androguard package

Submodules

androguard.misc module

androguard.misc.AnalyzeAPK(_file, session=None, raw=False)

Analyze an android application and setup all stuff for a more quickly analysis! If session is None, no session is used at all. This is the default behaviour. If you like to continue your work later, it might be a good idea to use a session. A default session can be created by using get_default_session().

Parameters:
  • _file (string (for filename) or bytes (for raw)) – the filename of the android application or a buffer which represents the application
  • session – A session (default: None)
  • raw – boolean if raw bytes are supplied instead of a filename
Return type:

return the APK, list of DalvikVMFormat, and Analysis objects
androguard.misc.AnalyzeDex(filename, session=None)

Analyze an android dex file and setup all stuff for a more quickly analysis !

Parameters:
  • session – A session (Default None)
  • filename (string) – the filename of the android dex file or a buffer which represents the dex file
Return type:

return the DalvikVMFormat, and Analysis objects
androguard.misc.AnalyzeODex(filename, session=None)

Analyze an android odex file and setup all stuff for a more quickly analysis !

Parameters:
  • filename (string) – the filename of the android dex file or a buffer which represents the dex file
  • session – The Androguard Session to add the ODex to (default: None)
Return type:

return the DalvikOdexVMFormat, and Analysis objects
androguard.misc.RunDecompiler(d, dx, decompiler_name)

Run the decompiler on a specific analysis

Parameters:
  • d (DalvikVMFormat object) – the DalvikVMFormat object
  • dx (VMAnalysis object) – the analysis of the format
  • decompiler (string) – the type of decompiler to use (“dad”, “dex2jad”, “ded”)
androguard.misc.clean_file_name(filename, unique=True, replace='_', force_nt=False)

Return a filename version, which has no characters in it which are forbidden. On Windows these are for example <, /, ?, …

The intention of this function is to allow distribution of files to different OSes.

Parameters:
  • filename – string to clean
  • unique – check if the filename is already taken and append an integer to be unique (default: True)
  • replace – replacement character. (default: ‘_’)
  • force_nt – Force shortening of paths like on NT systems (default: False)
Returns:

clean string
androguard.misc.get_default_session()

Return the default Session from the configuration or create a new one, if the session in the configuration is None.

androguard.misc.init_print_colors()
androguard.misc.sign_apk(filename, keystore, storepass)

Use jarsigner to sign an APK file.

Parameters:
  • filename – APK file on disk to sign (path)
  • keystore – path to keystore
  • storepass – your keystorage passphrase

androguard.session module

androguard.session.Load(filename)

load your session!

Parameters:filename (string) – the filename where the session has been saved
Return type:the elements of your session :)
Example:s = session.Load(“mysession.p”)
androguard.session.Save(session, filename)

save your session!

Parameters:
  • session – A Session object to save
  • filename (string) – output filename to save the session
Example:

s = session.Session() session.Save(s, “msession.p”)
class androguard.session.Session(export_ipython=False)

Bases: object

add(filename, raw_data, dx=None)
addAPK(filename, data)

Add an APK file to the Session and run analysis on it.

Parameters:
  • filename – (file)name of APK file
  • data – binary data of the APK file
Returns:

a tuple of SHA256 Checksum and APK Object
addDEX(filename, data, dx=None)

Add a DEX file to the Session and run analysis.

Parameters:
  • filename – the (file)name of the DEX file
  • data – binary data of the dex file
  • dx – an existing Analysis Object (optional)
Returns:

A tuple of SHA256 Hash, DalvikVMFormat Object and Analysis object
addDEY(filename, data, dx=None)
get_all_apks()
get_analysis(current_class)
get_classes()
get_digest_by_class(current_class)
get_filename_by_class(current_class)
get_format(current_class)
get_nb_strings()
get_objects_apk(filename, digest=None)
get_objects_dex()
get_strings()
isOpen()

Test if any file was analyzed in this session

Returns:True if any file was analyzed, False otherwise
reset()

Reset the current session, delete all added files.

show()

Print information about the current session

androguard.util module

androguard.util.get_certificate_name_string(name, short=False)

Return the distinguished name of an X509 Certificate

Parameters:
  • name (cryptography.x509.Name) – Name object to return the DN from
  • short (Boolean) – Use short form (Default: False)
Return type:

str
androguard.util.read(filename, binary=True)

Module contents