j"?ddlZddlZddlmZmZddlZddlmZddlm Z m Z m Z ddl m Z mZddlmZGddZdS) N)IteratorUnion)logger) androconfapkdex)AnalysisStringAnalysis) DecompilerDADceZdZdZ d%dededdfdZd&d eedfddfd Zd Z d'd Z defd Z d'dZ dZ dZd ededeeejffdZ d(d ededeedfdedeeejeff dZ d&d ededeedfdeeejeffdZ d)d edeedfdeedfdeedffdZdeeeeeeejffdZdejdefdZ dejdejfdZ!dejdeedffdZ"dejdeedffdZ#deeeee$ee%fffdZ&defd Z'deeeejffd!Z( d)d eedfd"eedfdeeejeejeffd#Z)deeeejeffd$Z*dS)*Sessiona A Session is able to store in a database, basic information about APK, DEX or ODEX files. Additionally, it offers the possibility to store actions done when using the 'pentest' module. NOTE: an attempt to move from pickling to dataset was started here: but is NOT finished! > Should we go back to pickling or proceed further with the dataset ? Fsqlite:///androguard.dbexport_ipythondb_urlreturnNc:|||_tj||_t jd|j|jd|_|jd|_ |jd|_ |jd|_ t|j |_ |j t|j t jd|j dS) z Create a new Session object :param export_ipython: set to True in order to create attributes for the use in iPython zOpening database {} informationsessionpentestsystem)idzCreating new session [{}]N)_setup_objectsrdatasetconnectdbrinfoformattable_information table_session table_pentest table_systemlen session_idinsertdict)selfrrs Y/home/ubuntu/.hermes/hermes-agent/venv/lib/python3.11/site-packages/androguard/session.py__init__zSession.__init__s ,/&)) )0099:::!%!7!WY/!WY/ GH-d011 !!$$/":":":;;; /66tGGHHHHHfilenamec`tjd|jdS)z* Save the current session zSaving the databaseN)rrrcommit)r&r*s r'savez Session.save3s-  )*** r)ctjt|_t |_t |_g|_tj|_ t |_ dSN) collections defaultdictlistanalyzed_filesr%analyzed_digest analyzed_apk added_files OrderedDict analyzed_vms analyzed_dexr&s r'rzSession._setup_objects:s\)5d;;#vv FF (355 !FFr)c.|dS)zD Reset the current session, delete all added files. N)rr:s r'resetz Session.resetJs r)c2t|jdkS)z Test if any file was analyzed in this session :return: `True` if any file was analyzed, `False` otherwise r)r"r4r:s r'isOpenzSession.isOpenPs 4'((1,,r)ctdt|j|jD](\}}td||)tdt|j|jD](\}}td||)tdt|j|jD](\}}td||)dS)z Print information to stdout about the current session. Gets all APKs, all DEX files and all Analysis objects. zAPKs in Session: {}z {}: {}zDEXs in Session: {}zAnalysis in Session: {}N)printrr"r5itemsr9r8)r&dars r'showz Session.showXsO #**3t/@+A+ABBCCC%++-- + +DAq *##Aq)) * * * * #**3t/@+A+ABBCCC'--// - -FAs *##As++ , , , , '..s43D/E/EFFGGG%++-- + +DAq *##Aq)) * * * * + +r)c |jtt|j||||dS)N)r#callcalleeparamsret)r r$r%strr#)r&rFrGrHrIs r' insert_eventzSession.insert_eventisR !! t//         r)c |jtt|j||||dS)N)r#rFrGrrH)r!r$r%rJr#)r&rFrGrrHs r'insert_system_eventzSession.insert_system_eventtsR   t//'         r)datactj|}tjd|||jtt|j ||dtj |d}|g|j |<|j||||j|<|j|t%}||j|<|D]}||||d|tjd||||fS)z Add an APK file to the Session and run analysis on it. :param filename: (file)name of APK file :param data: binary data of the APK file :return: a tuple of SHA256 Checksum and APK Object z add APK {}:{}APKr#r*digesttypeT) postpone_xrefzadded APK {}:{})hashlibsha256 hexdigestrrrrr$r%rJr#rrPr5r3appendr4r6r r8 get_all_dexaddDEX create_xref)r&r*rNrRnewapkdxrs r'addAPKzSession.addAPKso%%//11 O**8V<<=== %% t//!       t$$%+H&! H%,,V444'/V$ ))) ZZ$&&!%%'' ? ?C KK#rK > > > >  %,,Xv>>???v~r)r]rTctj|}tjd||jtt|j ||dtj dtj |}tjd||j||||j|<||j|<|t%}|||s|tj d|jD]:}|t/||||;||j|<|jr(tj d||||fS) a Add a DEX file to the Session and run analysis. :param filename: the (file)name of the DEX file :param data: binary data of the dex file :param dx: an existing `Analysis` Object (optional) :param postpone_xref: True if no xref shall be created, and will be called manually :return: A tuple of SHA256 Hash, DEX Object and `Analysis` object z add DEX:{}DEXrQzParsing format ...z added DEX:{}Nz(Associated decompiler to the DEX objectszExporting in ipython)rUrVrWrrrrr$r%rJr#debugrr`r3rXr4r9r addr[vmsset_decompilerr set_analysisr8rcreate_python_export)r&r*rNr]rTrRrBs r'rZzSession.addDEXs %%//11 L''//000 %% t//!         )*** GDMM N))&11222 H%,,V444'/V$$%&! :B q   NN    ?@@@  A  ]1b11 2 2 2 NN2    $&&!   % L/ 0 0 0 " " $ $ $q"}r)ctj|}tjd|z|jtt|j ||dtj |}tj d|z|j ||||j|<||j|<|jr||t'}||||jD]:}|t1||||;||j|<|||fS)aP Add an ODEX file to the session and run the analysis :param filename: the ODEX filename :param data: the ODEX bytes :param dx: the `Analysis` object to add the ODEX to :returns: a tuple containing the SHA256 digest, the new `dex.ODEX` object, and the `Analysis` it is contained within. z add ODEX:%sODEXrQz added ODEX:%s)rUrVrWrrrr$r%rJr#rrhrar3rXr4r9rrfr rbr[rcrdr set_vmanalysisr8)r&r*rNr]rRrBs r'addODEXzSession.addODEXsz%%//11 MF*+++ %% t//!        HTNN _v-... H%,,V444'/V$$%&!   % " " $ $ $ :B q   ! !A  ]1b11 2 2 2  R $&&!q"}r)raw_datac|sctjd|t|d5}|}dddn #1swxYwYt j|}tjd||sdS|dkr|||\}}nF|dkr||||\}}}n$|dkr| |||\}}}ndS|S)as Generic method to add a file to the session. This is the main method to use when adding files to a Session! If an APK file is supplied, all DEX files are analyzed too. For DEX and ODEX files, only this file is analyzed (what else should be analyzed). Returns the SHA256 of the analyzed file. :param filename: filename to load :param raw_data: bytes of the file, or None to load the file from filename :param dx: An already exiting `androguard.core.analysis.analysis.Analysis` object :return: the sha256 of the file or None on failure zLoading file from '{}'rbNzFound filetype: '{}'rPr`DEY) rraropenreadris_android_rawr^rZrj)r&r*rkr]fprIrR_s r'rbz Session.addsP, % L188BB C C Ch%% %7799 % % % % % % % % % % % % % % %&x00 +22377888 4 %<< Hh77IFAA E\\;;x2>>LFAqq E\\<<(B??LFAqq4 sAA"Ac#Kt|jD]C\}}|j|}|jD])}|j|}||||fV*DdS)a= Returns all Java Classes from the DEX objects as an array of DEX files. :returns: an iterator where each element is a tuple containing the index of the `Analysis` object, the filename containing the class (ODEX, DEX), the SHA256 digest of the `Analysis` object, and a list of `CalssDefItem` N) enumerater8rcr4 get_classes)r&idxrRr]vmr*s r'rvzSession.get_classes;s%T%677 > >KC"6*Bf > >/78VR^^-=-====== > > >r) current_classc|jD]:}|j|}||r|cS;dS)a Returns the [Analysis][androguard.core.analysis.analysis.Analysis] object which contains the `current_class`. :param current_class: The class to search for :returns: the `androguard.core.analysis.analysis.Analysis` object N)r8is_class_presentget_namer&ryrRr]s r' get_analysiszSession.get_analysisIsX'  F"6*B""=#9#9#;#;<<   tr)c|jjS)z Returns the [DEX][androguard.core.dex.DEX] of a given [ClassDefItem][androguard.core.dex.ClassDefItem]. :param current_class: A ClassDefItem )CMrx)r&rys r' get_formatzSession.get_formatWs""r)c|jD];\}}||r|j|cS>> s = Session() >>> digest = s.add("some.apk") >>> a, d, dx = s.get_objects_apk(digest=digest) Example: >>> s = Session() >>> filename = "some.apk" >>> digest = s.add(filename) >>> a, d, dx = s.get_objects_apk(filename=filename) :param filename: the filename of the APK file, only used of digest is `None` :param digest: the sha256 hash, as returned by `add` for the APK :returns: a tuple of (APK, [DEX], Analysis) z&Must give at least filename or digest!N)NNNr) ValueErrorr3getr5r8rc)r&r*rRdigestsrCr]s r'get_objects_apkzSession.get_objects_apks8 G GEFF F >)--h77G (''QZF  f %a (  v &"&"}r)c#lK|jD]\}}|||j|fVdS)z Yields all [DEX][androguard.core.dex.DEX] objects including their [Analysis][androguard.core.analysis.analysis.Analysis] objects :returns: tuple of (sha256, DEX, Analysis) N)r9rAr8)r&rRrBs r'get_objects_dexzSession.get_objects_dexsR*0022 7 7IFA!T.v66 6 6 6 6 7 7r))Frr/)rN)NF)NN)+__name__ __module__ __qualname____doc__boolrJr(rr-rr<r>rDrKrMbytestuplerrPr^r rr`rZrhrjrbrintr2 ClassDefItemrvr~rrrr%r rrrrrr)r'r r sS   %/IIII  IIII4U39-###  -----++++"        %s%%%E#sw,4G%%%%V%)# 7777 (D. ! 7  7 sCGX% & 7777tGK///#(/.3HdN.C/ sCHh& '////h(,$( )))t $) (D. ! ) sDy  ))))V > %S#tC,<'==> ? > > > > #*: x    #(8#SW#### - sDy $  -  sDy     ) %S$sN':";;< =))))"     huS#'\':;&*#'((T "(c4i ( %cg89 : ((((T7%SWh0F*G!H777777r)r )r0rUtypingrrrlogururandroguard.corerrr!androguard.core.analysis.analysisr r androguard.decompiler.decompilerr r rr)r'rs""""""""//////////FFFFFFFF::::::P7P7P7P7P7P7P7P7P7P7r)