jxzhxch / androguard Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/androguard
License: Apache License 2.0
Automatically exported from code.google.com/p/androguard
License: Apache License 2.0
dex2jar output is located in the same directory of the running process.
so decompiler.py fails to locate the jar file created.
Probably this code should be added:
tmpfilename = os.path.basename(fdname) + "_dex2jar.jar"
import shutil
try :
if os.os.path.exists(tmpfilename) :
shutil.move(tmpfilename, pathtmp)
except Exception, e:
print "Failed to move file %s. Exception %s" %(tmpfilename, e)
os.remove(tmpfilename)
The idea is: if jar file exists, then mv into tmp dir, so the unzip works
correctly.
Original issue reported on code.google.com by [email protected]
on 17 Apr 2012 at 3:27
When executing "make" on the latest version from the repository under Ubuntu
11.10 64bit I get the following errors:
sign.cc: In member function ‘float Msign::sign_ncd(std::string, std::string,
int)’:
sign.cc:681:25: error: cannot convert ‘unsigned int*’ to ‘size_t* {aka
long unsigned int*}’ in assignment
sign.cc:682:24: error: cannot convert ‘unsigned int*’ to ‘size_t* {aka
long unsigned int*}’ in assignment
Original issue reported on code.google.com by [email protected]
on 7 Feb 2012 at 6:25
What steps will reproduce the problem?
1.at the make step
2.
3.
What is the expected output? What do you see instead?
complete the make process
I see following message...
CC formula.o
In file included from formula.cc:21:
formula.h:26:22: error: muParser.h: No such file or directory
In file included from /usr/include/c++/4.4/ext/hash_map:60,
from formula.h:35,
from formula.cc:21:
/usr/include/c++/4.4/backward/backward_warning.h:28:2: warning: #warning This
file includes at least one deprecated or antiquated header which may be removed
without further notice at a future date. Please use a non-deprecated interface
with equivalent functionality instead. For a listing of replacement headers and
interfaces, consult the file backward_warning.h. To disable this warning use
-Wno-deprecated.
In file included from formula.cc:21:
formula.h:42: error: ‘mu’ is not a namespace-name
formula.h:42: error: expected namespace-name before ‘;’ token
formula.h:53: error: ‘Parser’ does not name a type
formula.cc: In constructor ‘Formula::Formula(std::string, int)’:
formula.cc:36: error: ‘class Formula’ has no member named ‘p’
formula.cc: In member function ‘int Formula::eval()’:
formula.cc:58: error: ‘p’ was not declared in this scope
formula.cc:61: error: expected type-specifier before ‘Parser’
formula.cc:61: error: expected ‘)’ before ‘::’ token
formula.cc:61: error: expected ‘{’ before ‘::’ token
formula.cc:61: error: ‘::exception_type’ has not been declared
formula.cc:61: error: ‘e’ was not declared in this scope
formula.cc:61: error: expected ‘;’ before ‘)’ token
make[3]: *** [formula.o] Error 1
make[2]: *** [LIBS] Error 2
make[1]: *** [LIBS] Error 2
make: *** [LIBS] Error 2
What version of the product are you using? On what operating system?
the latest one from from
hg clone https://androguard.googlecode.com/hg/ androguard
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 30 Mar 2012 at 6:17
What steps will reproduce the problem?
1. Grab source from mercurial, or 0.9 or 1.0RC1
2. Edit *.h files to point to correct location of hash_map
#ifdef __APPLE__
#include <ext/hash_map>
#else
#include <ext/hash_map>
3. Install all prerequisites
4. type 'make'
What is the expected output? What do you see instead?
Expected output: all sources should be compiled
What I get:
Undefined symbols for architecture x86_64:
"_PyType_GenericNew", referenced from:
_initdvmnative in dvm.o
"_PyType_Ready", referenced from:
_initdvmnative in dvm.o
"_Py_InitModule4_64", referenced from:
_initdvmnative in dvm.o
"_PyModule_AddObject", referenced from:
_initdvmnative in dvm.o
"_Py_BuildValue", referenced from:
DCode_get_nb_bytecodes(dvm_DCodeObject*, _object*) in dvm.o
DBC_get_opvalue(dvm_DBCObject*, _object*) in dvm.o
DBC_get_length(dvm_DBCObject*, _object*) in dvm.o
DBC_get_type_ins(dvm_DBCObject*, _object*) in dvm.o
DBCSpe_get_opvalue(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_length(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_type_ins(dvm_DBCSpeObject*, _object*) in dvm.o
...
"_PyList_New", referenced from:
DCode_get_bytecodes(dvm_DCodeObject*, _object*) in dvm.o
DCode_get_bytecodes_spe(dvm_DCodeObject*, _object*) in dvm.o
DBC_get_operands(dvm_DBCObject*, _object*) in dvm.o
DBCSpe_get_operands(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_targets(dvm_DBCSpeObject*, _object*) in dvm.o
"_PyList_Append", referenced from:
DCode_get_bytecodes(dvm_DCodeObject*, _object*) in dvm.o
DCode_get_bytecodes_spe(dvm_DCodeObject*, _object*) in dvm.o
DBC_get_operands(dvm_DBCObject*, _object*) in dvm.o
DBCSpe_get_operands(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_targets(dvm_DBCSpeObject*, _object*) in dvm.o
"_PyArg_ParseTuple", referenced from:
DCode_init(dvm_DCodeObject*, _object*, _object*)in dvm.o
"_PyString_FromString", referenced from:
DBC_get_name(dvm_DBCObject*, _object*) in dvm.o
DBC_get_operands(dvm_DBCObject*, _object*) in dvm.o
DBCSpe_get_name(dvm_DBCSpeObject*, _object*) in dvm.o
"_PyInt_FromLong", referenced from:
DBC_get_operands(dvm_DBCObject*, _object*) in dvm.o
DBCSpe_get_operands(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_targets(dvm_DBCSpeObject*, _object*) in dvm.o
"_PyString_FromStringAndSize", referenced from:
DBCSpe_get_operands(dvm_DBCSpeObject*, _object*) in dvm.o
"__Py_NoneStruct", referenced from:
DBCSpe_get_operands(dvm_DBCSpeObject*, _object*) in dvm.o
DBCSpe_get_targets(dvm_DBCSpeObject*, _object*) in dvm.o
ld: symbol(s) not found for architecture x86_64
collect2: ld returned 1 exit status
make: *** [LIBDVM] Error 1
What version of the product are you using? On what operating system?
Androguard from mercurial, 0.9 or 1.0RC1
OSX 10.7.2
Python 2.7.1 (standard Python package that was shipped with OSX)
Please provide any additional information below.
g++ was installed from Command Line Tools for Xcode:
Using built-in specs.
Target: i686-apple-darwin11
Configured with: /private/var/tmp/llvmgcc42/llvmgcc42-2336.9~22/src/configure
--disable-checking --enable-werror
--prefix=/Applications/Xcode.app/Contents/Developer/usr/llvm-gcc-4.2
--mandir=/share/man --enable-languages=c,objc,c++,obj-c++
--program-prefix=llvm- --program-transform-name=/^[cg][^.-]*$/s/$/-4.2/
--with-slibdir=/usr/lib --build=i686-apple-darwin11
--enable-llvm=/private/var/tmp/llvmgcc42/llvmgcc42-2336.9~22/dst-llvmCore/Develo
per/usr/local --program-prefix=i686-apple-darwin11-
--host=x86_64-apple-darwin11 --target=i686-apple-darwin11
--with-gxx-include-dir=/usr/include/c++/4.2.1
Thread model: posix
gcc version 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.9.00)
Original issue reported on code.google.com by [email protected]
on 6 Mar 2012 at 6:18
/androguard-0.9$ ./androgexf.py -i
'/home/suresh/Bureaublad/AndroidCracking/vddebug.apk' -o ./xxxxx.gexf
/usr/lib/pymodules/python2.6/matplotlib/numerix/__init__.py:18:
DeprecationWarning:
**********************************************************
matplotlib.numerix and all its subpackages are deprecated.
They will be removed soon. Please use numpy instead.
**********************************************************
warnings.warn(msg, DeprecationWarning)
/usr/lib/pymodules/python2.6/networkx/generators/hybrid.py:16:
DeprecationWarning: the sets module is deprecated
import sets
Traceback (most recent call last):
File "./androgexf.py", line 28, in <module>
import androguard, apk, dvm, analysis, ganalysis, androconf
File ".//core/analysis/ganalysis.py", line 23, in <module>
import libsign
ImportError: liblzma.so.5: cannot open shared object file: No such file or
directory
Original issue reported on code.google.com by [email protected]
on 28 Oct 2011 at 6:05
Upon executing:
android@honeynet:~/androguard$ ./androsign.py -h
I got following error:
Traceback (most recent call last):
File "./androsign.py", line 29, in <module>
from elsim.elsign import dalvik_elsign
File "./elsim/elsim/elsign/dalvik_elsign.py", line 29, in <module>
from libelsign.libelsign import Elsign, entropy
ImportError: No module named libelsign
I am using ARE(Android Reverse Engineering) Virtual Machine
>Any ideas to get through.
thank you.
Original issue reported on code.google.com by [email protected]
on 27 Mar 2012 at 10:20
There are three problems when compiling androguard under OSX
1. Python binding should manually link with -lpython
2. an inline assembly code with condition micro
3. hash_map header file's path changed in g++ of Xcode
I've patched these problems and attached the patch file here.
My environment is OSX Lion 10.7.3, Xcode 4.3.1, g++ 4.2.1
Original issue reported on code.google.com by [email protected]
on 21 Mar 2012 at 3:37
Attachments:
backtrace:
Traceback (most recent call last):
File "./androlyze.py", line 243, in <module>
main(options, arguments)
File "./androlyze.py", line 197, in main
_a = AndroguardS( options.input )
File "/media/truecrypt1/androguard/androguard/core/androgen.py", line 238, in __init__
self.__orig_a = Androguard( [ filename ], raw )
File "/media/truecrypt1/androguard/androguard/core/androgen.py", line 91, in __init__
self._analyze()
File "/media/truecrypt1/androguard/androguard/core/androgen.py", line 112, in _analyze
x = apk.APK( i )
File "/media/truecrypt1/androguard/androguard/core/bytecodes/apk.py", line 108, in __init__
self.xml[i] = minidom.parseString( AXMLPrinter( self.zip.read( i ) ).getBuff() )
File "/usr/lib/python2.7/xml/dom/minidom.py", line 1924, in parseString
return expatbuilder.parseString(string)
File "/usr/lib/python2.7/xml/dom/expatbuilder.py", line 940, in parseString
return builder.parseString(string)
File "/usr/lib/python2.7/xml/dom/expatbuilder.py", line 223, in parseString
parser.Parse(string, True)
xml.parsers.expat.ExpatError: unbound prefix: line 9, column 0
support multiple xmlns
Original issue reported on code.google.com by [email protected]
on 20 Mar 2012 at 11:20
1. Add a method to get source in ClassItem
def display_source(self) :
self.__CM.decompiler_ob.display_all( self.get_name() )
def get_source(self)
self.__CM.decompiler_ob.get_all(self.get_name() )
2. Add a method to get source in EncodedMethod
def source(self) :
return self.__CM.decompiler_ob.get_source( self.get_class_name(), self.get_name() )
def display_source(self) :
self.__CM.decompiler_ob.display_source( self.get_class_name(), self.get_name() )
3. Remove get_descriptor() because unused in source(self, class_name,
method_name) of dvm.py
4. rename source in display_source or show_source in dvm.py
Original issue reported on code.google.com by [email protected]
on 18 Apr 2012 at 1:58
In tdecompiler.py check if /tmp/ dir exists; if not then create it:
class DecompilerDex2Jad :
def __init__(self, vm, path_dex2jar = "./decompiler/dex2jar/", bin_dex2jar = "dex2jar.sh", path_jad="./decompiler/jad/", bin_jad="jad") :
self.classes = {}
self.classes_failed = []
pathtmp = os.getcwd() + "/tmp/"
if not os.path.exists(pathtmp): <-- Adding check
os.makedirs(pathtmp) <-- Adding dir creation
Original issue reported on code.google.com by [email protected]
on 17 Apr 2012 at 2:49
def get_fields_by_bb(self, bb) :
l = []
for i in self.__vars[ TAINTED_FIELD ] :
for j in self.__vars[ TAINTED_FIELD ][i].gets() : <-- Missing method!
for j in self.__vars[ TAINTED_FIELD ][i] :
if j.get_bb() == bb :
l.append( (i.get_name(), j.get_access_flag()) )
return l
Original issue reported on code.google.com by [email protected]
on 17 Apr 2012 at 9:03
What steps will reproduce the problem?
1.when I run ./demos/dalvikvm_format_2.py, it throw errors.
What is the expected output? What do you see instead?
the expected output should encode decoded dex file correctly.But I saw:
Traceback (most recent call last):
File "./demos/dalvikvm_format_2.py", line 25, in <module>
fd.write( j.save() )
File ".//core/bytecodes/dvm.py", line 3183, in save
return self._get_raw()
File ".//core/bytecodes/dvm.py", line 3211, in _get_raw
l = self.map_list.get_raw()
File ".//core/bytecodes/dvm.py", line 3150, in get_raw
[ x.get_raw() for x in self.map_item ]
File ".//core/bytecodes/dvm.py", line 2959, in get_raw
return [ bytecode.Buff( self.__offset.off, self.format.get_value_buff() ) ] + [ i.get_raw() for i in self.item ]
File ".//core/bytecodes/dvm.py", line 1333, in get_raw
return [ bytecode.Buff(self.__offset.off, self.visibility.get_value_buff()) ] + self.annotation.get_raw()
File ".//core/bytecodes/dvm.py", line 1312, in get_raw
[ i.get_raw() for i in self.elements ]
File ".//core/bytecodes/dvm.py", line 1287, in get_raw
return [ bytecode.Buff(self.__offset.off, writeuleb128(self.name_idx) + self.value.get_raw()) ]
File ".//core/bytecodes/dvm.py", line 1269, in get_raw
return self.val.get_value_buff() + self.value.get_raw()
What version of the product are you using? On what operating system?
I am using androguard 0.9. on Ubuntu 11.04
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 3 Feb 2012 at 9:23
The following command is expected to display information regarding a given
package, isn't it? It displays all packages.
$ ./andromercury.py --list=mypackage
Package name: com.android.soundrecorder
Process name: com.android.soundrecorder
Version: 2.2
Data directory: /data/data/com.android.soundrecorder
APK path: /system/app/SoundRecorder.apk
UID: 10022
GID: 3003; 1015;
Permissions: android.permission.RECORD_AUDIO; android.permission.INTERNET;
android.permission.WAKE_LOCK; android.permission.WRITE_EXTERNAL_STORAGE;
Package name: com.android.alarmclock
Process name: com.android.alarmclock
Using Mercury 1.0 on an Android Emulator.
Original issue reported on code.google.com by [email protected]
on 30 May 2012 at 12:48
Thanks for taking care of my previous issue so quickly. Unfortunately the next
two steps I tried also produce unexpected errors:
What steps will reproduce the problem?
Run
a = androguard.AndroguardS("attached jar file")
for i in a.get_fields() :
print i.get_access(), i.get_name(), i.get_descriptor()
What is the expected output? What do you see instead?
raceback (most recent call last):
File "./bla.py", line 19, in <module>
for i in a.get_fields() :
File "/home/spjsschl/androguard/androguard.py", line 474, in __getattr__
return getattr(self.__a, value)
AttributeError: 'NoneType' object has no attribute 'get_fields'
What version of the product are you using? On what operating system?
Current mercury androguard on ubuntu oneiric
Johannes
Original issue reported on code.google.com by [email protected]
on 29 Nov 2011 at 11:55
Attachments:
What steps will reproduce the problem?
run
./dalvikvm_format_1.py
What is the expected output? What do you see instead?
Traceback (most recent call last):
File "./dalvikvm_format_1.py", line 7, in <module>
from androguard.core.bytecodes import dvm
ImportError: No module named androguard.core.bytecodes
What version of the product are you using? On what operating system?
ARE from virtualbox
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 28 Mar 2012 at 8:57
What steps will reproduce the problem?
1. import androlyze.py
2. run the python programm
What is the expected output? What do you see instead?
the programm should just run, instead an error is thrown
What version of the product are you using? On what operating system?
ubuntu 11.04, newest hg checkout
Please provide any additional information below.
Traceback (most recent call last):
File "myscript.py", line 6, in <module>
from androlyze import AAnalyzeAPK
File "/foo/bar/bla/androguard/androlyze.py", line 36, in <module>
from androguard.core.analysis.diff import *
ImportError: No module named diff
ll androguard/androguard/core/analysis
ls: unrecognized prefix: hl
ls: unparsable value for LS_COLORS environment variable
total 308
-rw-rw-r-- 1 android android 78620 2012-04-02 12:05 analysis.py
-rw-rw-r-- 1 android android 84849 2012-04-02 12:08 analysis.pyc
-rw-rw-r-- 1 android android 20678 2012-04-02 12:05 ganalysis.py
-rw-rw-r-- 1 android android 14943 2012-04-02 12:08 ganalysis.pyc
-rw-rw-r-- 1 android android 0 2012-04-02 12:05 __init__.py
-rw-rw-r-- 1 android android 136 2012-04-02 12:08 __init__.pyc
-rw-rw-r-- 1 android android 44477 2012-04-02 12:05 risk.py
-rw-rw-r-- 1 android android 27319 2012-04-02 12:08 risk.pyc
-rw-rw-r-- 1 android android 12837 2012-04-02 12:05 sign.py
-rw-rw-r-- 1 android android 10625 2012-04-02 12:08 sign.pyc
Original issue reported on code.google.com by [email protected]
on 2 Apr 2012 at 10:16
What steps will reproduce the problem?
1.at the make step
2.
3.
What is the expected output? What do you see instead?
complete the make process
I see following message...
android@honeynet:~/tools/backup/androguard$ make
In file included from /usr/include/c++/4.4/ext/hash_map:60,
from formula.h:35,
from test.cc:1:
/usr/include/c++/4.4/backward/backward_warning.h:28:2: warning: #warning This
file includes at least one deprecated or antiquated header which may be removed
without further notice at a future date. Please use a non-deprecated interface
with equivalent functionality instead. For a listing of replacement headers and
interfaces, consult the file backward_warning.h. To disable this warning use
-Wno-deprecated.
formula.o: In function `Formula::eval()':
formula.cc:(.text+0x49f): undefined reference to `mu::ParserBase::Eval() const'
collect2: ld returned 1 exit status
make[3]: *** [TEST] Error 1
make[2]: *** [LIBS] Error 2
make[1]: *** [LIBS] Error 2
make: *** [LIBS] Error 2
What version of the product are you using? On what operating system?
the latest one from from
hg clone https://androguard.googlecode.com/hg/ androguard
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 24 Apr 2012 at 10:50
What steps will reproduce the problem?
1. Download either androguard from source, 1.0RC1 or 0.9
2. Install all prerequisites
3. Run ./androlyze -s
What is the expected output? What do you see instead?
Expected output: IPython shell.
What I get:
Traceback (most recent call last):
File "./androlyze.py", line 29, in <module>
import IPython.ipapi
ImportError: No module named ipapi
What version of the product are you using? On what operating system?
IPython 0.12. Androguard from source, 1.0RC1 and 0.9. Ubuntu 11.10
Please provide any additional information below.
ipapi is deprecated in IPython 0.12 which is the latest stable version.
http://ipython.org/ipython-doc/stable/api/generated/IPython.core.ipapi.html
The following fix seems to work:
from IPython.frontend.terminal.embed import InteractiveShellEmbed
from IPython.config.loader import Config
cfg = Config()
ipshell = InteractiveShellEmbed(config=cfg, banner1="Androlyze version %s" %
androconf.ANDROGUARD_VERSION)
ipshell()
Original issue reported on code.google.com by [email protected]
on 6 Mar 2012 at 4:48
- Take code straight from the repository
- sudo apt-get install libmuparser-dev
- ./elsim
- make
Fails to compile. The makefile can't find muParser.h and Python.h which are
located (on my system) in:
/usr/include/muParser
/usr/include/python2.6
Adding those paths to the CFLAGS:
in elsim/elsign/formula/Makefile, add:
CFLAGS += -I/usr/include/muParser
in elsim/elsign/libelsign/Makefile, add:
CFLAGS += -I/usr/include/muParser -I/usr/include/python2.6
and it compiles.
on Linux/debian.
Original issue reported on code.google.com by [email protected]
on 25 May 2012 at 1:33
What steps will reproduce the problem?
1. In detection part, that is, "androsign.py"
2.
3.
What is the expected output? What do you see instead?
Expected output is the result of malware detection.
Instead, I saw following message,
./androsign.py -i Malware/ -b signatures/dbandroguard -c signatures/dbconfig
signatures/dbandroguard signatures/dbconfig True
terminate called after throwing an instance of 'mu::ParserError'
Aborted
What version of the product are you using? On what operating system?
1.0 Ubuntu 11.4
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 31 Mar 2012 at 8:42
1. Download com.rovio.new.ads-LeNa.c.apk from Contagio's mobile minidump
2. Run ./androdd.py -i com.rovio.new.ads-LeNa.c.apk -o ./fu -f png
Androdd reports multiple warnings (see below).
Either those are warnings, and I expect an option to remove them (e.g --quiet),
or those are errors, and then something ought to be fixed.
Expected "}" (at char 674), (line:10, col:33)
"_matchToken-BB@0x44" [color="lightgray", label="44 invoke-virtual v7 , v5 , v8
, [ meth@ 8086 Ljava/lang/String; substring ['(I I)', 'Ljava/lang/String;']
]\l4a move-result-object v3\l4c const-string v4 , [ string@ 471 \"'null',
'true', 'false' or NaN\" ]\l50 invoke-virtual v6 , v3 , v4 , [ meth@ 9625
Lorg/codehaus/jackson/impl/Utf8StreamParser; _reportInvalidToken
['(Ljava/lang/String; Ljava/lang/String;)', 'V'] ]\l"]
^
Expected "}" (at char 1988), (line:18, col:23)
"_parseApostropheFieldName-BB@0x1e" [color="lightgray", label="1e const-string
v8 , [ string@ 868 \": was expecting closing ''' for name\" ]\l22
invoke-virtual v13 , v8 , [ meth@ 9620
Lorg/codehaus/jackson/impl/Utf8StreamParser; _reportInvalidEOF
['(Ljava/lang/String;)', 'V'] ]\l"]
I am using Androdd version 1.2 on a Linux box.
Original issue reported on code.google.com by [email protected]
on 25 May 2012 at 12:28
..../androguard-0.9$ ./androgexf.py -i '.../xxx.apk' -o ./xxx.gexf
/usr/lib/pymodules/python2.6/matplotlib/numerix/__init__.py:18:
DeprecationWarning:
**********************************************************
matplotlib.numerix and all its subpackages are deprecated.
They will be removed soon. Please use numpy instead.
**********************************************************
warnings.warn(msg, DeprecationWarning)
/usr/lib/pymodules/python2.6/networkx/generators/hybrid.py:16:
DeprecationWarning: the sets module is deprecated
import sets
Traceback (most recent call last):
File "./androgexf.py", line 71, in <module>
main(options, arguments)
File "./androgexf.py", line 57, in main
gvmx = ganalysis.GVMAnalysis( vmx, a )
File ".//core/analysis/ganalysis.py", line 69, in __init__
self.vm = self.vmx.get_vm()
AttributeError: VMAnalysis instance has no attribute 'get_vm'
Original issue reported on code.google.com by [email protected]
on 28 Oct 2011 at 6:41
I try to generate a png for an APK:
$ ./androdd.py -i com.ppxiu.apk -o ppxiu.png -d -f png
The output is:
"getSmilType-BB@0x5e" [color="lightgray", label="5e new-instance v2 , [type@
344 Ljava/lang/StringBuilder;]\l62 const-string v3 , [string@ 261 '<img
src="']\l66 invoke-direct v2 , v3 , [meth@ 2711 Ljava/lang/StringBuilder;
(Ljava/lang/String;) V <init>]\l6c iget-object v3 , v4 , [field@ 105
LDaemon/Service/MmsSender; Ljava/lang/String; Annex_name]\l70 invoke-virtual v2
, v3 , [meth@ 2715 Ljava/lang/StringBuilder; (Ljava/lang/String;)
Ljava/lang/StringBuilder; append]\l76 move-result-object v2\l78 const-string v3
, [string@ 39 '" region="Image"/>']\l7c invoke-virtual v2 , v3 , [meth@ 2715
Ljava/lang/StringBuilder; (Ljava/lang/String;) Ljava/lang/StringBuilder;
append]\l82 move-result-object v2\l84 invoke-virtual v2 , [meth@ 2717
Ljava/lang/StringBuilder; () Ljava/lang/String; toString]\l8a
move-result-object v1\l"]
^
Expected "}" (at char 2213), (line:20, col:23)
Traceback (most recent call last):
File "./androdd.py", line 111, in <module>
main(options, arguments)
File "./androdd.py", line 97, in main
export_apps_to_format( a, options.output, options.dot, options.format )
File "./androdd.py", line 88, in export_apps_to_format
method2format( filename + "." + _format, _format, raw = buff )
File "/home/axelle/softs/androguard/core/bytecode.py", line 282, in method2format
getattr(d, "write_" + _format)( output )
AttributeError: 'NoneType' object has no attribute 'write_png'
I use AndroGuard version from the repository (June 14th) on Debian.
Original issue reported on code.google.com by [email protected]
on 14 Jun 2011 at 2:18
Hi,
Firstly thank you so much for the great work on Androguard! I followed the
instructions in the wiki page to de-compile and modify .dex bytecode. But I
have some difficulties in doing this and it will be great if you would like to
give me some hints.
The instructions I followed is as following:
http://code.google.com/p/androguard/wiki/Usage#patch_bytecodes_of_a_method_?
FILE = "./HelloAndroid.dex"
a = androguard.AndroguardS(FILE)
code = a.get_vm().get_methods()[0].get_code()
code.remove_at(0)
AttributeError: DalvikCode instance has no attribute 'remove_at'
When I use the same statements to remove a specific instruction, I was told
that there is no such method. I further checked the source code and made sure
that there is no such method in dvm. But in the wiki, it is written that "#
supposed vm is a JVMFormat or DalvikVMFormat", so I am wondering maybe the
modification API for DalvikVMFormat is not released yet? If so, I am very glad
to help on this since I need the Dalvik bytecode editor as a basic of our
research.
Another thing is, given that we can use Androguard to modify Java bytecode, is
there a way for us to generate an updated .class file after modification?
Thanks,
Zhiqiu
Original issue reported on code.google.com by breaddawson
on 21 Oct 2011 at 9:12
What steps will reproduce the problem?
1. _a = AndroguardS(inputfile.apk)
perm_set_1 = _a.get_analysis().get_permissions([])
2. a = apk.APK(inputfile.apk, raw)
perm_set_2 = a.get_details_permissions()
perm_set_1 != perm_set_2 !
From my experience with malware apks, the first set is the one that is
effectively used by the code, or am I wrong?
But the risk module takes into consideration the 2nd set while computing the
risk score (or am I wrong again?)
I'm using:
androrisk.py --version
Androrisk version 1.0
on Linux version 3.3.5-2.fc16.i686.PAE ([email protected])
Of course Anthony, I realize that this might be the behaviour that you desire
for androguard, I just wanted to be sure that you're aware... :)
Best Regards,
Madalina
Original issue reported on code.google.com by [email protected]
on 4 Jun 2012 at 9:48
In decompiler.py check if /tmp/ dir exists; if not then create it:
class DecompilerDed :
def __init__(self, vm, path_dex2jar = "./decompiler/dex2jar/", bin_dex2jar = "dex2jar.sh", path_jad="./decompiler/jad/", bin_jad="jad") :
self.classes = {}
self.classes_failed = []
pathtmp = os.getcwd() + "/tmp/"
if not os.path.exists(pathtmp): <-- Adding check
os.makedirs(pathtmp) <-- Adding dir creation
Original issue reported on code.google.com by [email protected]
on 19 Apr 2012 at 3:12
What steps will reproduce the problem?
a = androguard.AndroGuardS("attached jar file")
a.show
What is the expected output? What do you see instead?
should print information about the jar file, instead it dies accessing outside
of a list - this actually helps with all jar files (classes) that I tried to
load, except very simple ones.
Traceback (most recent call last):
File "./bla.py", line 13, in <module>
a = androguard.AndroguardS(sys.argv[1])
File "/home/spjsschl/androguard/androguard.py", line 448, in __init__
self.__orig_a = Androguard( [ filename ], raw )
File "/home/spjsschl/androguard/androguard.py", line 240, in __init__
self._analyze()
File "/home/spjsschl/androguard/androguard.py", line 275, in _analyze
self.__bc.append( (j[0], BC( jvm.JVMFormat(j[1]) ) ) )
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 2893, in __init__
self._load_class()
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 2964, in _load_class
mi = MethodInfo( self.__CM, self )
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 789, in __init__
ai = AttributeInfo( self.__CM, buff )
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 2527, in __init__
self._info = ATTRIBUTE_INFO_DESCR[ self.__name ](self.__CM, buff)
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 1545, in __init__
self.__code = JavaCode( class_manager, buff.read( self.low_struct.get_value().code_length ) )
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 1202, in __init__
r_function, v_function, r_buff, r_format, f_function = EXTRACT_INFORMATION_SIMPLE( op_value )
File "/home/spjsschl/androguard//core/bytecodes/jvm.py", line 427, in EXTRACT_INFORMATION_SIMPLE
r_function = JAVA_OPCODES[ op_value ][2]
IndexError: list index out of range
What version of the product are you using? On what operating system?
I am using the current mercurial version on ubuntu oneiric.
Original issue reported on code.google.com by [email protected]
on 22 Nov 2011 at 12:40
Attachments:
Hi guys,
Thank you for this awesome tool. I'm planning to extend Androguard to support
the following:
Modify byte codes (add, remove, ...) ,
Modify fields ,
Modify methods,
Add/Remove field
and Add/Remove method.
I'm wondering if you could provide me with some details / documentation links,
that would help me to understand the code.
Thanks,
Original issue reported on code.google.com by [email protected]
on 17 May 2012 at 9:35
What steps will reproduce the problem?
1.
2.
3.
What steps will reproduce the problem?
1. Complete the "make" step, I try to execute "python androlyze.py" in ARE.
2. I try to install androguard-1.0-rc1
3.
What is the expected output? What do you see instead?
Expected out is to enter the iPython.
I see following message,
Traceback ((most recent call last):
File "androlyze.py", line 33, in <module>
from msign import *
File ".//core/analysis/msign.py", line 25, in<module> imort libsign
ImportError: .//core/analysis/libsign/libsign.so: undefined symbol:
vcblocksortCompress
What version of the product are you using? On what operating system?
androguard-1.0-rc1
Please provide any additional information below.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 29 Mar 2012 at 3:56
Hi,
I have just begun to use androguard, but find a problem of usage. If I input a
command like "./androlyze.py -i ~/Downloads/Mms.apk -m . -p" in the directory
of androguard, it always gives a error warning like
"Traceback (most recent call last):
File "./androlyze.py", line 34, in <module>
from decompiler import *
File ".//decompiler/decompiler.py", line 23, in <module>
from pygments.filter import Filter
ImportError: No module named pygments.filter".
But "./demos/dalvikvm_format_1.py" is ok. So I don't known the reason. I use
androguard in the ARE Virtual Machine and always update androguard.
Really appreciate your help.
Thank you!
Original issue reported on code.google.com by [email protected]
on 10 Feb 2012 at 8:41
The python setup.py does not reference several tools:
* androdd.py
* androapkinfo.py
Therefore those won't be installed.
Original issue reported on code.google.com by [email protected]
on 25 May 2012 at 2:21
What steps will reproduce the problem?
1. use androsign as written in the wiki:
./androsign.py -i ../test.apk -b signatures/dbandroguard -c signatures/dbconfig
-v
What do you see instead?
signatures/dbandroguard signatures/dbconfig True
DIST = e
METHOD = m
ADD WEIGHT 0 -> 2.000000
ADD WEIGHT 1 -> 1.200000
ADD WEIGHT 2 -> 0.500000
ADD WEIGHT 3 -> 0.100000
ADD WEIGHT 4 -> 0.600000
SIM METHOD = 0
THRESHOLD LOW = 0.300000
THRESHOLD HIGH = 0.400000
CREATE SUB SIGN 4402
terminate called after throwing an instance of 'mu::ParserError'
[1] 3054 abort (core dumped) ./androsign.py -i ../test.apk -b
signatures/dbandroguard -c -v
What version of the product are you using? On what operating system?
* Ubuntu 11.10
* make was runned to build the libs http://pastebin.com/LQmqjvDz
* last hg version
Original issue reported on code.google.com by [email protected]
on 3 Apr 2012 at 8:57
There are several "misc.py" instances in a default Python installation on
Ubuntu 10.04
$ locate misc.py
(...)/androguard/core/misc.py
/usr/lib/python2.5/compiler/misc.py
/usr/lib/python2.6/compiler/misc.py
/usr/lib/python2.6/dist-packages/numpy/oldnumeric/misc.py
/usr/lib/python2.6/dist-packages/usbcreator/misc.py
/usr/share/pyshared/numpy/oldnumeric/misc.py
/usr/share/pyshared/usbcreator/misc.py
Therefore "import misc" will *not* import "core/misc.py" by default, as it is
the latest in search order path.
Suggested fix:
1/ Rename "core/misc.py" to something more meaningful.
2/ Use sys.path.insert(1, ...) instead of sys.path.append(...)
Original issue reported on code.google.com by [email protected]
on 5 Jun 2011 at 1:30
In androguard/classification/libsimilarity/lzma folder there is only lzma.c
files, but the Makefile looks for:
SRC = Alloc.c LzFind.c LzmaDec.c LzmaEnc.c LzmaLib.c lzma.c
Steps to reproduce:
androguard$ make
make[2]: *** No rule to make target `Alloc.o', needed by `all'. Stop.
make[1]: *** [ZIP] Error 2
make: *** [LIBS] Error 2
Using androguard hg version changeset: 224:d2a33d41ebbf
over Linux debian 2.6.32-5-686 #1 SMP i686 GNU/Linux
Original issue reported on code.google.com by [email protected]
on 10 Sep 2011 at 2:59
Upon executing:
./androlyze.py -i /home/ubuntu/android.apk -m . -p
I got following error:
Traceback (most recent call last):
File "./androlyze.py", line 42, in <module>
from IPython.frontend.terminal.embed import InteractiveShellEmbed
ImportError: No module named IPython.frontend.terminal.embed
I am using ubuntu 10.04 64-bit and androguard 0.9
Any ideas to get through.
Thanks
-Sam
Original issue reported on code.google.com by [email protected]
on 13 Mar 2012 at 10:49
When try to execute makefile the xz folder doesnt exist
The output is:
androguard$ make
CC z.o
CC bz2.o
CC smaz.o
cd: 1: can't cd to xz
make[1]: *** [ZIP] Error 2
make: *** [LIBS] Error 2
Using androguard hg version changeset: 223:00989b5fe3ac
over Linux debian 2.6.32-5-686 #1 SMP i686 GNU/Linux
Original issue reported on code.google.com by [email protected]
on 9 Sep 2011 at 4:30
What steps will reproduce the problem?
1.androguard# ./androlyze.py -s
2.
3.
What is the expected output? What do you see instead?
Expected :Androlyze version 1.0
In [1]:
Instead:
warnings.warn(msg, DeprecationWarning)
/usr/lib/pymodules/python2.6/networkx/generators/hybrid.py:16:
DeprecationWarning: the sets module is deprecated
import sets
WARNING: cannot import to_c_helper, skipping
Traceback (most recent call last):
File "./androlyze.py", line 41, in <module>
from IPython.frontend.terminal.embed import InteractiveShellEmbed
ImportError: No module named terminal.embed
What version of the product are you using? On what operating system?
i don't know because i am download from "hg clone
https://androguard.googlecode.com/hg/ androguard"
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 26 Apr 2012 at 1:03
When executing androsign I get the following errors: (Linux Debian 64bit)
# ./androsign.py -i 2.apk -b signatures/dbandroguard -c signatures/dbconfig -v
Foncy.B (0)
---> METHSIM L:0 I:0 N:0 J:1 4413 [4.6616735458374023, 4.5721940994262695, 4.6310625076293945, 4.4476799964904785, 4.0113649368286133]
Foncy.C (0)
---> METHSIM L:1 I:1 N:0 J:1 1754 [4.7942671775817871, 4.6375041007995605, 4.4870743751525879, 4.6819987297058105, 0.0]
GingerMaster (0 and 1)
---> METHSIM L:2 I:2 N:0 J:2 962 [4.9418520927429199, 4.3729357719421387, 4.7183656692504883, 4.4228439331054688, 3.9754178524017334]
---> METHSIM L:2 I:3 N:1 J:2 1244 [4.9450316429138184, 4.7812762260437012, 4.7661762237548828, 4.5302424430847168, 3.9754178524017334]
RageagainstTheCage (0)
---> BINHASH L:3 I:4 N:0 J:1
DroidDeluxe (0 and 1 and 2)
---> METHSIM L:4 I:5 N:0 J:3 905 [4.792943000793457, 4.1135177612304688, 4.7298212051391602, 4.4896812438964844, 4.0113649368286133]
---> METHSIM L:4 I:6 N:1 J:3 1540 [4.8668885231018066, 4.2125983238220215, 4.715888500213623, 4.7183380126953125, 3.8208885192871094]
---> METHSIM L:4 I:7 N:2 J:3 5226 [4.765784740447998, 4.7281794548034668, 4.4956917762756348, 4.5737781524658203, 4.149996280670166]
YZHCSMS (0 and 1)
---> METHSIM L:5 I:8 N:0 J:2 409 [5.0327415466308594, 1.6237781047821045, 4.7683391571044922, 4.8285346031188965, 3.9754178524017334]
---> METHSIM L:5 I:9 N:1 J:2 1900 [4.7891192436218262, 4.6746187210083008, 4.514441967010498, 4.7024493217468262, 0.0]
Wat (0)
---> CLASSSIM L:6 I:10 N:0 J:1 3551 [3.9028834274836948, 2.8835478850773404, 2.3970618758882796, 4.0557840211050848, 0.6026742117745536]
Pjapps (0)
---> METHSIM L:7 I:11 N:0 J:1 1981 [4.9978241920471191, 4.7603583335876465, 4.6897745132446289, 4.4102416038513184, 3.9754178524017334]
SndApps (0 or 1)
---> METHSIM L:8 I:12 N:0 J:2 1250 [4.6240973472595215, 1.2427303791046143, 4.4894008636474609, 4.5552773475646973, 4.2081961631774902]
---> METHSIM L:8 I:13 N:1 J:2 1216 [4.9923348426818848, 4.8052005767822266, 4.5855984687805176, 4.4975037574768066, 4.2158646583557129]
Crusewind ((0 or 1) and 2)
---> METHSIM L:9 I:14 N:0 J:3 1261 [4.9798541069030762, 4.6750292778015137, 4.7505569458007812, 4.5253338813781738, 4.2801966667175293]
---> METHSIM L:9 I:15 N:1 J:3 918 [4.8647561073303223, 4.5962967872619629, 4.6942548751831055, 4.5018887519836426, 0.0]
---> METHSIM L:9 I:16 N:2 J:3 221 [4.7028636932373047, 1.5338449478149414, 4.535919189453125, 4.4318118095397949, 0.0]
BaseBridge.B (0 and 1)
---> METHSIM L:10 I:17 N:0 J:2 2308 [4.8561825752258301, 4.731076717376709, 4.5397763252258301, 4.5733532905578613, 3.9754178524017334]
---> METHSIM L:10 I:18 N:1 J:2 2624 [4.763066291809082, 4.6711916923522949, 4.5062112808227539, 4.8685741424560547, 3.9754178524017334]
BaseBridge.C (0)
---> METHSIM L:11 I:19 N:0 J:1 3557 [4.5441703796386719, 3.2457294464111328, 4.5147109031677246, 4.5192923545837402, 3.9754178524017334]
BaseBridge ((0 or 1) and 2)
---> METHSIM L:12 I:20 N:0 J:3 3066 [4.5579466819763184, 1.6733947992324829, 4.5265865325927734, 4.5559782981872559, 3.9754178524017334]
---> METHSIM L:12 I:21 N:1 J:3 4477 [5.0170536041259766, 4.8571329116821289, 4.6744322776794434, 4.4395885467529297, 3.9754178524017334]
---> METHSIM L:12 I:22 N:2 J:3 966 [4.7569260597229004, 1.7403091192245483, 4.6997122764587402, 4.4517860412597656, 3.9754178524017334]
Ozotshielder.C (0)
---> METHSIM L:13 I:23 N:0 J:1 1837 [4.5943169593811035, 4.525092601776123, 4.4844989776611328, 4.4258179664611816, 0.0]
Ewalls (0)
---> METHSIM L:14 I:24 N:0 J:1 14066 [4.5969524383544922, 4.7685627937316895, 4.4099941253662109, 4.2093234062194824, 3.9754178524017334]
DroidDreamLight (0)
---> METHSIM L:15 I:25 N:0 J:1 1574 [4.7781567573547363, 4.6544718742370605, 3.8625667095184326, 4.5037317276000977, 0.0]
Spitmo (0)
---> METHSIM L:16 I:26 N:0 J:1 1895 [5.0166354179382324, 4.790163516998291, 4.6962299346923828, 4.6933317184448242, 3.9754178524017334]
Boxer (0 and 1)
---> METHSIM L:17 I:27 N:0 J:2 1699 [5.1056971549987793, 4.8911633491516113, 4.6583089828491211, 4.6163825988769531, 0.0]
---> METHSIM L:17 I:28 N:1 J:2 798 [4.9127368927001953, 4.6306390762329102, 4.1440944671630859, 4.5409460067749023, 0.0]
Hongtoutou (0)
---> METHSIM L:18 I:29 N:0 J:1 1413 [5.1167397499084473, 4.8783326148986816, 4.7843966484069824, 4.7036099433898926, 0.0]
YZHCSMS.B (0)
---> METHSIM L:19 I:30 N:0 J:1 1120 [4.9847249984741211, 4.7853765487670898, 4.6623964309692383, 4.4476594924926758, 3.9754178524017334]
DroidDream-Included (0)
---> METHSIM L:20 I:31 N:0 J:1 2821 [4.8083133697509766, 4.7362179756164551, 4.5589680671691895, 4.422579288482666, 0.0]
HippoSMS.B (0)
---> METHSIM L:21 I:32 N:0 J:1 1181 [4.8786911964416504, 4.891486644744873, 4.6299595832824707, 4.3698744773864746, 0.0]
Foncy (0)
---> METHSIM L:22 I:33 N:0 J:1 1500 [4.9286208152770996, 4.6954078674316406, 4.4973897933959961, 4.6937942504882812, 0.0]
Ewalls.B (0)
---> METHSIM L:23 I:34 N:0 J:1 11341 [4.574305534362793, 4.6146163940429688, 4.4084692001342773, 4.2746791839599609, 3.9754178524017334]
HippoSMS ((0 and 1) or 2)
---> CLASSSIM L:24 I:35 N:0 J:3 1212 [4.6626451810201006, 4.4411741892496748, 2.16331418355306, 4.1790606180826826, 0.0]
---> CLASSSIM L:24 I:36 N:1 J:3 788 [4.5609114170074463, 4.4270169734954834, 2.6578314304351807, 4.1325935125350952, 0.0]
---> CLASSSIM L:24 I:37 N:2 J:3 458 [4.7386491298675537, 2.8634676933288574, 4.4856486320495605, 4.088369607925415, 0.0]
Ozotshielder (0)
---> METHSIM L:25 I:38 N:0 J:1 2178 [4.6285390853881836, 4.6470947265625, 4.5313506126403809, 4.345757007598877, 0.0]
DogoWar (0 and 1)
---> CLASSSIM L:26 I:39 N:0 J:2 376 [4.5922770500183105, 4.3906300067901611, 2.7473165988922119, 3.9876822233200073, 0.0]
---> CLASSSIM L:26 I:40 N:1 J:2 1729 [4.1555795669555664, 3.6046688079833986, 1.4984882354736329, 3.9250543117523193, 0.0]
Plankton.C (0 and 1)
---> METHSIM L:27 I:41 N:0 J:2 697 [5.0583977699279785, 1.567484974861145, 4.8082575798034668, 4.5208311080932617, 4.3333024978637695]
---> METHSIM L:27 I:42 N:1 J:2 2301 [4.8061156272888184, 4.7663564682006836, 4.5806660652160645, 4.3953781127929688, 0.0]
Plankton.B (0 and 1)
---> METHSIM L:28 I:43 N:0 J:2 1230 [4.6938409805297852, 4.6064891815185547, 4.5410966873168945, 4.6769933700561523, 0.0]
---> METHSIM L:28 I:44 N:1 J:2 1179 [4.7628979682922363, 4.5756878852844238, 4.6231117248535156, 4.6342296600341797, 3.8208885192871094]
Zsone (0)
---> METHSIM L:29 I:45 N:0 J:1 825 [5.0066843032836914, 4.7855949401855469, 4.6031131744384766, 4.8662714958190918, 3.9754178524017334]
Plankton (0 and 1)
---> METHSIM L:30 I:46 N:0 J:2 1511 [4.8705577850341797, 4.6757988929748535, 4.6721949577331543, 4.722226619720459, 3.8208885192871094]
---> METHSIM L:30 I:47 N:1 J:2 1377 [4.6603341102600098, 4.0039081573486328, 4.4825272560119629, 4.5173683166503906, 4.3710126876831055]
Lovetrap (0 and 1)
---> METHSIM L:31 I:48 N:0 J:2 2131 [4.9191985130310059, 4.3934955596923828, 4.8094043731689453, 4.8097281455993652, 3.9754178524017334]
---> METHSIM L:31 I:49 N:1 J:2 3144 [4.9548416137695312, 4.3504295349121094, 4.8521542549133301, 4.6344723701477051, 3.9754178524017334]
GoldDream (0 and 1)
---> METHSIM L:32 I:50 N:0 J:2 3512 [4.8103795051574707, 4.7493586540222168, 4.5943202972412109, 4.6015524864196777, 0.0]
---> METHSIM L:32 I:51 N:1 J:2 3308 [4.8343148231506348, 1.3113172054290771, 4.8033995628356934, 4.538449764251709, 3.9754178524017334]
Pjapps.B (0)
---> METHSIM L:33 I:52 N:0 J:1 2449 [4.9337239265441895, 4.7807784080505371, 4.6869611740112305, 4.5481977462768555, 3.9754178524017334]
Pjapps.C (0 or 1)
---> METHSIM L:34 I:53 N:0 J:2 3006 [4.8885741233825684, 4.7182526588439941, 4.6228675842285156, 4.4607253074645996, 0.0]
---> METHSIM L:34 I:54 N:1 J:2 3051 [4.9115018844604492, 4.7393302917480469, 4.6674752235412598, 4.5522646903991699, 4.2181391716003418]
Zitmo (0 and 1)
---> METHSIM L:35 I:55 N:0 J:2 1016 [4.9809880256652832, 4.7676701545715332, 4.6947941780090332, 4.4621977806091309, 4.2081961631774902]
---> METHSIM L:35 I:56 N:1 J:2 564 [4.9196834564208984, 4.8797001838684082, 4.5931968688964844, 4.7688388824462891, 0.0]
NickyBot (0)
---> METHSIM L:36 I:57 N:0 J:1 1923 [4.772580623626709, 3.8884062767028809, 4.5958952903747559, 4.6140275001525879, 3.9754178524017334]
Exploid (0)
---> BINHASH L:37 I:58 N:0 J:1
GGTracker (0 and 1)
---> METHSIM L:38 I:59 N:0 J:2 1628 [4.8290805816650391, 4.057319164276123, 4.7673635482788086, 4.4964823722839355, 4.2384934425354004]
---> METHSIM L:38 I:60 N:1 J:2 3008 [4.9003796577453613, 4.6949944496154785, 4.5048131942749023, 4.5457534790039062, 0.0]
Tapsnake (0)
---> METHSIM L:39 I:61 N:0 J:1 4099 [4.7968864440917969, 4.4730305671691895, 4.5795297622680664, 4.2302732467651367, 3.9754178524017334]
NickySpy (0 or 1)
---> METHSIM L:40 I:62 N:0 J:2 3229 [4.9899697303771973, 4.7834396362304688, 4.8159637451171875, 4.5245232582092285, 0.0]
---> METHSIM L:40 I:63 N:1 J:2 2536 [5.0211300849914551, 4.7652387619018555, 4.8861689567565918, 4.5666427612304688, 4.2081961631774902]
Logastrod (0 and 1)
---> METHSIM L:41 I:64 N:0 J:2 3511 [5.0234689712524414, 4.8151087760925293, 4.6068859100341797, 4.7003602981567383, 3.9754178524017334]
---> METHSIM L:41 I:65 N:1 J:2 1869 [4.9413108825683594, 4.8094344139099121, 4.5841174125671387, 4.5388092994689941, 0.0]
DroidKungfu2 (0)
---> METHSIM L:42 I:66 N:0 J:1 1862 [4.6282501220703125, 4.0211343765258789, 4.5443987846374512, 4.1571140289306641, 3.9754178524017334]
SMSHider (0 and 1 and 2)
---> METHSIM L:43 I:67 N:0 J:3 4475 [4.8213520050048828, 4.709599494934082, 4.7197036743164062, 4.5428285598754883, 4.5164380073547363]
---> METHSIM L:43 I:68 N:1 J:3 4418 [4.8130149841308594, 4.7001566886901855, 4.7191720008850098, 4.5456838607788086, 4.5164380073547363]
---> METHSIM L:43 I:69 N:2 J:3 1273 [4.9414114952087402, 4.598602294921875, 4.6776943206787109, 4.6068816184997559, 3.9754178524017334]
Geinimi (0 or 1 or (2 and 3))
---> METHSIM L:44 I:70 N:0 J:4 2607 [4.6687860488891602, 4.5770049095153809, 4.4555692672729492, 4.6577677726745605, 3.9754178524017334]
---> METHSIM L:44 I:71 N:1 J:4 12644 [4.7114653587341309, 4.7980365753173828, 4.5259051322937012, 4.5926632881164551, 4.1278433799743652]
---> METHSIM L:44 I:72 N:2 J:4 885 [4.7507805824279785, 1.4406454563140869, 4.5679025650024414, 4.5526924133300781, 3.9754178524017334]
---> METHSIM L:44 I:73 N:3 J:4 740 [4.6218976974487305, 4.4623689651489258, 1.6163301467895508, 4.5717849731445312, 0.0]
RogueSPPush (0)
---> CLASSSIM L:45 I:74 N:0 J:1 3093 [4.3179397106170656, 3.7004831314086912, 2.939491558074951, 4.4999289989471434, 0.79508357048034672]
DroidKungfu (0)
---> METHSIM L:46 I:75 N:0 J:1 3137 [4.838798999786377, 4.6483860015869141, 4.6914162635803223, 4.7337584495544434, 4.2597851753234863]
DroidDream (0)
---> METHSIM L:47 I:76 N:0 J:1 2040 [5.0286870002746582, 4.4915299415588379, 4.9674844741821289, 4.9468302726745605, 0.0]
Ozotshielder.B (0)
---> METHSIM L:48 I:77 N:0 J:1 3213 [4.9547429084777832, 4.75701904296875, 4.7511677742004395, 4.822575569152832, 3.9754178524017334]
FIX MINIMUM SIGNATURE 110.5
FIX MINIMUM SIGNATURE 188.0
2.apk : loading apk.. loading dex..Segmentation fault
Original issue reported on code.google.com by [email protected]
on 8 Feb 2012 at 7:13
This command quickly returns but does not do anything.
$ ./androdd.py -i sample.apk -f png
Indeed the output directory is not specified.
We would probably either expect the tool to complain about a missing output
directory, or use a default output dir.
This is only a minor issue!
Androdd version 1.2 on Linux
Original issue reported on code.google.com by [email protected]
on 25 May 2012 at 1:06
This error spawns while parsing the Manifest.xml file.
android@honeynet:~/tools/androguard$ python apkviewer.py -i
/home/android/PFE/APKS/Brighteriffic_1.0.3.apk -o
/home/android/PFE/APKS/Brighter
Traceback (most recent call last):
File "apkviewer.py", line 97, in <module>
main(options, arguments)
File "apkviewer.py", line 75, in main
dd = data.Data(vm, vmx, gvmx, a)
File "/home/android/tools/androguard/androguard/core/data/data.py", line 80, in __init__
self.apk_data = ApkViewer( self.a )
File "/home/android/tools/androguard/androguard/core/data/data.py", line 325, in __init__
for x, y, z in self.a.get_files_information() :
File "/home/android/tools/androguard/androguard/core/bytecodes/apk.py", line 224, in get_files_information
yield i, self.files[ i ], self.files_crc32[ i ]
KeyError: 'META-INF/MANIFEST.MF'
Original issue reported on code.google.com by [email protected]
on 7 May 2012 at 4:08
What steps will reproduce the problem?
1. Created a signature that will look for AirPush Services:
[ { "SAMPLE" : "myairpushapp" }, { "BASE" : "AndroidOS", "NAME" : "AirPush",
"SIGNATURE" :
[
{ "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/PushAds;" },
{ "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/UserDetailsReceiver;" },
{ "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/MessageReceiver;" } ,
{ "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/DeliveryReceiver;" }
],
"BF" : "a || b || c || d"
}
]
2. run androcsign:
./androcsign.py -i ../androsign/airpush.sign -o signatures/testdb
3. run androsign on the same sample to verify:
./androsign.py -i myairpushapp -b signatures/testdb -c signatures/dbconfig -v
What is the expected output? What do you see instead?
Got the following output:
[...]
ADD ELEMENT 71
ADD ELEMENT 1542
ADD ELEMENT 126
ADD ELEMENT 297
ADD ELEMENT 4
ADD ELEMENT 4
ADD ELEMENT 145
CMClustering init rows
[SIGN:0 CLUSTERS:0 CMP_CLUSTERS:0 ELEMENTS:984 CMP_ELEMENTS:0 ERROR float division by zero
What version of the product are you using? On what operating system?
latest hg.
The Sample is also attached (pw infected)
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 21 May 2012 at 9:37
Attachments:
What steps will reproduce the problem?
1. using the patch for porting androguard to OSX
2. make it
What is the expected output? What do you see instead?
claud:~/code/androguard$ make
CCP dvm.o
CCP buff.o
CC z.o
z.c:20:17: warning: assigning to 'Bytef *' (aka 'unsigned char *') from 'const
unsigned char *' discards qualifiers [-Wincompatible-pointer-types]
strm.next_in = data;
^ ~~~~
z.c:47:17: warning: assigning to 'Bytef *' (aka 'unsigned char *') from 'const
unsigned char *' discards qualifiers [-Wincompatible-pointer-types]
strm.next_in = data;
^ ~~~~
2 warnings generated.
CC bz2.o
bz2.c:19:17: warning: assigning to 'char *' from 'const unsigned char *'
discards qualifiers [-Wincompatible-pointer-types]
strm.next_in = data;
^ ~~~~
bz2.c:20:18: warning: assigning to 'char *' from 'unsigned char *' converts
between pointers to integer types with different sign [-Wpointer-sign]
strm.next_out = odata;
^ ~~~~~
2 warnings generated.
CC smaz.o
smaz.c:139:24: warning: comparison of unsigned expression < 0 is always false
[-Wtautological-compare]
if (outlen < 0) return _outlen+1;
~~~~~~ ^ ~
1 warning generated.
CC xz.o
CC Alloc.o
CC LzFind.o
CC LzmaDec.o
CC LzmaEnc.o
LzmaEnc.c:2081:6: warning: explicitly assigning a variable of type
'CLzmaEncHandle' (aka 'void *') to itself [-Wself-assign]
pp = pp;
~~ ^ ~~
1 warning generated.
CC LzmaLib.o
LzmaLib.c:11:48: warning: explicitly assigning a variable of type 'void *' to
itself [-Wself-assign]
static void *SzAlloc(void *p, size_t size) { p = p; return MyAlloc(size); }
~ ^ ~
LzmaLib.c:12:48: warning: explicitly assigning a variable of type 'void *' to
itself [-Wself-assign]
static void SzFree(void *p, void *address) { p = p; MyFree(address); }
~ ^ ~
2 warnings generated.
CC lzma.o
CC snappy.o
CC vcblocksort.o
CC similarity.o
similarity.c:114:13: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:147:17: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:161:17: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:184:13: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:234:17: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:247:17: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
similarity.c:269:13: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
if (ret < 0) {
~~~ ^ ~
7 warnings generated.
CC formula.o
CC elsign.o
What version of the product are you using? On what operating system?
Mac OS X 10.7.3, Xcode 4.3.1, g++ 4.2.1
Please provide any additional information below.
I think these warnings are not introduced by my patch.
Original issue reported on code.google.com by [email protected]
on 21 Mar 2012 at 3:40
What steps will reproduce the problem?
1.one sample with its dex file header's data link section had non-zero value
2.use androguard to scan this sample
3.It raised an exception (details below)
What is the expected output? What do you see instead?
I traced the exception. I found the "current_pos" was equal to the length of
"insn". so the "insn[current_pos:current_pos+2]" would return an empty list.
then "unpack" method raised an exception.
What version of the product are you using? On what operating system?
CentOS 5.6 i386
Please provide any additional information below.
Traceback (most recent call last):
File "./DiffScan/scanner.py", line 128, in <module>
print ds.scan(sys.argv[2])+"\r\n"
File "./DiffScan/scanner.py", line 65, in scan
ag = androguard.AndroguardS(sFileName)
File "./Androguard/androguard.py", line 447, in __init__
self.__orig_a = Androguard( [ filename ], raw )
File "./Androguard/androguard.py", line 239, in __init__
self._analyze()
File "./Androguard/androguard.py", line 258, in _analyze
bc = dvm.DalvikVMFormat( self.__orig_raw[ i ] )
File "./Androguard/core/bytecodes/dvm.py", line 3093, in __init__
self.map_list = MapList( self.CM, self.__header.get_value().map_off, self )
File "./Androguard/core/bytecodes/dvm.py", line 3051, in __init__
mi = MapItem( buff, self.CM )
File "./Androguard/core/bytecodes/dvm.py", line 2788, in __init__
self.item = CodeItem( general_format.size, buff, cm )
File "./Androguard/core/bytecodes/dvm.py", line 2745, in __init__
x = DalvikCode( buff, cm )
File "./Androguard/core/bytecodes/dvm.py", line 2662, in __init__
self._code = DCode( self.__CM, self.insns_size.get_value(), buff.read( self.insns_size.get_value() * ushort ) )
File "./Androguard/core/bytecodes/dvm.py", line 2546, in __init__
operands, special = self._analyze_mnemonic( op_value, DALVIK_OPCODES[ op_value ])
File "./Androguard/core/bytecodes/dvm.py", line 2571, in _analyze_mnemonic
r = self._extract_values(i)
File "./Androguard/core/bytecodes/dvm.py", line 2562, in _extract_values
return MAP_EXTRACT_VALUES[i]( self.__insn, self.__current_pos )
File "./Androguard/core/bytecodes/dvm.py", line 2336, in op_AA_OP
i16 = unpack("=H", insn[current_pos:current_pos+2])[0]
struct.error: unpack requires a string argument of length 2
p
[ÑíJ
20
18
p
[ÑíJ
20
20
Original issue reported on code.google.com by [email protected]
on 21 Dec 2011 at 7:58
track registerReceiver function
Original issue reported on code.google.com by [email protected]
on 20 May 2012 at 9:17
What steps will reproduce the problem?
1. python ./androsign.py -h
What is the expected output? What do you see instead?
Help Discription
What version of the product are you using? On what operating system?
1.0 on ubuntu
Please provide any additional information below.
when runnind androsign.py, it says
Traceback (most recent call last):
File "androsign.py", line 29, in <module>
from elsim.elsign import dalvik_elsign
File "./elsim/elsim/elsign/dalvik_elsign.py", line 29, in <module>
from libelsign.libelsign import Elsign, entropy
ImportError: No module named libelsign
===> and i have checked your hg url, there is no elsim directory. THANK YOU.
Original issue reported on code.google.com by [email protected]
on 6 Apr 2012 at 9:11
Running apk analysis iterating on apks got from a directory doen't work
properly.
After some iterations, the script freezes and doesn't go on....
If I restart the script, it begins from the file on which the analysis was
blocked! So I think it's not a problem related to the file, but to the sw.
Below the source code extracted from my script
def analyze(infile) :
score = 0
permissions = {}
data = []
risk_detailed = {}
if androconf.is_android(infile) == "APK" :
try:
allstrings, score, risk_detailed, list_details_permissions = AnalyzeAPK(infile)
if (str(list_details_permissions).find('_SMS') != -1 or
str(list_details_permissions).find('CALL') != -1) :
for cur in allstrings :
if re.search('^\d{4,20}$', cur) :
data.append(cur)
if str(list_details_permissions).find('INTERNET') != -1 :
for cur in allstrings :
if re.search('^http://', cur) :
data.append(cur)
for i in list_details_permissions :
permission = i
if permission.find(".") != -1 :
permission = permission.split(".")[-1]
risk_type = GENERAL_PERMISSIONS_RISK[ list_details_permissions[ i ][0]]
permissions[permission] = RISK_VALUES [ risk_type ]
except Exception, e:
print "Exception reason " + str(e)
return score, permissions, data, risk_detailed
........ other function containg the itertions .......
for row in rows :
try:
filename = row[0]
filename = download_path + "/" + filename
appid = row[1]
flag = 1
print 'analyze: ', filename, '\n'
total_risk, permissions, data, risk_detailed=analyze(filename)
Original issue reported on code.google.com by [email protected]
on 2 Dec 2011 at 4:43
What steps will reproduce the problem?
1.run dalvikvm_format_2.py with sample facebook apk file
2.get_raw() raised an exception
What is the expected output? What do you see instead?
Traceback (most recent call last):
File "./demos/dalvikvm_format_2.py", line 46, in <module>
fd.write( j.save() )
File ".//core/bytecodes/dvm.py", line 3513, in save
return self._get_raw()
File ".//core/bytecodes/dvm.py", line 3541, in _get_raw
l = self.map_list.get_raw()
File ".//core/bytecodes/dvm.py", line 3449, in get_raw
[ x.get_raw() for x in self.map_item ]
File ".//core/bytecodes/dvm.py", line 3193, in get_raw
return [ bytecode.Buff( self.__offset.off, self.format.get_value_buff() ) ] + [ i.get_raw() for i in self.item ]
File ".//core/bytecodes/dvm.py", line 1369, in get_raw
return [ bytecode.Buff(self.__offset.off, self.visibility.get_value_buff()) ] + self.annotation.get_raw()
File ".//core/bytecodes/dvm.py", line 1338, in get_raw
[ i.get_raw() for i in self.elements ]
File ".//core/bytecodes/dvm.py", line 1310, in get_raw
return [ bytecode.Buff(self.__offset.off, writeuleb128(self.name_idx) + self.value.get_raw()) ]
File ".//core/bytecodes/dvm.py", line 1290, in get_raw
return self.val.get_value_buff() + object_to_str( self.value )
TypeError: cannot concatenate 'str' and 'list' objects
What version of the product are you using? On what operating system?
Ubuntu 11.04
Please provide any additional information below.
I looked into the error, it seemed in EncodedValue, when type is
EncodedAnnotation, get_raw() returned a list instead of string,therefore
'return self.val.get_value_buff() + object_to_str( self.value )' threw
TypeError exception.
Original issue reported on code.google.com by [email protected]
on 20 Feb 2012 at 8:26
Attachments:
Hi, I am trying to make androguard (latest version retrieved via hg) run on
Ubuntu 11.10 (Python 2.7.2) but I get the following error:
ubuntu@ubuntu: ./androlyze.py -i my.apk -m . -p
Traceback (most recent call last):
File "./androlyze.py", line 231, in <module>
main(options, arguments)
File "./androlyze.py", line 201, in main
method.pretty_show( _a.get_analysis() )
TypeError: pretty_show() takes exactly 1 argument (2 given)
Original issue reported on code.google.com by [email protected]
on 3 Feb 2012 at 8:33
modify get_string method to return string matching a specific criteria (e.g. a
substring)
Original issue reported on code.google.com by [email protected]
on 12 Jan 2012 at 2:46
Without a setup.py, Androguard can't be used with pip, virtualenv, and other
python packaging tools. I made a clone with a setup.py and slightly revised
directory structure to support it. I verified that androaxml.py works with
minor changes (also included in the clone). As androaxml is all I need, I have
not tested other functionality.
https://code.google.com/r/dan-androguard-setup
Original issue reported on code.google.com by [email protected]
on 14 Feb 2012 at 12:50
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.