androlyze.model.script package

Subpackages

Submodules

androlyze.model.script.AndroScript module

class androlyze.model.script.AndroScript.AndroScript[source]

Bases: object, androlyze.model.Resetable.Resetable, androlyze.model.Hashable.Hashable

Base class for androguard scripts which offers a consistent way of logging the analysis results with the help of the ResultObject

If you don’t want json data as output you can use a different object for result logging. See AndroScript.custom_result_object().

Overwrite the _analyze function to write your custom script! Also set the options your script needs.

See the methods prefixed with needs.

Be sure to specify the script version with the VERSION variable!

You can test your script with the test method. This helps to find errors and unregistered keys very fast.

Attributes

VERSION  

Methods

VERSION = None
add_apk_androguard_analyze_time(seconds)[source]

Add the androguard analyze time to the ResultObject. This is also a good moment to calculate the complete time.

analyze(apk, dalvik_vm_format, vm_analysis, gvm_analysis, *args, **kwargs)[source]

Analyze the given EAndroApk and return the ResultObject.

Parameters:

apk: EAndroApk

dalvik_vm_format: DalvikVMFormat

Parsed .dex file. Only available if needs_dalvik_vm_format returns True.

vm_analysis: VMAnalysis

Dex analyzer. Only available if needs_vmanalysis returns True.

gvm_analysis : GVMAnalysis
Returns:

ResultObject
Other Parameters:
 

log_script_meta : bool, optional (default is True)

Can be used to disable logging of script meta infos at all. Otherwise they will be logged only once.
Raises:

NotImplementedError

If AndroScript.VERSION not specified
create_script_stats()[source]

If true, create some script statistics and write them into the ResultObject

cres

object, optional (default is None) : Custom result object for logging

custom_result_object()[source]

Overwrite this method, if you want to use your own result logging framework/object, You can supply it here and access it via self.cres.

E.g. you could return (“”, “txt”) for simply logging with a string to a .txt file.

The str representation of it will be stored! Automatically stores your data (str() of self.cres) in mongodb’s gridfs.

The ResultObject in self.res is still existing and internally used to log some meta information.

Returns:

tuple<object, str>

First argument is the result object you want to use, the second is the file name extension used for storage (without a leading point)
del_cres()[source]
del_file_name_ext()[source]
del_name()[source]
del_res()[source]
file_name_ext

str, optional (default is JSON_FILE_EXT) : The file name extension.

gen_unique_id(apk hash + script name)[source]
get_cres()[source]
get_file_name()[source]

Get the file name used for storage

get_file_name_ext()[source]
get_name()[source]
get_res()[source]
is_big_res()[source]

Return true, if your result may exceed 16mb. This will store your data (str() of self.cres) in mongodb’s gridfs.

You don’t need to return true, if you’re using a different result object! (see custom_result_object()) This will be done automatically.

static load_from_result_dict(res_dict, apk=None)[source]

Load an AndroScript from the res_dict.

Parameters:

res_dict : dict

See ResultObject.description_dict

apk : Apk, optional (default is None)

Link to ResultObject to apk
name

str : the name of the script (class name)

needs_dalvik_vm_format()[source]

Gives access to the DalvikVMFormat object which is a parser for the classes.dex file

needs_dref()[source]

Create data references. Automatically implies needs_dalvik_vm_format, needs_vmanalysis and needs_gvmanalysis

needs_gvmanalysis()[source]

Gives access to the GVMAnalysis object. Creates a graph which you can use for export (gexf etc) or do your custom stuff

needs_vmanalysis()[source]

Gives access to the VMAnalysis object which is a analyzer for the DalvikVMFormat object

needs_xref()[source]

Create cross references. Automatically implies needs_dalvik_vm_format, needs_vmanalysis and needs_gvmanalysis

res

ResultObject : keeps the analysis results

reset()[source]

Reset the AndroScript so that it can be used for a new analysis. If you do a custom initialization in your script, you probably want do put the init code inside this method.

Don’t forget to call the super reset !

result_dict(gen_id=False)[source]

Returns an OrderedDict holding information about the analyzed Apk as well as the script, as well as eventually user logged infos.

Parameters:

gen_id : bool, optional (default is False)

Generate an id = sha256(apk hash + script name) and store it under the “_id” key.
Returns:

OrderedDict
set_cres(value)[source]
set_file_name_ext(value)[source]
set_name(value)[source]
set_res(value)[source]
static test(script, apk_paths)[source]

Use this function to develop and test your script.

E.g. find unregistered keys and other errors.

Parameters:

script : type

The reference to the script which shall be tested (not instantiated!)

apk_paths : iterable<str>

Paths to apks
Returns:

list<ResultObject>

The ResultObject for every analyzed apk

Examples

>>> for res in AndroScript.test(ClassDetails, ["../../../testenv/apks/a2dp.Vol.apk"]):
...     # get result object
...     print res
...     # get json
...     print res.write_to_json()
uses_custom_result_object()[source]

Check if the script uses a custom result object for logging

androlyze.model.script.ChainedScript module

class androlyze.model.script.ChainedScript.ChainedScript(androscripts=None, root_categories=(), name=None, log_chained_script_meta_infos=True, continue_on_script_failure=True, log_script_failure_exception=False, **kwargs)[source]

Bases: androlyze.model.script.AndroScript.AndroScript

This script can be used to chain multiple `AndroScript`s together. This means that all scripts will run but you only get one result file.

This allows you to split your scripts into smaller modules and combine them as you need.

This works by supplying the AndroScript`s which shall be chained via the `chain_scripts method.

See also

SampleChainScript
An example how to chain several scripts

Attributes

VERSION  

Methods

androscripts

list<AndroScript> : List of scripts that will run

chain_scripts()[source]

Use this method to specify which scripts shall be chained together.

Be careful to only return a reference to the class (type). So do not instantiate them!

Returns:

androscripts : list<AndroScript>

List of scripts to use (instantiated classes)
continue_on_script_failure()[source]

Specify if the analysis shall continue if a script encounters an error

del_androscripts()[source]
get_androscripts()[source]
static is_chained_script(script)[source]

Check if the script is a ChainedScript

log_chained_script_meta_infos()[source]

By default some information will be logged. Like e.g. the scripts used, which ran successful and which failed.

log_script_failure_exception()[source]

If true, write the exception into the result file. Only usable if log_chained_script_meta_infos returns True.

needs_dalvik_vm_format()[source]
needs_dref()[source]
needs_gvmanalysis()[source]
needs_vmanalysis()[source]
needs_xref()[source]
reset()[source]
root_categories()[source]

Return a tuple<str> under which you want to store the results of the scripts. Empty tuple means no category at all

set_androscripts(value)[source]
Raises:

AndroScriptError

If an error happened while setting the scripts.
static try_get_chained_script_name(script)[source]

If script is a ChainedScript, use the repression instead of the script name

androlyze.model.script.CustomResultObjInterface module

class androlyze.model.script.CustomResultObjInterface.CustomResultObjInterface[source]

Interface that defines for custom result objects how their results will be stored

Methods

get_custom_result_obj_repr()[source]

Return the data that shall be stored

androlyze.model.script.ScriptTemplate module

class androlyze.model.script.ScriptTemplate.Eval[source]

Bases: androlyze.model.script.dblyze.DBLyze.DBLyze

Methods

ON_SCRIPT

alias of ScriptTemplate

class androlyze.model.script.ScriptTemplate.ScriptTemplate[source]

Bases: androlyze.model.script.AndroScript.AndroScript

Template for writing a custom AndroScript

Attributes

Methods

VERSION = '0.1'
create_script_stats()[source]

If true, create some script statistics and write them into the ResultObject

custom_result_object()[source]

Overwrite this method, if you want to use your own result logging framework/object, You can supply it here and access it via self.cres.

E.g. you could return (“”, “txt”) for simply logging with a string to a .txt file.

The str representation of it will be stored!

The ResultObject in self.res is still existing and internally used to log some meta information.

Returns:

tuple<object, str>

First argument is the result object you want to use, the second is the file name extension used for storage (without a leading point)
is_big_res()[source]

Return true, if your result may exceed 16mb. This will store your data (str() of self.cres) in mongodb’s gridfs.

You don’t need to return true, if you’re using a different result object! (see custom_result_object()) This will be done automatically.

needs_dalvik_vm_format()[source]

Gives access to the DalvikVMFormat object which is a parser for the classes.dex file

needs_dref()[source]

Create data references

needs_gvmanalysis()[source]

Gives access to the GVMAnalysis object. Creates a graph which you can use for export (gexf etc) or do your custom stuff

needs_vmanalysis()[source]

Gives access to the VMAnalysis object which is a analyzer for the DalvikVMFormat object

needs_xref()[source]

Create cross references

reset()[source]

Reset the AndroScript so that it can be used for a new analysis. If you do a custom initialization in your script, you probably want do put the init code inside this method.

Don’t forget to call the super reset !

androlyze.model.script.ScriptUtil module

androlyze.model.script.ScriptUtil.androscript_options_descr(androscripts)[source]

Format the minimum options to run the androscripts.

Parameters:androscripts : list<AndroScript>
Returns:tuple<bool>
androlyze.model.script.ScriptUtil.chained_script(androscripts, root_categories=(), name=None, log_chained_script_meta_infos=False, continue_on_script_failure=True, log_script_failure_exception=False)[source]

Factory method for creating a ChainedScript. Can be used to do further grouping. E.g. group the results of multiple scripts under the given root_categories

Parameters:

androscripts : list<AndroScript>, optional (default is [])

List of scripts to use (instantiated classes!)

root_categories : tuple<str>, optional (default is ())

Categories under which you want to store the results of the scripts. Empty tuple means no category at all

name : str, optional (default is class name))

If given set the name of the created class.

log_chained_script_meta_infos : bool, optional (default is False)

Will be passed to the ChainedScript subclass. Meaning no meta information will be created from it (related to the chained scripts)

continue_on_script_failure : bool, optional (default is True)

log_script_failure_exception : bool, optional (default is False)
Returns:

ChainedScript
androlyze.model.script.ScriptUtil.dict2json(d)[source]

Convert the dict d to json and convert any datetime object to iso8601. Can also convert `bson.objectid.ObjectId

androlyze.model.script.ScriptUtil.get_minimum_script_options(androscripts)[source]

Get the maximum script options that any of androscripts needs.

These are the minimum options needed to run the androscripts.

Parameters:androscripts : list<AndroScript>
Returns:tuple<bool>
androlyze.model.script.ScriptUtil.import_scripts(script_list, via_package=False, _reload=False, clazz_name=None)[source]

Import the scripts (via file path or package name - configurable via via_pacakge).

Parameters:

script_list: list<str>

list of script names (absolute path) or package names.

via_package : bool, optional (default is False)

If true, assume package names are given instead of file paths.

_reload : bool, optional (default is False)

Reload scripts and delete them from internal cache. Only possible if via_package.

clazz_name : optional (default is None)

The name of the class to import. If none, use the name of the module.
Returns:

list<type<AndroScript>>

list of uninstantiated AndroScript classes
Raises:

AnalyzeError

If an NoAndroScriptSubclass, IOError or ModuleNotSameClassNameException has been raised.

ImportError
androlyze.model.script.ScriptUtil.instantiate_scripts(script_list, script_paths=None, script_hashes=None)[source]

Instantiate the `AndroScript`s and return them.

Parameters:

script_list : list<type<AndroScript>>

script_paths : list<str>, optional (default is None)

If given, set the path of the AndroScript (needed for hashing)

script_hashes : list<str>, optional (default is [])

If given, set the hash of the AndroScript directly (without hashing the file from path)
Returns:

list<AndroScript>
Raises:

AndroScriptError

If an error happened while initializing some AndroScript
androlyze.model.script.ScriptUtil.is_result_object(obj)[source]

Module contents