x00\x00')
get_items(package_name)
get_locales(package_name)
get_packages_names()
get_public_resources(package_name, locale='\x00\x00')
get_res_configs(rid, config=None)
get_res_id_by_key(package_name, resource_type, key)
get_resolved_res_configs(rid, config=None)
get_resolved_strings()
get_resource_bool(ate)
get_resource_color(ate)
get_resource_dimen(ate)
get_resource_id(ate)
get_resource_integer(ate)
get_resource_string(ate)
get_resource_style(ate)
get_string(package_name, name, locale='\x00\x00')
get_string_resources(package_name, locale='\x00\x00')
get_strings_resources()
get_type_configs(package_name, type_name=None)
get_types(package_name, locale)
class androguard.core.bytecodes.axml.ARSCResStringPoolRef(buff, parent=None)

Bases: object

format_value()
get_data()
get_data_type()
get_data_type_string()
get_data_value()
is_reference()
class androguard.core.bytecodes.axml.ARSCResTableConfig(buff=None, **kwargs)

Bases: object

classmethod default_config()
get_country()
get_density()
get_language()
class androguard.core.bytecodes.axml.ARSCResTableEntry(buff, mResId, parent=None)

Bases: object

See https://github.com/LineageOS/android_frameworks_base/blob/df2898d9ce306bb2fe922d3beaa34a9cf6873d27/include/androidfw/ResourceTypes.h#L1370

FLAG_COMPLEX = 1
FLAG_PUBLIC = 2
FLAG_WEAK = 4
get_index()
get_key_data()
get_value()
is_complex()
is_public()
is_weak()
class androguard.core.bytecodes.axml.ARSCResTablePackage(buff, header)

Bases: object

get_name()
class androguard.core.bytecodes.axml.ARSCResType(buff, parent=None)

Bases: object

get_package_name()
get_type()
class androguard.core.bytecodes.axml.ARSCResTypeSpec(buff, parent=None)

Bases: object

class androguard.core.bytecodes.axml.AXMLParser(raw_buff)

Bases: object

doNext()
getAttributeCount()
getAttributeName(index)
getAttributeOffset(index)
getAttributePrefix(index)
getAttributeValue(index)

This function is only used to look up strings All other work is made by format_value # FIXME should unite those functions :param index: :return:

getAttributeValueData(index)
getAttributeValueType(index)
getName()
getNamespaceCount(pos)
getNamespacePrefix(pos)
getNamespaceUri(pos)
getPrefix()
getPrefixByUri(uri)
getText()
getXMLNS()
is_valid()
reset()
class androguard.core.bytecodes.axml.AXMLPrinter(raw_buff)

Bases: object

Converter for AXML Files into a XML string

getAttributeValue(index)

Wrapper function for format_value to resolve the actual value of an attribute in a tag :param index: :return:

getPrefix(prefix)
get_buff()
get_xml()

Get the XML as an UTF-8 string

Returns:str
get_xml_obj()

Get the XML as an ElementTree object

Returns:Element
is_packed()

Return True if we believe that the AXML file is packed If it is, we can not be sure that the AXML file can be read by a XML Parser

Returns:boolean
class androguard.core.bytecodes.axml.PackageContext(current_package, stringpool_main, mTableStrings, mKeyStrings)

Bases: object

get_mResId()
get_package_name()
set_mResId(mResId)
class androguard.core.bytecodes.axml.StringBlock(buff, header)

Bases: object

StringBlock is a CHUNK inside an AXML File It contains all strings, which are used by referecing to ID’s

TODO might migrate this block into the ARSCParser, as it it not a “special” block but a normal tag.

decode16(offset)
decode8(offset)
decodeLength(offset, sizeof_char)
decode_bytes(data, encoding, str_len)
getString(idx)
getStyle(idx)
show()
androguard.core.bytecodes.axml.complexToFloat(xcomplex)
androguard.core.bytecodes.axml.format_value(_type, _data, lookup_string=<function <lambda>>)
androguard.core.bytecodes.axml.getPackage(i)
androguard.core.bytecodes.axml.get_arsc_info(arscobj)
androguard.core.bytecodes.axml.long2int(l)
androguard.core.bytecodes.axml.long2str(l)

Convert an integer to a string.

androguard.core.bytecodes.axml.str2long(s)

Convert a string to a long integer.

androguard.core.bytecodes.mutf8 module

class androguard.core.bytecodes.mutf8.PeekIterator(s)

Bases: object

A quick’n’dirty variant of an Iterator that has a special function peek, which will return the next object but not consume it.

idx = 0
next()
peek()
androguard.core.bytecodes.mutf8.chr(val)

Patched Version of builtins.chr, to work with narrow python builds In those versions, the function unichr does not work with inputs >0x10000

This seems to be a problem usually on older windows builds.

Parameters:val – integer value of character
Returns:character
androguard.core.bytecodes.mutf8.decode(b)

Decode bytes as MUTF-8 See https://docs.oracle.com/javase/6/docs/api/java/io/DataInput.html#modified-utf-8 for more information

Surrogates will be returned as two 16 bit characters.

Parameters:b – bytes to decode
Return type:unicode (py2), str (py3) of 16bit chars
androguard.core.bytecodes.mutf8.patch_string(s)

Reorganize a String in such a way that surrogates are printable and lonely surrogates are escaped.

Parameters:s – input string
Returns:string with escaped lonely surrogates and 32bit surrogates

Module contents