SSL¶
This is an autogenerated documentation file for the script: SSL
Run it¶
$ ./androanalyze scripts_builtin/SSL.py --package-names com.spotify.music
View the results¶
Non-Binary¶
$ ./androquery result -sn SSL -pn com.spotify.music
{
"apk meta": {
"package name": "com.spotify.music",
"version name": "2.2.0.636",
"sha256": "bbf2c7d7b8fbbce68a97a2f0fd7e854e29b1ea9e3836615e7e6a35095915a607",
"import date": "2015-04-14T15:10:06.364000",
"build_date": "2015-02-11T12:25:40",
"path": "/mnt/stuff/btsync/apks_manual_downloads/02.03.2015_top_free_4/apps_topselling_free/MUSIC_AND_AUDIO/com.spotify.music.apk",
"tag": null
},
"script meta": {
"name": "SSL",
"sha256": "9658ac81fa84afd9f7d2a796c2a78bfd0e687fd592ff64621acbd4a38cf4535d",
"analysis date": "2015-06-26T17:15:37.547000",
"version": "0.1"
},
"code loading": {
"dynamic": true,
"native": true
},
"SSL": {
"ssl_error_handler": true,
"plain_socket": true,
"plain_socket_factory": false,
"ssl_socket_std": true,
"ssl_socket_apache": true,
"ssl_socket_factory_std": true,
"ssl_socket_factory_apache": true,
"ssl_socket_factory_easy": false,
"air_ssl_dialog": false,
"hostname_verifier_allow_all": false,
"hostname_verifier_browser_compat": false,
"hostname_verifier_strict": false,
"hostname_verifier_x509": false,
"url_connection_https": true,
"url_connection_http": true,
"certificate_code_std": false,
"certificate_code_air": false,
"google_ad_sense": true,
"adobe_air_runtime": false
}
}
Binary¶
For the case that the result may exceed 16MB, it is stored in MongoDB’s gridFS. Therefore we need to use a different query syntax:
View the meta data:
$ ./androquery result -sn SSL -pn com.spotify.music -nd
Empty
View the raw data:
$ ./androquery result -sn SSL -pn com.spotify.music -nd -r
Empty
Source¶
# encoding: utf-8
__author__ = "Lars Baumgärtner, Nils Schmidt"
__email__ = "{lbaumgaerner,schmidt89} at informatik.uni-marburg.de"
from androlyze import is_dyn_code, is_native_code
from androlyze.model.script.AndroScript import AndroScript
CAT_SSL = "SSL"
CAT_CODE_LOADING = "code loading"
CODE_LOADING_DYN = "dynamic"
CODE_LOADING_NATIVE = "native"
class SSL(AndroScript):
''' SSL Checks '''
VERSION = "0.1"
CHECKS = [
("Landroid/webkit/SslErrorHandler", "SSL_ERROR_HANDLER"),
("Ljava/net/Socket", "PLAIN_SOCKET"),
("Ljava/net/SocketFactory", "PLAIN_SOCKET_FACTORY"),
("Ljavax/net/ssl/SSLSocket", "SSL_SOCKET_STD"),
("Lorg/apache/http/conn/ssl/SSLSocket", "SSL_SOCKET_APACHE"),
("Ljavax/net/ssl/SSLSocketFactory", "SSL_SOCKET_FACTORY_STD"),
("Lorg/apache/http/conn/ssl/SSLSocketFactory", "SSL_SOCKET_FACTORY_APACHE"),
("EasySSLSocketFactory", "SSL_SOCKET_FACTORY_EASY"),
("Lcom/adobe/air/SSLSecurityDialog", "AIR_SSL_DIALOG"),
("Lorg/apache/http/conn/ssl/AllowAllHostnameVerifier", "HOSTNAME_VERIFIER_ALLOW_ALL"),
("Lorg/apache/http/conn/ssl/BrowserCompatHostnameVerifier", "HOSTNAME_VERIFIER_BROWSER_COMPAT"),
("Lorg/apache/http/conn/ssl/StrictHostnameVerifier", "HOSTNAME_VERIFIER_STRICT"),
("Lorg/apache/http/conn/ssl/X509HostnameVerifier", "HOSTNAME_VERIFIER_X509"),
("Ljavax/net/ssl/HttpsURLConnection", "URL_CONNECTION_HTTPS"),
("Ljava/net/HttpURLConnection", "URL_CONNECTION_HTTP"),
("Landroid/net/http/SslCertificate", "CERTIFICATE_CODE_STD"),
("Lcom/adobe/air/Certificate", "CERTIFICATE_CODE_AIR"),
("Lcom/google/ads/AdRequest", "GOOGLE_AD_SENSE"),
("Lcom/adobe/air", "ADOBE_AIR_RUNTIME")
]
def _analyze(self, apk, dalvik_vm_format, vm_analysis, gvm_analysis, *args, **kwargs):
'''
Overwrite this function in apk subclass to build your own script!
Use the `ResultObject` for logging.
Parameters
----------
apk: EAndroApk
dalvik_vm_format: DalvikVMFormat
Parsed .dex file.
Only available if `needs_dalvik_vm_format` returns True.
vm_analysis: VMAnalysis
Dex analyzer.
Only available if `needs_vmanalysis` returns True.
gvm_analysis : GVMAnalysis
'''
res = self.res
# register key
res.register_bool_keys([CODE_LOADING_DYN, CODE_LOADING_NATIVE], CAT_CODE_LOADING)
res.register_bool_keys(map(lambda t: t[1].lower(), self.CHECKS), CAT_SSL)
# do checks
self.do_usage_checks(vm_analysis)
def do_usage_checks(self, dx):
res = self.res
def log(key):
''' convenience function for logging '''
res.log_true(key, CAT_SSL)
# run ssl checks
for check_val, check_name in self.CHECKS:
if dx.tainted_packages.search_packages(check_val) != []:
# log
log(check_name.lower())
if is_dyn_code(dx):
res.log_true(CODE_LOADING_DYN, CAT_CODE_LOADING)
if is_native_code(dx):
res.log_true(CODE_LOADING_NATIVE, CAT_CODE_LOADING)
return res
############################################################
#---Script requirements
############################################################
def needs_xref(self):
''' Create cross references '''
return True
def get_DynCode(dx):
return dx.tainted_packages.search_packages( "Ldalvik/system/DexClassLoader")
if __name__ == '__main__':
for res in AndroScript.test(SSL, ["../../../../testenv/apks/a2dp.Vol.apk"]):
print res
print res.write_to_json()