From 7c0714ac435924dfcb0c0c67f6af1a3d0d3b643a Mon Sep 17 00:00:00 2001 From: estomm Date: Thu, 13 Jan 2022 13:20:20 +0800 Subject: [PATCH 1/2] androguard --- Python/androguard/10 androguard源码阅读.ipynb | 22 ++ Python/androguard/3 androguard 入门.ipynb | 352 ++++++++++++++++++ 2 files changed, 374 insertions(+) diff --git a/Python/androguard/10 androguard源码阅读.ipynb b/Python/androguard/10 androguard源码阅读.ipynb index 99fdae0d..a31e667e 100644 --- a/Python/androguard/10 androguard源码阅读.ipynb +++ b/Python/androguard/10 androguard源码阅读.ipynb @@ -18,6 +18,28 @@ "cell_type": "markdown", "metadata": {}, "source": [] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "androguard.core.bytecodes\n", + "androguard.core.analysis\n", + "\n", + "## 对象说明\n", + "\n", + "a d dx对象的作用\n", + "\n", + "* a对象是apk解包的结果\n", + "* d对象是dex文件列表反编译的结果\n", + "* dx对象是dex文件列表交叉引用分析的结果\n", + "\n", + "\n", + "a d dx对象的内容\n", + "* a对象包含解包后的文件,包含xml,从xml分析得到的基本信息,dex文件,resource文件等,供后续进一步分析\n", + "* d对象包含反编译dex后的结果,包含类、方法、字符串的列表。其中反编译后的结果是encodemethod、encodeclass、encodefiled、endcodestring对象的列表\n", + "* dx包含methodAnalysis、ClassAnalysis、FieldAnalysis、StringAnalysis等分析对象的列表" + ] } ], "metadata": { diff --git a/Python/androguard/3 androguard 入门.ipynb b/Python/androguard/3 androguard 入门.ipynb index 74c774d1..57e05ac0 100644 --- a/Python/androguard/3 androguard 入门.ipynb +++ b/Python/androguard/3 androguard 入门.ipynb @@ -443,6 +443,358 @@ "```" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## 关键对象的方法和属性\n", + "\n", + "主要指a/d/dx方法返回的结果是一些其他的对象和方法。这些对象完成了后续的主要分析工作。\n", + "\n", + "MethodAnalysis对象的getmethod会返回两种类型的值,一种是ExternalMehtod,一种是EncodeMehtod。前者是外部的方法,后者是内部的方法。\n", + "\n", + "### 对象ExternalMethod的方法和属性\n", + "\n", + "```\n", + "['__class__',\n", + "'__delattr__',\n", + "'__dict__',\n", + "'__dir__',\n", + "'__doc__', \n", + "'__eq__', \n", + "'__format__', \n", + "'__ge__', \n", + "'__getattribute__', \n", + "'__gt__', \n", + "'__hash__', \n", + "'__init__', \n", + "'__init_subclass__', \n", + "'__le__', \n", + "'__lt__', \n", + "'__module__', \n", + "'__ne__', \n", + "'__new__', \n", + "'__reduce__', \n", + "'__reduce_ex__', \n", + "'__repr__', \n", + "'__setattr__', \n", + "'__sizeof__', \n", + "'__str__', \n", + "'__subclasshook__', \n", + "'__weakref__', \n", + "'class_name', \n", + "'descriptor', \n", + "'get_access_flags_string', \n", + "'get_class_name', \n", + "'get_descriptor', \n", + "'get_name', \n", + "'name']\n", + "```\n", + "\n", + "### 对象EncodeMethod的方法和属性\n", + "> 反编译后的方法,d、dx中都可以返回该对象\n", + "androguard.core.bytecodes.dvm.EncodedMethod\n", + "\n", + "```\n", + "['CM',\n", + " '__class__',\n", + " '__delattr__',\n", + " '__dict__',\n", + " '__dir__',\n", + " '__doc__',\n", + " '__eq__',\n", + " '__format__',\n", + " '__ge__',\n", + " '__getattribute__',\n", + " '__gt__',\n", + " '__hash__',\n", + " '__init__',\n", + " '__init_subclass__',\n", + " '__le__',\n", + " '__lt__',\n", + " '__module__',\n", + " '__ne__',\n", + " '__new__',\n", + " '__reduce__',\n", + " '__reduce_ex__',\n", + " '__repr__',\n", + " '__setattr__',\n", + " '__sizeof__',\n", + " '__str__',\n", + " '__subclasshook__',\n", + " '__weakref__',\n", + " 'access_flags',\n", + " 'access_flags_string',\n", + " 'add_inote',\n", + " 'add_note',\n", + " 'adjust_idx',\n", + " 'class_name',\n", + " 'code',\n", + " 'code_off',\n", + " 'each_params_by_register',\n", + " 'get_access_flags',\n", + " 'get_access_flags_string',\n", + " 'get_address',\n", + " 'get_class_name',\n", + " 'get_code',\n", + " 'get_code_off',\n", + " 'get_debug',\n", + " 'get_descriptor',\n", + " 'get_information',\n", + " 'get_instruction',\n", + " 'get_instructions',\n", + " 'get_length',\n", + " 'get_locals',\n", + " 'get_method_idx',\n", + " 'get_method_idx_diff',\n", + " 'get_name',\n", + " 'get_raw',\n", + " 'get_short_string',\n", + " 'get_size',\n", + " 'get_source',\n", + " 'get_triple',\n", + " 'is_cached_instructions',\n", + " 'load',\n", + " 'loaded',\n", + " 'method_idx',\n", + " 'method_idx_diff',\n", + " 'name',\n", + " 'notes',\n", + " 'offset',\n", + " 'proto',\n", + " 'reload',\n", + " 'set_code_idx',\n", + " 'set_instructions',\n", + " 'set_name',\n", + " 'show',\n", + " 'show_info',\n", + " 'show_notes',\n", + " 'source']\n", + "```\n", + "\n", + "### 对象MethodAnalysis的方法和属性\n", + "> 分析对象dx,get_method方法返回的分析对象\n", + "\n", + "analysis.MethodClassAnalysis\n", + "\n", + "```\n", + "['AddXrefFrom',\n", + " 'AddXrefTo',\n", + " '__class__',\n", + " '__delattr__',\n", + " '__dict__',\n", + " '__dir__',\n", + " '__doc__',\n", + " '__eq__',\n", + " '__format__',\n", + " '__ge__',\n", + " '__getattribute__',\n", + " '__gt__',\n", + " '__hash__',\n", + " '__init__',\n", + " '__init_subclass__',\n", + " '__le__',\n", + " '__lt__',\n", + " '__module__',\n", + " '__ne__',\n", + " '__new__',\n", + " '__reduce__',\n", + " '__reduce_ex__',\n", + " '__repr__',\n", + " '__setattr__',\n", + " '__sizeof__',\n", + " '__str__',\n", + " '__subclasshook__',\n", + " '__weakref__',\n", + " 'access',\n", + " 'apilist',\n", + " 'descriptor',\n", + " 'get_method',\n", + " 'get_xref_from',\n", + " 'get_xref_to',\n", + " 'is_android_api',\n", + " 'is_external',\n", + " 'method',\n", + " 'name',\n", + " 'xreffrom',\n", + " 'xrefto']\n", + "```" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## d和dx对象get_method方法的区别\n", + "d是反编译的文件,其中有get_method和get_methods方法,都是反编译后用户自定义的函数,其对应相应的代码块。不包含外部函数\n", + "dx是对反编译的文件分析后的结果,其中get_method和get_methods方法,都是分析后的结果,包含调用的外部函数等。能够判定是不是外部函数。也就是说返回对象可能有两种形式MethodAnalysis,一种是EncodeMethod,一种是ExternalMethod\n", + "\n", + "\n", + "```\n", + "from androguard.misc import AnalyzeAPK\n", + "filename = '/media/ykl2/Dataset/Drebin/malware/00088e191503bbfbd5c56a789a71e8c718e42ea422ec73c760ee2de489e02b2e'\n", + "a,d,dx = AnalyzeAPK(filename)\n", + "\n", + "for method in dx.get_methods():\n", + " meth = method.get_method()\n", + " print(meth.get_class_name(),meth.get_name())\n", + "\n", + "Lbeelon/android/alarm/AlarmReceiver; \n", + "Lbeelon/android/alarm/AlarmReceiver; LoadConfig\n", + "Lbeelon/android/alarm/AlarmReceiver; onReceive\n", + "Lbeelon/android/alarm/MainActivity$1$1$1; \n", + "Lbeelon/android/alarm/MainActivity$1$1$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$1$1; \n", + "Lbeelon/android/alarm/MainActivity$1$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$1$2; \n", + "Lbeelon/android/alarm/MainActivity$1$2; onClick\n", + "Lbeelon/android/alarm/MainActivity$1; access$0\n", + "Lbeelon/android/alarm/MainActivity$1; \n", + "Lbeelon/android/alarm/MainActivity$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$2; \n", + "Lbeelon/android/alarm/MainActivity$2; onClick\n", + "Lbeelon/android/alarm/MainActivity$3; \n", + "Lbeelon/android/alarm/MainActivity$3; onClick\n", + "Lbeelon/android/alarm/MainActivity; getSystemService\n", + "Lbeelon/android/alarm/MainActivity; access$0\n", + "Lbeelon/android/alarm/MainActivity; \n", + "Lbeelon/android/alarm/MainActivity; LoadConfig\n", + "Lbeelon/android/alarm/MainActivity; openFileInput\n", + "Lbeelon/android/alarm/MainActivity; SaveConfig\n", + "Lbeelon/android/alarm/MainActivity; openFileOutput\n", + "Lbeelon/android/alarm/MainActivity; onCreate\n", + "Lbeelon/android/alarm/MainActivity; setContentView\n", + "Lbeelon/android/alarm/MainActivity; findViewById\n", + "Lbeelon/android/alarm/MainActivity; onOptionsItemSelected\n", + "Lbeelon/android/alarm/MainActivity; onPrepareOptionsMenu\n", + "Lbeelon/android/alarm/R$attr; \n", + "Lbeelon/android/alarm/R$drawable; \n", + "Lbeelon/android/alarm/R$id; \n", + "Lbeelon/android/alarm/R$layout; \n", + "Lbeelon/android/alarm/R$string; \n", + "Lbeelon/android/alarm/R; \n", + "Lbeelon/android/alarm/SplashActivity$1; \n", + "Lbeelon/android/alarm/SplashActivity$1; handleMessage\n", + "Lbeelon/android/alarm/SplashActivity$2; \n", + "Lbeelon/android/alarm/SplashActivity$2; run\n", + "Lbeelon/android/alarm/SplashActivity; startActivity\n", + "Lbeelon/android/alarm/SplashActivity; finish\n", + "Lbeelon/android/alarm/SplashActivity; \n", + "Lbeelon/android/alarm/SplashActivity; onCreate\n", + "Lbeelon/android/alarm/SplashActivity; setContentView\n", + "Landroid/content/BroadcastReceiver; \n", + "Ljava/lang/Boolean; valueOf\n", + "Ljava/lang/Boolean; parseBoolean\n", + "Ljava/lang/Boolean; booleanValue\n", + "Ljava/util/Properties; \n", + "Ljava/util/Properties; load\n", + "Ljava/util/Properties; getProperty\n", + "Ljava/util/Properties; put\n", + "Ljava/util/Properties; store\n", + "Landroid/content/Context; openFileInput\n", + "Landroid/content/Context; getSystemService\n", + "Landroid/content/Context; getString\n", + "Landroid/util/Log; v\n", + "Landroid/content/Intent; getAction\n", + "Landroid/content/Intent; \n", + "Landroid/content/Intent; setClass\n", + "Ljava/lang/String; equals\n", + "Ljava/lang/String; valueOf\n", + "Ljava/lang/String; length\n", + "Ljava/lang/String; charAt\n", + "Ljava/lang/String; valueOf\n", + "Landroid/telephony/TelephonyManager; getSimState\n", + "Landroid/telephony/TelephonyManager; getSimSerialNumber\n", + "Ljava/lang/StringBuilder; \n", + "Ljava/lang/StringBuilder; append\n", + "Ljava/lang/StringBuilder; toString\n", + "Ljava/lang/StringBuilder; \n", + "Ljava/lang/StringBuilder; append\n", + "Landroid/telephony/SmsManager; getDefault\n", + "Landroid/telephony/SmsManager; sendTextMessage\n", + "Ljava/lang/Object; \n", + "Landroid/content/DialogInterface; cancel\n", + "Landroid/content/DialogInterface; dismiss\n", + "Landroid/view/View; findViewById\n", + "Landroid/widget/EditText; getText\n", + "Landroid/text/Editable; toString\n", + "Landroid/app/AlertDialog$Builder; \n", + "Landroid/app/AlertDialog$Builder; setTitle\n", + "Landroid/app/AlertDialog$Builder; setMessage\n", + "Landroid/app/AlertDialog$Builder; setNegativeButton\n", + "Landroid/app/AlertDialog$Builder; create\n", + "Landroid/app/AlertDialog$Builder; setView\n", + "Landroid/app/AlertDialog$Builder; setPositiveButton\n", + "Landroid/app/Dialog; show\n", + "Landroid/widget/TextView; setText\n", + "Landroid/widget/TextView; getText\n", + "Landroid/widget/TextView; setOnClickListener\n", + "Landroid/view/LayoutInflater; from\n", + "Landroid/view/LayoutInflater; inflate\n", + "Landroid/app/AlertDialog; show\n", + "Landroid/app/Activity; \n", + "Landroid/app/Activity; onCreate\n", + "Landroid/app/Activity; onOptionsItemSelected\n", + "Landroid/app/Activity; onPrepareOptionsMenu\n", + "Landroid/view/MenuItem; getItemId\n", + "Landroid/view/Menu; clear\n", + "Landroid/view/Menu; add\n", + "Landroid/os/Handler; \n", + "Landroid/os/Handler; handleMessage\n", + "Landroid/os/Handler; sendMessage\n", + "Ljava/util/TimerTask; \n", + "Landroid/os/Message; \n", + "Ljava/util/Timer; \n", + "Ljava/util/Timer; schedule\n", + "Landroid/widget/ImageView; \n", + "Landroid/widget/ImageView; setBackgroundResource\n", + "\n", + "\n", + "for di in d:\n", + " for meth in di.get_methods():\n", + " # meth = method.get_method()\n", + " print(meth.get_class_name(),meth.get_name())\n", + "\n", + "\n", + "Lbeelon/android/alarm/AlarmReceiver; \n", + "Lbeelon/android/alarm/AlarmReceiver; LoadConfig\n", + "Lbeelon/android/alarm/AlarmReceiver; onReceive\n", + "Lbeelon/android/alarm/MainActivity$1$1$1; \n", + "Lbeelon/android/alarm/MainActivity$1$1$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$1$1; \n", + "Lbeelon/android/alarm/MainActivity$1$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$1$2; \n", + "Lbeelon/android/alarm/MainActivity$1$2; onClick\n", + "Lbeelon/android/alarm/MainActivity$1; \n", + "Lbeelon/android/alarm/MainActivity$1; access$0\n", + "Lbeelon/android/alarm/MainActivity$1; onClick\n", + "Lbeelon/android/alarm/MainActivity$2; \n", + "Lbeelon/android/alarm/MainActivity$2; onClick\n", + "Lbeelon/android/alarm/MainActivity$3; \n", + "Lbeelon/android/alarm/MainActivity$3; onClick\n", + "Lbeelon/android/alarm/MainActivity; \n", + "Lbeelon/android/alarm/MainActivity; LoadConfig\n", + "Lbeelon/android/alarm/MainActivity; SaveConfig\n", + "Lbeelon/android/alarm/MainActivity; access$0\n", + "Lbeelon/android/alarm/MainActivity; onCreate\n", + "Lbeelon/android/alarm/MainActivity; onOptionsItemSelected\n", + "Lbeelon/android/alarm/MainActivity; onPrepareOptionsMenu\n", + "Lbeelon/android/alarm/R$attr; \n", + "Lbeelon/android/alarm/R$drawable; \n", + "Lbeelon/android/alarm/R$id; \n", + "Lbeelon/android/alarm/R$layout; \n", + "Lbeelon/android/alarm/R$string; \n", + "Lbeelon/android/alarm/R; \n", + "Lbeelon/android/alarm/SplashActivity$1; \n", + "Lbeelon/android/alarm/SplashActivity$1; handleMessage\n", + "Lbeelon/android/alarm/SplashActivity$2; \n", + "Lbeelon/android/alarm/SplashActivity$2; run\n", + "Lbeelon/android/alarm/SplashActivity; \n", + "Lbeelon/android/alarm/SplashActivity; onBackPressed\n", + "Lbeelon/android/alarm/SplashActivity; onCreate\n", + "```" + ] + }, { "cell_type": "markdown", "metadata": {}, From b07f684fcb116d569507cd7f88711fd76a8f543a Mon Sep 17 00:00:00 2001 From: estomm Date: Thu, 13 Jan 2022 13:55:29 +0800 Subject: [PATCH 2/2] 123 --- Linux/工具篇/Scp远程拷贝.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 Linux/工具篇/Scp远程拷贝.md diff --git a/Linux/工具篇/Scp远程拷贝.md b/Linux/工具篇/Scp远程拷贝.md deleted file mode 100644 index e69de29b..00000000