androlyze.analyze package

Subpackages

• androlyze.analyze.distributed package
  • Subpackages
    • androlyze.analyze.distributed.exception package
      • Module contents
    • androlyze.analyze.distributed.tasks package
      • Submodules
      • androlyze.analyze.distributed.tasks.AnalyzeTask module
      • Module contents
  • Submodules
  • androlyze.analyze.distributed.AnalysisStatsView module
  • androlyze.analyze.distributed.DistributedAnalyzer module
  • Module contents
• androlyze.analyze.exception package
  • Module contents
• androlyze.analyze.parallel package
  • Submodules
  • androlyze.analyze.parallel.AnalysisStatsView module
  • androlyze.analyze.parallel.ParallelAnalyzer module
  • androlyze.analyze.parallel.Worker module
  • Module contents

Submodules

androlyze.analyze.AnalyzeUtil module

androlyze.analyze.AnalyzeUtil.analyze_apk(eandro_apk, scripts, min_script_needs, propagate_error=False, reset_scripts=True)

Analyze the eandro_apk with the given scripts assuming each AndroScript neads at least min_script_needs.

Be sure that you reseted the scripts!

Parameters:

eandro_apk : EAndroApk

The apk.

scripts : iterable<AndroScript>

The scripts to use for the analysis.

min_script_needs : tuple<bool>

See :py:meth:ScriptUtil.get_maximal_script_options`

propagate_error : bool, optional (default is False)

If true propagate errors.

reset_scripts : bool, optional (default is True)

If given, reset the AndroScript before analyzing.

Returns:

list<FastApk, list<AndroScript>>

Uses FastApk to only store the meta information, not the apk data!

None

If error happened.

androlyze.analyze.AnalyzeUtil.analyze_apk_ana_objs(ana_objs, time_s, eandro_apk, scripts, propagate_error=False, reset_scripts=True)

Analyze the eandro_apk with the given scripts assuming each AndroScript neads at least min_script_needs.

Be sure that you reseted the scripts!

Parameters:

eandro_apk : EAndroApk

The apk.

scripts : iterable<AndroScript>

The scripts to use for the analysis.

propagate_error : bool, optional (default is False)

If true propagate errors.

reset_scripts : bool, optional (default is True)

If given, reset the AndroScript before analyzing.

Returns:

list<FastApk, list<AndroScript>>

Uses FastApk to only store the meta information, not the apk data!

None

If error happened.

androlyze.analyze.AnalyzeUtil.analyze_dex(filepath_or_raw, needs_dalvik_vm_format=True, needs_vm_analysis=True, needs_gvm_analysis=True, needs_xref=True, needs_dref=True, raw=False, decompiler='dad')

Open the classes.dex file needs_dalvik_vm_format and set up an analyzer for it needs_vm_analysis.

Parameters:

filepath_or_raw : path to file or raw data

Set raw to True if filepath_or_raw is raw data.

needs_dalvik_vm_format : bool, optional (default is True)

needs_vm_analysis : bool, optional (default is True)

needs_gvm_analysis : bool, optional (default is True)

needs_xref : bool, optional (default is True)

needs_dref : bool, optional (default is True)

raw : bool, optional (default is False)

decompiler : str, optional (default is “dad”)

Returns:

tuple<DalvikVMFormat, VMAnalysis, GVMAnalysis>

Raises:

DexError

If an error occurred while creating the analysis objects.

androlyze.analyze.AnalyzeUtil.apk_gen(apks_or_paths)

Helper function that checks every element of apks_or_paths if its a path or already an Apk.

Parameters:

apks_or_paths: list<str> or list<Apk>, optional (default is [])

List of Apk or paths to the apks which shall be analyzed with the given scripts If you analyze from paths the import_date is not set!

Returns:

generator<tuple<str, Apk, bool>>

Path to .apk, instance of Apk, bool what determines if current element of apks_or_paths is an Apk

androlyze.analyze.AnalyzeUtil.apk_id_or_raw_data_gen(apk_gen, force_raw_data=False)

Generator over the .apk files if only path given (or force_raw_data). Otherwise generator over the apk ids.

Errors will be logged!.

Parameters:

apk_gen : iterable<tuple<str, Apk, bool>>

See :py:method:`.AnalyzeUtil.apk_gen`

force_raw_data : bool, optional (default is False)

If true, force to yield zipfile rather than hash.

Returns:

generator<tuple<object, bool>>

Raw zip file or id. Second component of tuples indicates that the generator is other the id’s rather than over the zip files. Last is an Apk object.

androlyze.analyze.AnalyzeUtil.apk_zipfile_gen(apk_gen)

Generator over the .apk files (raw data). Errors will be logged!.

Parameters:

apk_gen : iterable<tuple<str, Apk, bool>>

See :py:method:`.AnalyzeUtil.apk_gen`

androlyze.analyze.AnalyzeUtil.eandro_apk_gen(apk_gen)

Generator over EAndroApk.

Parameters:

apk_gen : iterable<tuple<str, Apk, bool>>

See :py:method:`.AnalyzeUtil.apk_gen`

androlyze.analyze.AnalyzeUtil.open_apk(apk_or_path=None, apk=None, raw=False, path=None)

Open apk and set meta information from apk

Parameters:

apk_or_path : str, optional (default is None).

Path to apk.

apk : Apk, optional (default is None)

If given, take the meta infos from apk. So we don’t need to recompute the hash. At least if apk_or_path.

raw : bool, optional (default is False)

If specified, use apk as raw .apk data.

path : str, optional (default is None)

Can be used for raw to set the path of the EAndroApk. If not given, won’t be set.

Returns:

EAndroApk

None

If apk could not be opened.

androlyze.analyze.AnalyzeUtil.show_n_inc_progress(total_cnt, tasks_per_chunk=1)

Infinite generator over the cnt of analyzed apks. Also shows progress and time elapsed on run. Call it once before the first result is available (show 0 progress). Otherwise count will be wrong! If the progress is 1.0, the progress conut will not be increased any further and the total_cnt will be returned.

Parameters:

total_cnt : int

tasks_per_chunk : int, optional (default is 1)

Number of subtasks a task (chunk) contains.

Returns:

int

Number of analyzed apks

androlyze.analyze.AnalyzeUtil.store_script_res(storage, script, apk)

Store script results to disk and result database.

Apk’s which haven’t been imported, won’t get imported into the database! But of course the results will be stored.

Parameters:

storage : RedundantStorage

script : AndroScript

apk : Apk

Returns:

See :py:method:`.RedundantStorage.store_result_for_apk`

Raises:

StorageException

androlyze.analyze.Analyzer module

class androlyze.analyze.Analyzer.Analyzer(storage, script_list, script_hashes, *args, **kwargs)

Bases: androlyze.analyze.BaseAnalyzer.BaseAnalyzer

Non-parallel analyzer

Attributes

Methods

androlyze.analyze.BaseAnalyzer module

class androlyze.analyze.BaseAnalyzer.BaseAnalyzer(storage, script_list, script_hashes, min_script_needs, apks_or_paths, cnt_apks=None, storage_results=None, **kwargs)

Bases: object

Base analyzer which offers functions for analyzing an apk file with the help of androguard. It can use scripts that derive from AndroScript.

Attributes

Methods

add_storage_result(res)

Add res to the storage_results.

Parameters:

res : tuple<str, bool>

Storage results. First component is the id of the entry and the second a boolean indication if the result has been stored in gridfs.

analyze(*args, **kwargs)

Start the analysis and store the results in the predefined place.

Returns:

int

Number of analyzed apks

apks_or_paths

iterable<str> or list<Apk>, optional (default is []) : List of Apk or paths to the apks which shall be analyzed with the given scripts. If you analyze from paths the import_date is not set!

cnt_analyzed_apks

Value<int> : Shared memory integer showing the count of already analyzed apks

del_apks_or_paths()

del_cnt_analyzed_apks()

del_min_script_needs()

del_script_hashes()

del_script_list()

del_storage()

del_storage_results()

get_apks_or_paths()

get_cnt_analyzed_apks()

get_min_script_needs()

get_script_hashes()

get_script_list()

get_storage()

get_storage_results()

get_total_cnt()

Return the total number of apks to analyze.

Returns:

multiprocessing.Value

Shared memory count.

is_distributed_analyzer()

Check if BaseAnalyzer is DistributedAnalyzer

is_non_parallel_analyzer()

Check if BaseAnalyzer is Analyzer

is_parallel_analyzer()

Check if BaseAnalyzer is ParallelAnalyzer

min_script_needs

tuple<bool> : See :py:method:`ScriptUtil.get_maximal_script_options`.

script_hashes

list<str>, optional (default is None) : If given, set the hash for the `AndroScript`s

script_list

list<type<AndroScript>> : List of `AndroScript`s references (not instantiated class!)

set_apks_or_paths(value)

set_cnt_analyzed_apks(value)

Parameters:value : int

set_min_script_needs(value)

set_script_hashes(value)

set_script_list(value)

set_storage(value)

set_storage_results(value)

storage

StorageInterface : The storage to store the results.

storage_results

Queue<tuple<str, bool>> : Storage results. First component is the id of the entry and the second a boolean indication if the result has been stored in gridfs.

Module contents