androguard.core package

Subpackages

• androguard.core.analysis package
  • Submodules
  • androguard.core.analysis.analysis module
  • androguard.core.analysis.auto module
  • Module contents
• androguard.core.api_specific_resources package
  • Module contents
• androguard.core.bytecodes package
  • Submodules
  • androguard.core.bytecodes.apk module
  • androguard.core.bytecodes.dvm module
  • androguard.core.bytecodes.axml module
  • androguard.core.bytecodes.mutf8 module
  • Module contents
• androguard.core.resources package
  • Submodules
  • androguard.core.resources.public module
  • Module contents

Submodules

androguard.core.androconf module

class androguard.core.androconf.Color

Bases: object

Black = '\x1b[30m'

Blue = '\x1b[34m'

Bold = '\x1b[1m'

Cyan = '\x1b[36m'

Green = '\x1b[32m'

Grey = '\x1b[37m'

Normal = '\x1b[0m'

Purple = '\x1b[35m'

Red = '\x1b[31m'

Yellow = '\x1b[33m'

class androguard.core.androconf.Configuration

Bases: object

instance = {'BIN_DED': 'ded.sh', 'BIN_DEX2JAR': 'dex2jar.sh', 'BIN_FERNFLOWER': 'fernflower.jar', 'BIN_JAD': 'jad', 'BIN_JADX': 'jadx', 'BIN_JARSIGNER': 'jarsigner', 'BIN_WINEJAD': 'jad.exe', 'COLORS': {'BB': '\x1b[35m', 'BRANCH': '\x1b[34m', 'BRANCH_FALSE': '\x1b[31m', 'BRANCH_TRUE': '\x1b[32m', 'EXCEPTION': '\x1b[36m', 'INSTRUCTION_NAME': '\x1b[33m', 'NORMAL': '\x1b[0m', 'NOTE': '\x1b[31m', 'OFFSET': '\x1b[33m', 'OFFSET_ADDR': '\x1b[32m', 'OUTPUT': {'field': '\x1b[32m', 'literal': '\x1b[32m', 'meth': '\x1b[36m', 'normal': '\x1b[0m', 'offset': '\x1b[35m', 'raw': '\x1b[31m', 'registers': '\x1b[0m', 'string': '\x1b[31m', 'type': '\x1b[34m'}}, 'DEFAULT_API': 16, 'OPTIONS_FERNFLOWER': {'asc': '1', 'dgs': '1'}, 'PRINT_FCT': <built-in method write of _io.TextIOWrapper object>, 'RECODE_ASCII_STRING': False, 'RECODE_ASCII_STRING_METH': None, 'SESSION': None, 'TMP_DIRECTORY': '/tmp'}

exception androguard.core.androconf.InvalidResourceError

Bases: Exception

Invalid Resource Erorr is thrown by load_api_specific_resource_module

androguard.core.androconf.color_range(startcolor, goalcolor, steps)

wrapper for interpolate_tuple that accepts colors as html (“#CCCCC” and such)

androguard.core.androconf.default_colors(obj)

androguard.core.androconf.disable_colors()

Disable colors from the output (color = normal)

androguard.core.androconf.enable_colors(colors)

androguard.core.androconf.interpolate_tuple(startcolor, goalcolor, steps)

Take two RGB color sets and mix them over a specified number of steps. Return the list

androguard.core.androconf.is_android(filename)

Return the type of the file

:param filename : the filename :returns: “APK”, “DEX”, None

androguard.core.androconf.is_android_raw(raw)

Returns a string that describes the type of file, for common Android specific formats

androguard.core.androconf.is_ascii_problem(s)

Test if a string contains other chars than ASCII

Parameters:s – a string to test Returns:True if string contains other chars than ASCII, False otherwise

androguard.core.androconf.load_api_specific_resource_module(resource_name, api=None)

Load the module from the JSON files and return a dict, which might be empty if the resource could not be loaded.

If no api version is given, the default one from the CONF dict is used.

Parameters:

• resource_name – Name of the resource to load
• api – API version

Returns:

dict

androguard.core.androconf.make_color_tuple(color)

turn something like “#000000” into 0,0,0 or “#FFFFFF into “255,255,255”

androguard.core.androconf.remove_colors()

Remove colors from the output (no escape sequences)

androguard.core.androconf.rrmdir(directory)

Recursivly delete a directory

Parameters:directory – directory to remove

androguard.core.androconf.save_colors()

androguard.core.androconf.set_options(key, value)

Deprecated since version 3.3.5: Use CONF[key] = value instead

androguard.core.androconf.show_logging(level=20)

enable log messages on stdout

We will catch all messages here! From all loggers…

androguard.core.bytecode module

class androguard.core.bytecode.Buff(offset, buff)

Bases: object

class androguard.core.bytecode.BuffHandle(buff)

Bases: object

BuffHandle is a wrapper around bytes. It gives the ability to jump in the byte stream, just like with BytesIO.

add_idx(idx)

Advance the current offset by idx

Parameters:idx (int) – number of bytes to advance

end()

Test if the current offset is at the end or over the buffer boundary

Return type:bool

get_buff()

Return the whole buffer

Return type:bytearray

get_idx()

Get the current offset in the buffer

Return type:int

length_buff()

Alias for size()

peek(size)

Alias for read_b()

read(size)

Read from the current offset a total number of size bytes and increment the offset by size

Parameters:size (int) – length of bytes to read Return type:bytearray

readNullString(size)

Read a String with length size at the current offset

Parameters:size (int) – length of the string Return type:bytearray

read_at(offset, size)

Read bytes from the given offset with length size without incrementing the current offset

Parameters:

• offset (int) – offset to start reading
• size (int) – length of bytes to read

Return type:

bytearray

read_b(size)

Read bytes with length size without incrementing the current offset

Parameters:size (int) – length to read in bytes Return type:bytearray

readat(off)

Read all bytes from the start of off until the end of the buffer

Parameters:off (int) – starting offset Return type:bytearray

save(filename)

Save the current buffer to filename

Exisiting files with the same name will be overwritten.

Parameters:filename (str) – the name of the file to save to

set_buff(buff)

Overwrite the current buffer with the content of buff

Parameters:buff (bytearray) – the new buffer

set_idx(idx)

Set the current offset in the buffer

Parameters:idx (int) – offset to set

size()

Get the total size of the buffer

Return type:int

tell()

Alias for get_idx().

Return type:int

androguard.core.bytecode.Exit(msg)

androguard.core.bytecode.FormatClassToJava(i)

Transform a java class name into the typed variant found in DEX files.

example:

>>> FormatClassToJava('java.lang.Object')
'Ljava/lang/Object;'

Parameters:i – the input class name Return type:str

androguard.core.bytecode.FormatClassToPython(i)

Transform a typed class name into a form which can be used as a python attribute

example:

>>> FormatClassToPython('Lfoo/bar/foo/Barfoo$InnerClass;')
'Lfoo_bar_foo_Barfoo_InnerClass'

Parameters:i – classname to transform Return type:str

androguard.core.bytecode.FormatDescriptorToPython(i)

Format a descriptor into a form which can be used as a python attribute

example:

>>> FormatDescriptorToPython('(Ljava/lang/Long; Ljava/lang/Long; Z Z)V')
'Ljava_lang_LongLjava_lang_LongZZV

Parameters:i – name to transform Return type:str

androguard.core.bytecode.FormatNameToPython(i)

Transform a (method) name into a form which can be used as a python attribute

example:

>>> FormatNameToPython('<clinit>')
'clinit'

Parameters:i – name to transform Return type:str

class androguard.core.bytecode.MethodBC

Bases: object

show(value)

class androguard.core.bytecode.Node(n, s)

Bases: object

androguard.core.bytecode.PrettyShow(m_a, basic_blocks, notes={})

androguard.core.bytecode.PrettyShowEx(exceptions)

class androguard.core.bytecode.SV(size, buff)

Bases: object

get_value()

get_value_buff()

set_value(attr)

class androguard.core.bytecode.SVs(size, ntuple, buff)

Bases: object

get_value()

get_value_buff()

set_value(attr)

class androguard.core.bytecode.TmpBlock(name)

Bases: object

get_name()

androguard.core.bytecode.disable_print_colors()

androguard.core.bytecode.enable_print_colors(colors)

androguard.core.bytecode.get_package_class_name(name)

Return package and class name in a java variant from a typed variant name.

If no package could be found, the package is an empty string.

example:

>>> get_package_class_name('Ljava/lang/Object;')
('java.lang', 'Object')

Parameters:name – the name Return type:tuple Returns:

androguard.core.bytecode.method2dot(mx, colors=None)

Export analysis method to dot format

Parameters:

• mx – MethodAnalysis
• colors – dict of colors to use, if colors is None the default colors are used

Returns:

a string which contains the dot graph

androguard.core.bytecode.method2format(output, _format='png', mx=None, raw=None)

Export method to a specific file format

@param output : output filename @param _format : format type (png, jpg …) (default : png) @param mx : specify the MethodAnalysis object @param raw : use directly a dot raw buffer if None

androguard.core.bytecode.method2jpg(output, mx, raw=False)

Export method to a jpg file format

Parameters:

• output (string) – output filename
• mx (MethodAnalysis object) – specify the MethodAnalysis object
• raw (string) – use directly a dot raw buffer (optional)

androguard.core.bytecode.method2json(mx, directed_graph=False)

Create directed or undirected graph in the json format.

Parameters:

• mx – MethodAnalysis
• directed_graph – True if a directed graph should be created (default: False)

Returns:

androguard.core.bytecode.method2json_direct(mx)

Parameters:mx – MethodAnalysis Returns:

androguard.core.bytecode.method2json_undirect(mx)

Parameters:mx – MethodAnalysis Returns:

androguard.core.bytecode.method2png(output, mx, raw=False)

Export method to a png file format

Parameters:

• output (string) – output filename
• mx (MethodAnalysis object) – specify the MethodAnalysis object
• raw (string) – use directly a dot raw buffer

androguard.core.bytecode.object_to_bytes(obj)

Convert a object to a bytearray or call get_raw() of the object if no useful type was found.

androguard.core.bytecode.vm2json(vm)

Get a JSON representation of a DEX file

Parameters:vm – DalvikVMFormat Returns:

Module contents