cryptax / droidlysis Goto Github PK

I am trying to run droidlysis as distributed with Remnux and I am recieving an error:

Traceback (most recent call last):
  File "/user/local/bin/droidlysis", line 9 in <module>
    droidlysis3.process_input(args)
  File "/usr/local/packagesbin/droidlysis3.py", line 105, in process_input
    config = generalconfig(filename=args.config, verbose=args.verbose)
  File "/usr/local/lib/python3.8/dist-packages/droidconfig.py", line 15, in __init__
    self.APKTOOL_JAR = self.config['tools']['apktool']
  File "/usr/lib/python3.8/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'tool'

This may very well be more of an "me" problem, though I thought I'd at least ask if this is something I can fix.

Current and up-to-date Remnux install, Version 3.4.3 of droidlysis.

I just figured out that you're using the manifest file dumped using apktool to parse it, and I don't see any place where androguard is being used.

Androguard alone makes my docker container big, is it a possibility if you can remove the androguard dependency altogether?

I have just packaged DroidLysis for Debian and uploaded it for inclusion. All of the dependencies are already in Debian except for dex2jar and procyon. Unfortunately dex2jar looks like a lot of work to package and baksmali should cover a lot of use cases already. Would it be possible to make dex2jar optional? The good news is that procyon looks easy to package, if that helps.

The source for the Debian package will turn up here soon:
https://salsa.debian.org/python-team/applications/droidlysis

There are some community maintained collections of tracker signatures that droidlysis could use as well. For example:

• Exodus Privacy - https://github.com/Exodus-Privacy/exodus/blob/v1/doc/api.md#api-endpoints
• ETIP from Exodus Privacy - https://etip.exodus-privacy.eu.org/api/trackers/?format=json
• F-Droid SUSS - https://gitlab.com/fdroid/fdroid-suss

This is how F-Droid integrated them:
https://gitlab.com/fdroid/fdroidserver/-/merge_requests/1218/diffs

#8 7123ce7 removed the use of androguard entirely. It can easily be used if it is present, so it doesn't have to be requirement. androguard is available from Debian, so there it is easy to install. Basically, in a function, do:

def get_axml():
    try:
        import androguard
        # do androguard things here
    except ImportError:
        pass

Or something like:
https://gitlab.com/fdroid/fdroidserver/-/blob/c78aeb39473084b3459f8212730f4e15439bdbb9/fdroidserver/common.py#L2481

fdroidserver used to do that for a long time, now it requires androguard because it has proven the easiest and most reliable way to get certain bits of data. For example:

• https://gitlab.com/fdroid/fdroidserver/-/blob/c78aeb39473084b3459f8212730f4e15439bdbb9/fdroidserver/common.py#L2529
• https://gitlab.com/fdroid/fdroidserver/-/blob/c78aeb39473084b3459f8212730f4e15439bdbb9/fdroidserver/common.py#L2593
• https://gitlab.com/fdroid/fdroidserver/-/blob/c78aeb39473084b3459f8212730f4e15439bdbb9/fdroidserver/common.py#L2996

Alternatively, you might have luck with the pyaxmlparser library.

Since the script droidconfig.py has been changed to use the configparser library. The sed command no longer works in the Dockerfile.

The lines:

RUN sed -i 's/~\/softs/\/opt/g' /opt/droidlysis/droidconfig.py
RUN sed -i "s/apktool_\(.*\).jar/apktool_${APKTOOL_VERSION}.jar/g" /opt/droidlysis/droidconfig.py
RUN sed -i "s/baksmali-\(.*\).jar/baksmali-${SMALI_VERSION}.jar/g" /opt/droidlysis/droidconfig.py

Must be changed to

RUN sed -i 's#~/softs#/opt#g' /opt/droidlysis/conf/general.conf

root@f011eaf1b10d:/opt/droidlysis# python3 droidlysis --input ./mysample.apk --output . --config /opt/droidlysis/conf/general.conf

WARNING:droidconfig.py:Cannot access /opt/procyon-decompiler-0.5.30.jar - check your configuration file /opt/droidlysis/conf/general.conf
END

When using droidlysis with the sample Signal apk and the following:

droidlysis --config /usr/local/lib/python3.8/dist-packages/conf/general.conf --input Signal-Android-website-prod-universal-release-6.19.8.apk --output .

The following occurs:

WARNING:droidsample.py:Dex2jar software is not executable, skipping (file: /usr/bin/d2j-dex2jar)
WARNING:droidsample.py:Dex2jar software is not executable, skipping (file: /usr/bin/d2j-dex2jar)
WARNING:droidsample.py:Dex2jar software is not executable, skipping (file: /usr/bin/d2j-dex2jar)
WARNING:droidsample.py:Dex2jar software is not executable, skipping (file: /usr/bin/d2j-dex2jar)
WARNING:droidsample.py:Dex2jar software is not executable, skipping (file: /usr/bin/d2j-dex2jar)

I can confirm that this is, in fact, executable, and when reviewing the code for droidsample.py, I noticed that the indent may be in the wrong place for the verbosity. Either that, or the logic for lines 327 and 328 may need to be re-evaluated.

I re-executed the above command with --verbose and the examination completed successfully.

Hi,

The author of Procyon has moved from Bitbucket to Github.

However, they do not provide downloadable jar files anymore on either Bitbucket or Github. Although I do see that it can possibly be built using ./gradlew build command as seen in their bitbucket-pipelines.yml

I think it would be nice to verify and document how to compile procyon-decompiler.jar, and remove the wget procyon-decompiler part in the README.

I'm willing to try and contribute that part. What do you think?

The README file states that to install the python3 dependencies one can use the command pip3 install -r requirements however the requirements file doesn't exist in the repository.

How can I run it on Windows?

As per instruction in github, installed Droidlysis and setup paths.

When running command :-

sudo python3 ./droidlysis3.py --input ~/softs/smshandler.apk --output ~/softs/tmp

There is error log,

Processing: /root/softs/smshandler.apk ...
Filename: /root/softs/smshandler.apk
Traceback (most recent call last):
File "./droidlysis3.py", line 144, in <module> process_input(args)
File "./droidlysis3.py", line 78, in process_input process_file(os.path.join('.',element), args.output, args.verbose, args.clearoutput, args.enable_procyon, args.disable_report, args.silent, args.no_kit_exception)
File "./droidlysis3.py", line 92, in process_file sample = droidsample.droidsample(infile, outdir, verbose, clear, enable_procyon, disable_report, silent, no_kit_exception)
File "/root/softs/droidlysis/droidsample.py", line 51, in __init__ verbose=self.verbose)
File "/root/softs/droidlysis/droidproperties.py", line 53, in __init__ self.clear_fields()
File "/root/softs/droidlysis/droidproperties.py", line 97, in clear_fields self.smaliconfig = droidconfig.droidconfig(droidconfig.SMALI_CONFIGFILE, self.verbose)
File "/root/softs/droidlysis/droidconfig.py", line 25, in __init__ assert os.access(filename, os.R_OK) != False, "File {0} is not readable".format(filename) AssertionError: File ~/./conf/smali.conf is not readable

Can you help, what should I do.

Below is the smali.conf permission manager, didn't touch it :-

There are a number of maintained AndroidManifest.xml dumpers, including at least two written in Python and are in Debian: androguard and pyaxmlparser. The use of axmlprinter2 should be replaced by one of those. Then all the dependencies (except maybe dex2jar) would be available from Debian.

For sheer speed, there is https://github.com/avast/apkparser but that is written in Go, so it would require an exec call.

The standard way to build/make a Python package is setup.py It is in Python and is quite simple and well documented. This project should get rid of the Makefile and use the standard setup.py. Then it can easily be published and installed with pip and any distro package can trivially use the setup.py.

Good evening,

Hate to be 'that guy', but after you fixed the most recent issue regarding verbose mode, two new issues popped up. This particular one is as follows:

$ droidlysis --config /usr/local/lib/python3.8/dist-packages/conf/general.conf -i Signal-Android-website-prod-universal-release-6.19.8.apk -o .
Traceback (most recent call last):
  File "/usr/local/bin/droidlysis", line 9, in <module>
    droidlysis3.process_input(args)
  File "/usr/local/bin/droidlysis3.py", line 106, in process_input
    config = generalconfig(filename=args.config, verbose=args.verbose)
  File "/usr/local/lib/python3.8/dist-packages/droidconfig.py", line 40, in __init__
    logging.verbose(f'Copying {self.DISTRIB_KIT_CONFIGFILE}'
AttributeError: module 'logging' has no attribute 'verbose'

I did confirm by importing logging that verbose is not an available option. Looks like this might have been introduced in 09c1f60.

The other issue will be raised separately.

Cheers!