-
-
Notifications
You must be signed in to change notification settings - Fork 45
/
slicer.py
144 lines (114 loc) · 4.84 KB
/
slicer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import xml.etree.ElementTree as ET
import argparse
from os import path
import sys
import requests
import json
xmlns = "{http://schemas.android.com/apk/res/android}"
analysis = dict()
def is_accessible(child):
"""check if the component is accessible or not.
Args:
child : children element of the component
Returns:
activities(dict): dictionary format containing
information about the component
"""
activities = {}
filters = {}
if xmlns + "exported" in child.attrib:
# It's exported so just get the intents and play with it
pass
if child.find("intent-filter"):
name = child.attrib[xmlns + "name"]
for element in child.findall("intent-filter"):
for elem in element:
# Here is a possibility of error like out of index
filters[elem.tag] = list(elem.attrib.values())[0]
activities[child.tag] = name
activities["intent-filters"] = filters
return activities
def process_manifest(tree):
"""process the Android manifest and find out all
the exported or accessible components
Args:
tree: xml.ElementTree Object
"""
analysis["Google Keys"] = analysis["Keys/Tokens"] = []
for child in tree.iter():
if child.tag == "manifest":
analysis["version"] = child.attrib[xmlns + "versionName"]
if xmlns + "allowBackup" in child.attrib:
analysis["allowBackup"] = child.attrib[xmlns + "allowBackup"]
analysis["package"] = child.attrib["package"]
elif child.tag == "application":
if xmlns + "debuggable" in child.attrib:
analysis["debuggable"] = child.attrib[xmlns + "debuggable"]
elif child.tag in ["activity", "service", "receiver", "provider"]:
component = is_accessible(child)
if component:
if child.tag not in analysis:
analysis[child.tag] = []
analysis[child.tag].append(component)
def find_keys(strings_path: str, config):
"""Find the api keys in strings.xml and AndroidManifest.xml
Args:
strings_path (str): path to the strings.xml file
config (json): JSON object of the config file
"""
values = ET.parse(strings_path)
for child in values.iter():
if "name" in child.attrib:
attrib_name = child.attrib["name"]
if attrib_name == "firebase_database_url":
url = child.text + "/.json"
r = requests.get(url)
if r.status_code != 401 and "disabled" not in r.content:
analysis["Firebase"] = (url, r.status_code)
elif attrib_name == "google_api_key" or attrib_name == "google_map_keys":
key = child.text
for _, v in config["URLs"].items():
url = v + key
r = requests.get(url)
if (
r.status_code != 403
and b"API project is not authorized" not in r.content
):
analysis["Google Keys"].append({url: r.status_code})
else:
for i in ["api", "keys", "token"]:
if i in attrib_name.lower() and attrib_name.lower() not in [
"abc_capital_off",
"abc_capital_on",
"currentApiLevel",
]:
analysis["Keys/Tokens"].append({attrib_name: child.text})
def main(directory: str, config_file: str):
"""Drive the whole program
Args:
directory (str): directory which we have to process
config_file (str): path to the config file
"""
if path.isdir(directory) and path.exists(config_file):
with open(config_file, "r") as f:
config = json.load(f)
else:
config = {}
sys.exit(
"\n - Couldn't find the app or the config, please check the give path again"
)
manifest_path = path.join(directory, config["paths"]["manifest"])
strings_path = path.join(directory, config["paths"]["strings"])
if path.isfile(manifest_path):
tree = ET.parse(manifest_path)
process_manifest(tree)
find_keys(strings_path, config)
with open(analysis["package"] + ".json", "w") as f:
json.dump(analysis, f)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Slicer")
parser.add_argument("-d", "--dir", help="path to the jadx directory")
parser.add_argument("-c", "--config", help="path to the config file in json format")
args = parser.parse_args()
if args.dir and args.config:
main(args.dir, args.config)