androguard package¶
Subpackages¶
- androguard.core package
- androguard.decompiler package
- Subpackages
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.dad.ast module
- androguard.decompiler.dad.basic_blocks module
- androguard.decompiler.dad.control_flow module
- androguard.decompiler.dad.dataflow module
- androguard.decompiler.dad.decompile module
- androguard.decompiler.dad.graph module
- androguard.decompiler.dad.instruction module
- androguard.decompiler.dad.node module
- androguard.decompiler.dad.opcode_ins module
- androguard.decompiler.dad.util module
- androguard.decompiler.dad.writer module
- Module contents
- androguard.decompiler.dad package
- Submodules
- androguard.decompiler.decompiler module
- Module contents
- Subpackages
Submodules¶
androguard.misc module¶
-
androguard.misc.
AnalyzeAPK
(_file, session=None, raw=False)¶ Analyze an android application and setup all stuff for a more quickly analysis! If session is None, no session is used at all. This is the default behaviour. If you like to continue your work later, it might be a good idea to use a session. A default session can be created by using
get_default_session()
.Parameters: - _file (string (for filename) or bytes (for raw)) – the filename of the android application or a buffer which represents the application
- session – A session (default: None)
- raw – boolean if raw bytes are supplied instead of a filename
Return type: return the
APK
, list ofDalvikVMFormat
, andAnalysis
objects
-
androguard.misc.
AnalyzeDex
(filename, session=None)¶ Analyze an android dex file and setup all stuff for a more quickly analysis !
Parameters: - filename (string) – the filename of the android dex file or a buffer which represents the dex file
- session – A session (Default None)
Return type: return a tuple of (sha256hash,
DalvikVMFormat
,Analysis
)
-
androguard.misc.
AnalyzeODex
(filename, session=None)¶ Analyze an android odex file and setup all stuff for a more quickly analysis !
Parameters: - filename (string) – the filename of the android dex file or a buffer which represents the dex file
- session – The Androguard Session to add the ODex to (default: None)
Return type: return a tuple of (sha256hash,
DalvikOdexVMFormat
,Analysis
)
-
androguard.misc.
RunDecompiler
(d, dx, decompiler_name)¶ Run the decompiler on a specific analysis
Parameters: - d (
DalvikVMFormat
object) – the DalvikVMFormat object - dx (
VMAnalysis
object) – the analysis of the format - decompiler (string) – the type of decompiler to use (“dad”, “dex2jad”, “ded”)
- d (
-
androguard.misc.
clean_file_name
(filename, unique=True, replace='_', force_nt=False)¶ Return a filename version, which has no characters in it which are forbidden. On Windows these are for example <, /, ?, …
The intention of this function is to allow distribution of files to different OSes.
Parameters: - filename – string to clean
- unique – check if the filename is already taken and append an integer to be unique (default: True)
- replace – replacement character. (default: ‘_’)
- force_nt – Force shortening of paths like on NT systems (default: False)
Returns: clean string
-
androguard.misc.
get_default_session
()¶ Return the default Session from the configuration or create a new one, if the session in the configuration is None.
-
androguard.misc.
init_print_colors
()¶
-
androguard.misc.
sign_apk
(filename, keystore, storepass)¶ Use jarsigner to sign an APK file.
Parameters: - filename – APK file on disk to sign (path)
- keystore – path to keystore
- storepass – your keystorage passphrase
androguard.session module¶
-
androguard.session.
Load
(filename)¶ load your session!
Parameters: filename (string) – the filename where the session has been saved Return type: the elements of your session :) Example: s = session.Load(“mysession.p”)
-
androguard.session.
Save
(session, filename)¶ save your session!
Parameters: - session – A Session object to save
- filename (string) – output filename to save the session
Example: s = session.Session() session.Save(s, “msession.p”)
-
class
androguard.session.
Session
(export_ipython=False)¶ Bases:
object
-
add
(filename, raw_data, dx=None)¶ Generic method to add a file to the session. It guesses the filetype and calls the correct method.
Parameters: - filename – filename to load
- raw_data – bytes of the file
- dx – An already exiting
Analysis
object
Returns: the sha256 of the file or None on failure
-
addAPK
(filename, data)¶ Add an APK file to the Session and run analysis on it.
Parameters: - filename – (file)name of APK file
- data – binary data of the APK file
Returns: a tuple of SHA256 Checksum and APK Object
-
addDEX
(filename, data, dx=None)¶ Add a DEX file to the Session and run analysis.
Parameters: - filename – the (file)name of the DEX file
- data – binary data of the dex file
- dx – an existing Analysis Object (optional)
Returns: A tuple of SHA256 Hash, DalvikVMFormat Object and Analysis object
-
addDEY
(filename, data, dx=None)¶
-
get_all_apks
()¶
-
get_analysis
(current_class)¶
-
get_classes
()¶
-
get_digest_by_class
(current_class)¶
-
get_filename_by_class
(current_class)¶
-
get_format
(current_class)¶
-
get_nb_strings
()¶
-
get_objects_apk
(filename, digest=None)¶
-
get_objects_dex
()¶
-
get_strings
()¶
-
isOpen
()¶ Test if any file was analyzed in this session
Returns: True if any file was analyzed, False otherwise
-
reset
()¶ Reset the current session, delete all added files.
-
show
()¶ Print information about the current session
-
androguard.util module¶
-
androguard.util.
get_certificate_name_string
(name, short=False, delimiter=', ')¶ Format the Name type of a X509 Certificate in a human readable form.
Parameters: - name (dict or
asn1crypto.x509.Name
) – Name object to return the DN from - short (boolean) – Use short form (default: False)
- delimiter (str) – Delimiter string or character between two parts (default: ‘, ‘)
Return type: str
- name (dict or
-
androguard.util.
read
(filename, binary=True)¶ Open and read a file
Parameters: - filename – filename to open and read
- binary – True if the file should be read as binary
Returns: bytes if binary is True, str otherwise