408/notes_estom
1
0
Fork 0
mirror of https://github.com/Estom/notes.git synced 2026-02-03 02:23:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://gitee.com/Eyestorm/notes

Browse Source
This commit is contained in:
yinkanglong
2022-01-13 17:16:23 +08:00
parent 34e9ca0c2e b07f684fcb
commit 1014ecc682
2 changed files with 374 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
Python/androguard/10 androguard源码阅读.ipynb
View File

@@ -18,6 +18,28 @@
"cell_type": "markdown",
"metadata": {},
"source": []
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"androguard.core.bytecodes\n",
"androguard.core.analysis\n",
"\n",
"## 对象说明\n",
"\n",
"a d dx对象的作用\n",
"\n",
"* a对象是apk解包的结果\n",
"* d对象是dex文件列表反编译的结果\n",
"* dx对象是dex文件列表交叉引用分析的结果\n",
"\n",
"\n",
"a d dx对象的内容\n",
"* a对象包含解包后的文件包含xml从xml分析得到的基本信息dex文件resource文件等供后续进一步分析\n",
"* d对象包含反编译dex后的结果包含类、方法、字符串的列表。其中反编译后的结果是encodemethod、encodeclass、encodefiled、endcodestring对象的列表\n",
"* dx包含methodAnalysis、ClassAnalysis、FieldAnalysis、StringAnalysis等分析对象的列表"
]
}
],
"metadata": {

352
Python/androguard/3 androguard 入门.ipynb
View File

@@ -443,6 +443,358 @@
"```"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 关键对象的方法和属性\n",
"\n",
"主要指a/d/dx方法返回的结果是一些其他的对象和方法。这些对象完成了后续的主要分析工作。\n",
"\n",
"MethodAnalysis对象的getmethod会返回两种类型的值一种是ExternalMehtod一种是EncodeMehtod。前者是外部的方法后者是内部的方法。\n",
"\n",
"### 对象ExternalMethod的方法和属性\n",
"\n",
"```\n",
"['__class__',\n",
"'__delattr__',\n",
"'__dict__',\n",
"'__dir__',\n",
"'__doc__', \n",
"'__eq__', \n",
"'__format__', \n",
"'__ge__', \n",
"'__getattribute__', \n",
"'__gt__', \n",
"'__hash__', \n",
"'__init__', \n",
"'__init_subclass__', \n",
"'__le__', \n",
"'__lt__', \n",
"'__module__', \n",
"'__ne__', \n",
"'__new__', \n",
"'__reduce__', \n",
"'__reduce_ex__', \n",
"'__repr__', \n",
"'__setattr__', \n",
"'__sizeof__', \n",
"'__str__', \n",
"'__subclasshook__', \n",
"'__weakref__', \n",
"'class_name', \n",
"'descriptor', \n",
"'get_access_flags_string', \n",
"'get_class_name', \n",
"'get_descriptor', \n",
"'get_name', \n",
"'name']\n",
"```\n",
"\n",
"### 对象EncodeMethod的方法和属性\n",
"> 反编译后的方法d、dx中都可以返回该对象\n",
"androguard.core.bytecodes.dvm.EncodedMethod\n",
"\n",
"```\n",
"['CM',\n",
" '__class__',\n",
" '__delattr__',\n",
" '__dict__',\n",
" '__dir__',\n",
" '__doc__',\n",
" '__eq__',\n",
" '__format__',\n",
" '__ge__',\n",
" '__getattribute__',\n",
" '__gt__',\n",
" '__hash__',\n",
" '__init__',\n",
" '__init_subclass__',\n",
" '__le__',\n",
" '__lt__',\n",
" '__module__',\n",
" '__ne__',\n",
" '__new__',\n",
" '__reduce__',\n",
" '__reduce_ex__',\n",
" '__repr__',\n",
" '__setattr__',\n",
" '__sizeof__',\n",
" '__str__',\n",
" '__subclasshook__',\n",
" '__weakref__',\n",
" 'access_flags',\n",
" 'access_flags_string',\n",
" 'add_inote',\n",
" 'add_note',\n",
" 'adjust_idx',\n",
" 'class_name',\n",
" 'code',\n",
" 'code_off',\n",
" 'each_params_by_register',\n",
" 'get_access_flags',\n",
" 'get_access_flags_string',\n",
" 'get_address',\n",
" 'get_class_name',\n",
" 'get_code',\n",
" 'get_code_off',\n",
" 'get_debug',\n",
" 'get_descriptor',\n",
" 'get_information',\n",
" 'get_instruction',\n",
" 'get_instructions',\n",
" 'get_length',\n",
" 'get_locals',\n",
" 'get_method_idx',\n",
" 'get_method_idx_diff',\n",
" 'get_name',\n",
" 'get_raw',\n",
" 'get_short_string',\n",
" 'get_size',\n",
" 'get_source',\n",
" 'get_triple',\n",
" 'is_cached_instructions',\n",
" 'load',\n",
" 'loaded',\n",
" 'method_idx',\n",
" 'method_idx_diff',\n",
" 'name',\n",
" 'notes',\n",
" 'offset',\n",
" 'proto',\n",
" 'reload',\n",
" 'set_code_idx',\n",
" 'set_instructions',\n",
" 'set_name',\n",
" 'show',\n",
" 'show_info',\n",
" 'show_notes',\n",
" 'source']\n",
"```\n",
"\n",
"### 对象MethodAnalysis的方法和属性\n",
"> 分析对象dxget_method方法返回的分析对象\n",
"\n",
"analysis.MethodClassAnalysis\n",
"\n",
"```\n",
"['AddXrefFrom',\n",
" 'AddXrefTo',\n",
" '__class__',\n",
" '__delattr__',\n",
" '__dict__',\n",
" '__dir__',\n",
" '__doc__',\n",
" '__eq__',\n",
" '__format__',\n",
" '__ge__',\n",
" '__getattribute__',\n",
" '__gt__',\n",
" '__hash__',\n",
" '__init__',\n",
" '__init_subclass__',\n",
" '__le__',\n",
" '__lt__',\n",
" '__module__',\n",
" '__ne__',\n",
" '__new__',\n",
" '__reduce__',\n",
" '__reduce_ex__',\n",
" '__repr__',\n",
" '__setattr__',\n",
" '__sizeof__',\n",
" '__str__',\n",
" '__subclasshook__',\n",
" '__weakref__',\n",
" 'access',\n",
" 'apilist',\n",
" 'descriptor',\n",
" 'get_method',\n",
" 'get_xref_from',\n",
" 'get_xref_to',\n",
" 'is_android_api',\n",
" 'is_external',\n",
" 'method',\n",
" 'name',\n",
" 'xreffrom',\n",
" 'xrefto']\n",
"```"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## d和dx对象get_method方法的区别\n",
"d是反编译的文件其中有get_method和get_methods方法都是反编译后用户自定义的函数其对应相应的代码块。不包含外部函数\n",
"dx是对反编译的文件分析后的结果其中get_method和get_methods方法都是分析后的结果包含调用的外部函数等。能够判定是不是外部函数。也就是说返回对象可能有两种形式MethodAnalysis一种是EncodeMethod一种是ExternalMethod\n",
"\n",
"\n",
"```\n",
"from androguard.misc import AnalyzeAPK\n",
"filename = '/media/ykl2/Dataset/Drebin/malware/00088e191503bbfbd5c56a789a71e8c718e42ea422ec73c760ee2de489e02b2e'\n",
"a,d,dx = AnalyzeAPK(filename)\n",
"\n",
"for method in dx.get_methods():\n",
" meth = method.get_method()\n",
" print(meth.get_class_name(),meth.get_name())\n",
"\n",
"Lbeelon/android/alarm/AlarmReceiver; <init>\n",
"Lbeelon/android/alarm/AlarmReceiver; LoadConfig\n",
"Lbeelon/android/alarm/AlarmReceiver; onReceive\n",
"Lbeelon/android/alarm/MainActivity$1$1$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$1$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$1$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$1$2; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$2; onClick\n",
"Lbeelon/android/alarm/MainActivity$1; access$0\n",
"Lbeelon/android/alarm/MainActivity$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$2; <init>\n",
"Lbeelon/android/alarm/MainActivity$2; onClick\n",
"Lbeelon/android/alarm/MainActivity$3; <init>\n",
"Lbeelon/android/alarm/MainActivity$3; onClick\n",
"Lbeelon/android/alarm/MainActivity; getSystemService\n",
"Lbeelon/android/alarm/MainActivity; access$0\n",
"Lbeelon/android/alarm/MainActivity; <init>\n",
"Lbeelon/android/alarm/MainActivity; LoadConfig\n",
"Lbeelon/android/alarm/MainActivity; openFileInput\n",
"Lbeelon/android/alarm/MainActivity; SaveConfig\n",
"Lbeelon/android/alarm/MainActivity; openFileOutput\n",
"Lbeelon/android/alarm/MainActivity; onCreate\n",
"Lbeelon/android/alarm/MainActivity; setContentView\n",
"Lbeelon/android/alarm/MainActivity; findViewById\n",
"Lbeelon/android/alarm/MainActivity; onOptionsItemSelected\n",
"Lbeelon/android/alarm/MainActivity; onPrepareOptionsMenu\n",
"Lbeelon/android/alarm/R$attr; <init>\n",
"Lbeelon/android/alarm/R$drawable; <init>\n",
"Lbeelon/android/alarm/R$id; <init>\n",
"Lbeelon/android/alarm/R$layout; <init>\n",
"Lbeelon/android/alarm/R$string; <init>\n",
"Lbeelon/android/alarm/R; <init>\n",
"Lbeelon/android/alarm/SplashActivity$1; <init>\n",
"Lbeelon/android/alarm/SplashActivity$1; handleMessage\n",
"Lbeelon/android/alarm/SplashActivity$2; <init>\n",
"Lbeelon/android/alarm/SplashActivity$2; run\n",
"Lbeelon/android/alarm/SplashActivity; startActivity\n",
"Lbeelon/android/alarm/SplashActivity; finish\n",
"Lbeelon/android/alarm/SplashActivity; <init>\n",
"Lbeelon/android/alarm/SplashActivity; onCreate\n",
"Lbeelon/android/alarm/SplashActivity; setContentView\n",
"Landroid/content/BroadcastReceiver; <init>\n",
"Ljava/lang/Boolean; valueOf\n",
"Ljava/lang/Boolean; parseBoolean\n",
"Ljava/lang/Boolean; booleanValue\n",
"Ljava/util/Properties; <init>\n",
"Ljava/util/Properties; load\n",
"Ljava/util/Properties; getProperty\n",
"Ljava/util/Properties; put\n",
"Ljava/util/Properties; store\n",
"Landroid/content/Context; openFileInput\n",
"Landroid/content/Context; getSystemService\n",
"Landroid/content/Context; getString\n",
"Landroid/util/Log; v\n",
"Landroid/content/Intent; getAction\n",
"Landroid/content/Intent; <init>\n",
"Landroid/content/Intent; setClass\n",
"Ljava/lang/String; equals\n",
"Ljava/lang/String; valueOf\n",
"Ljava/lang/String; length\n",
"Ljava/lang/String; charAt\n",
"Ljava/lang/String; valueOf\n",
"Landroid/telephony/TelephonyManager; getSimState\n",
"Landroid/telephony/TelephonyManager; getSimSerialNumber\n",
"Ljava/lang/StringBuilder; <init>\n",
"Ljava/lang/StringBuilder; append\n",
"Ljava/lang/StringBuilder; toString\n",
"Ljava/lang/StringBuilder; <init>\n",
"Ljava/lang/StringBuilder; append\n",
"Landroid/telephony/SmsManager; getDefault\n",
"Landroid/telephony/SmsManager; sendTextMessage\n",
"Ljava/lang/Object; <init>\n",
"Landroid/content/DialogInterface; cancel\n",
"Landroid/content/DialogInterface; dismiss\n",
"Landroid/view/View; findViewById\n",
"Landroid/widget/EditText; getText\n",
"Landroid/text/Editable; toString\n",
"Landroid/app/AlertDialog$Builder; <init>\n",
"Landroid/app/AlertDialog$Builder; setTitle\n",
"Landroid/app/AlertDialog$Builder; setMessage\n",
"Landroid/app/AlertDialog$Builder; setNegativeButton\n",
"Landroid/app/AlertDialog$Builder; create\n",
"Landroid/app/AlertDialog$Builder; setView\n",
"Landroid/app/AlertDialog$Builder; setPositiveButton\n",
"Landroid/app/Dialog; show\n",
"Landroid/widget/TextView; setText\n",
"Landroid/widget/TextView; getText\n",
"Landroid/widget/TextView; setOnClickListener\n",
"Landroid/view/LayoutInflater; from\n",
"Landroid/view/LayoutInflater; inflate\n",
"Landroid/app/AlertDialog; show\n",
"Landroid/app/Activity; <init>\n",
"Landroid/app/Activity; onCreate\n",
"Landroid/app/Activity; onOptionsItemSelected\n",
"Landroid/app/Activity; onPrepareOptionsMenu\n",
"Landroid/view/MenuItem; getItemId\n",
"Landroid/view/Menu; clear\n",
"Landroid/view/Menu; add\n",
"Landroid/os/Handler; <init>\n",
"Landroid/os/Handler; handleMessage\n",
"Landroid/os/Handler; sendMessage\n",
"Ljava/util/TimerTask; <init>\n",
"Landroid/os/Message; <init>\n",
"Ljava/util/Timer; <init>\n",
"Ljava/util/Timer; schedule\n",
"Landroid/widget/ImageView; <init>\n",
"Landroid/widget/ImageView; setBackgroundResource\n",
"\n",
"\n",
"for di in d:\n",
" for meth in di.get_methods():\n",
" # meth = method.get_method()\n",
" print(meth.get_class_name(),meth.get_name())\n",
"\n",
"\n",
"Lbeelon/android/alarm/AlarmReceiver; <init>\n",
"Lbeelon/android/alarm/AlarmReceiver; LoadConfig\n",
"Lbeelon/android/alarm/AlarmReceiver; onReceive\n",
"Lbeelon/android/alarm/MainActivity$1$1$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$1$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$1$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$1$2; <init>\n",
"Lbeelon/android/alarm/MainActivity$1$2; onClick\n",
"Lbeelon/android/alarm/MainActivity$1; <init>\n",
"Lbeelon/android/alarm/MainActivity$1; access$0\n",
"Lbeelon/android/alarm/MainActivity$1; onClick\n",
"Lbeelon/android/alarm/MainActivity$2; <init>\n",
"Lbeelon/android/alarm/MainActivity$2; onClick\n",
"Lbeelon/android/alarm/MainActivity$3; <init>\n",
"Lbeelon/android/alarm/MainActivity$3; onClick\n",
"Lbeelon/android/alarm/MainActivity; <init>\n",
"Lbeelon/android/alarm/MainActivity; LoadConfig\n",
"Lbeelon/android/alarm/MainActivity; SaveConfig\n",
"Lbeelon/android/alarm/MainActivity; access$0\n",
"Lbeelon/android/alarm/MainActivity; onCreate\n",
"Lbeelon/android/alarm/MainActivity; onOptionsItemSelected\n",
"Lbeelon/android/alarm/MainActivity; onPrepareOptionsMenu\n",
"Lbeelon/android/alarm/R$attr; <init>\n",
"Lbeelon/android/alarm/R$drawable; <init>\n",
"Lbeelon/android/alarm/R$id; <init>\n",
"Lbeelon/android/alarm/R$layout; <init>\n",
"Lbeelon/android/alarm/R$string; <init>\n",
"Lbeelon/android/alarm/R; <init>\n",
"Lbeelon/android/alarm/SplashActivity$1; <init>\n",
"Lbeelon/android/alarm/SplashActivity$1; handleMessage\n",
"Lbeelon/android/alarm/SplashActivity$2; <init>\n",
"Lbeelon/android/alarm/SplashActivity$2; run\n",
"Lbeelon/android/alarm/SplashActivity; <init>\n",
"Lbeelon/android/alarm/SplashActivity; onBackPressed\n",
"Lbeelon/android/alarm/SplashActivity; onCreate\n",
"```"
]
},
{
"cell_type": "markdown",
"metadata": {},