教你如何高效的检查APK中使用敏感权限的地方以及检查某系统方法被调用的地方

前言

信赖最近在App上架运用商店的同学都感受到了,国内对用户的隐私越来越注重,如MAC地址,设备ID,IMEI信息等,要么就干脆不用,要么就必须很明显的奉告用户想要获取这些信息,相关法令及规矩,参阅《网络安全法》及《关于打开APP危害用户权益专项整治作业的告知》

开宗明义

废话不多说,找javascript了几个反编译东西,并简略看了下运https和http的差异用办法,最终确认androguard,官方说明:对Android运用程序的逆向工程、歹意软件和歹意软件剖析,它供应jetbrains clion了一系列的Apk以及dex、odex、arsc等文件的剖析处理功用,可java言语以轻松的协助咱们找到调用体系权限的当地。且pythttp://www.baidu.comhon脚本实施,工程造价几乎不能再好用了

环境

  • python
https://www.龚俊python.org
  • pycharm
https://wjetbrains什么意思ww.jetbrains.com/pycharm/download/
  • andr安全oguard
https://androguard.readthedocs.io/en/latest/

设备

pip install -U androgujava初学ard

假设想在命令行直接操作,请在设备完后实施如下:

androguard analyze

实施后如图:
教你怎样高效的检查APK中运用敏感权限的当地以及检查某体系办法被调用的当地
然后再加载apk,在上面实施后,输入如下:

a, d, dx = AnalyzeAPK("examples/android/abcore/app-jetbrains datagripprod-debug.apk")

apk加载完结后就能够调用相关api来获取信息

获取权google

In [2]: a.get_permissions()
Out[2]:
['android.permission.INTERNET',
'ahttps和http的差异ndroid.permission.WRITE_EXTEjetbrains datagripRJavaNAL_STORAGE',
'android.permission.ACCESS_WIFI_STATE',
'http代理android.permission.ACCESS_NETWORK_STATE']

获取Activity

In [3]: a.get_activities()
Out[3]:
['com.greenaddress.安全教育渠道abcore.MainActivity',
'com.gjava模拟器reenaddress.abcore.Bitcojava模拟器inConfEditActivjetbrains激活码ity',
'安全教育渠道登录进口com.greenaddress.a安全工程bcore.AboutActivity',
'com.greenaddress.abcore.Setti工商银行ngsActivity',
'com.greenaddress.abcore.Dow工程造价nloadSettingsActivity',
'com.greenaddress.ajetbrains有哪些产品bcore.PeerActivity',
'com.greenaddress.abcore.P安全期计算器rogressActivity',
'com.greenaddresJavas.abcore.安全LogActivity',
'com.greenaddress.abcore.ConsoleActi工程造价vity',
'com.greenaddress.abcore.DownloadActivity']

其他

# 包名
In [4]: a.get_package()
Out[4]: 'com.greenaddress.abcore'
# app名字
In [5]: a.get_app_name()
Out[5]: u'ABCore'
# logo
In [6]:jetbrains激活码 a.jetbrains怎样读get_app_i狗狗币con()
Out[枸杞6]: u'rehttp协议s/mipmap-xxxhdpi-v4/ic_launcher.png'
# 版别号
In [7]: a.get_androidversion_code()
Out[7]: '2162'
# 版别名
In [8]: a.get_androidversion_name()
Out[8]: '0.62'
# 最低sdk支撑
In [9]: a.get_min_sdk_versijetbrains datagripon()java言语
Out[9]: '21'
# 最高
In [10]: a.安全工程get_max_sdk_version()
# 方针版别
In [11]: a.get_target_sdk_version()
Out[11]: '27'
# 获取有用方针版别
In [12]: a.get_effective_target工商管理_sdk_version()
Out[12]: 27
# manifest文件
In [13]: a.get_android_manifest_xml()
Out[13]: &l安全教育渠道t;Element manifest at 0x7f9d01587b00>

等等吧,Api实在是太多了,仍是注重官方文档吧,只有你想不到,没有它没有的,如下链接:

https://androguard.readthedocs.io/en/latest/intro/gettingsgoogletarted.html#using-the-analysis安全教育渠道-object

更多http://192.168.1.1登录demo

https安全期是哪几天://github.com/androguar宫颈癌d/androguard/tree/master/examples

下面直接开端实践。

检索运用活络权限的当地并输出文件

下面便是检查APK中运用活络权限的完结,请看:

import ojetbrains什么意思s
import sys
# 引入androguard的途径,依据个人存放的位置而定
androguard_mojava工作培训班dule_path工程造价 = os.path.join(os.path.dirname(os.path.abJavaspath(Go__file__)), 'androguard')
if njavascriptot androguard_modu工程造价le_枸杞path in sys.path:
sys.path.append(androguard_module_path)
from androguard.misc import AnalyzeAPK
from androguard.core.andr安全工程oconf impo工程造价rt load_api_specific_resource_module
path = r"/apk"
out_path = r"/out"
files = []
path_list = os.listdir(path)
path_list.sort工程造价()
for name in path_li安全教育渠道st:
if os.path.isfile(os.path.join(path, name)):
files.ap安全期是哪几天pend(name)
def main():
for apkFile in files:
file_name = os.path.splitext(apkFile)[0]
print(apkFile)
out = AnalyzeAPK(path + '/' + apkFile)
# apk object 笼统apk方针,能够获取apk的一些信息,如版别号、包名、Activity等
a = out[0]
# DalvikVMFormat 数组,一个元素其实对应的是class.dex,能够从jetbrains datagripDEX文件中获取类、办法或字符串。
d = out[1]
# Analysis 剖析方针,java面试题因为它包括特别的类,这些类链接有关classes.dex的信息,甚至能够一java工作培训班次处理许多dex文件,所以下面咱们从这里面来剖析整个apk
dx =公积金 out[2javascript]
# api和权限映射
# 输jetbrains有哪些产品出文件途径
api_perm_filename = os.path宫颈癌前期症状.join(out_path, file_name + "_api-perm.txt")
api_pehttps和http的差异rm_file = open(api_perm_filename, 'w', encoding='utf-8')
# 权限映射map
permissionMap = load_api_sGopecific_resjetbrains ideaource_mod安全教育ule('api_permission_mappings')
# 遍历apk全部办法
for meth_analysis in dx.get_工商管理methods():
meth = meth_analysis.get_method()宫颈癌
# 获取类名、办法名
name = meth.Goget_class_name() + "-" + meth.get_name() + "-" + str(
meth.get_descriptor())
forjetbrains中文版 k, v in permissionMap.items():
# 匹配体系权限办法,匹配上就输出到文件中
if name == k:
result = str(meth) + ' : ' + str(v)
api_perm_file.write(result + 'n'安全教育渠道登录进口)
api_perm_file.clos工程造价e()
if __name__ == '__main__':
main()

输出作用

Lan公积金droidhttp://192.168.1.1登录/app/Activity;->navigateUpT安全出产法o(Lanjavascriptdroid/content/Intent;)Z : ['android.permission.BROhttp 404ADCASjetbrains激活码T_STICKY']
Landroid/app/Activity;->onMenuItemSelecthttp://www.baidu.comed(I Landroid/view/MenuItem;)Zjavascript : ['ajava怎样读ndroid.permission.BROADCAST_STICKY']
Landroid/app/Activity;-安全教育渠道登录进口>setRequegooglestedOrientation(I)V : ['andr安全教育oid.permission.BROADCAST_Sjetbrains clionTICKY']
Landroid/app/Activity;->unregisterReceiver(Landroid/conjetbrains有哪些产品tent/BroadcastReceiver;)V : ['android.permission公积金.BROADCAST_STIhttp 500CKY']
Landroid/os/PowerManager$WakeLock;->acquire(J)V : ['android.permissJetBrainsion.WAKE_LO工程造价CK']
Landroid/os/PowerManag狗狗币er$WakeLock;->release()V : ['android.permission.Whttps和http的差异AKE_LOCK']
Landroid/location/Ljetbrains中文版ocationManager;->isProviderEnabled(Ljava/lang/String;)Z : ['android.permission.ACCESS_COARSE_LOCATION', 'andrJavaoid.permission.ACCESS_F工商银行INE_LOCATION']
Landroid/location/LocationManager;->getLastKnownLocation(Ljava/lang/String;)Landroid/location/Location; : ['andjetbrains是什么软件roid.p宫颈癌ermission.ACCESS_COARSE_LOCATION', 'android.permission.ACCES枸杞S_F狗狗币INE_LOCATION']
Landroid/app/ActivityManagehttp 500r;-httpclient>getRunningTasks(I)Ljava/util/List; : ['android.permission.GET_TASKS']
Lanhttp 302droid/accounts/AccountManager;->invalidateAuthToken(Ljava/lang/String; Ljava/lang/String;)V : ['android.java难学吗permission.MANAGE_ACCOUNTS', '安全期是哪几天android.permission.USE_CREDENTIALS']
Landroid/net/ConnectivityManager;->getNetworkInfo(I)Landroid/net/Netjetbrains ideaworkInfo; : ['android.permission.ACCESS_NETWORK_STATE']
Landroid/net/CHTTPonnectivhttpclientityManager;->isActiveNetjava言语workMJavaetered()Z : ['anHTTPdroid.permission.ACCESS_NETWORK_STATE']
Landroid/net/ConnectivityManag工商管理ehttp://www.baidu.comr;->getActiveNetworkInfo()Landroid/net/NetworkInfo; : ['android.permisjava难学吗sion.ACCESS_NETjava面试题WORK_STATE']
Landroid/telephony/T安全教育渠道elephonyjava难学吗Manager;->getDeviceId()Ljava/lang/String; : ['android.permission.READ_PHONE_STATE']
Landroid/telephony/TelephonyManager;->getSubscriberId()Ljava/lang/Stringjetbrains什么意思; : ['安全期计算器android.permission.READ_PHONE_STATE']
Landroijava面试题d/telephony/TelephonyManager;->getSimSerialNumbe宫颈癌前期症状r()Ljava/lang/String; : ['android.permisGosion.READ_PHONE_STAT安全教育渠道登录E']

输出的体系类、调用办法、需求的权限。

检索某体系办法被调用的当地并打印

im安全期计算器port os
import sys
#Java 引入androguard的途径,依据个人存httpclient放的位置而定
androguard_module_path = os.path.join(os.httpclientpath.dirname(os.path.abspath(_工程造价_file__)), 'androguard')
if not androguard_module_path in sys.path:
sys.path.append(androguard_module_path)
from androguard.misc import AnalyzeAPK
from androguard.core.androconf import load_api_specific_resource_module
p狗狗币ath = r"/apk"
out_path = r"/out"
files = []
path_list = os.l安全istdir(path)
path_li龚俊st.sort()
for name in path_list:
if枸杞 os.path.isfile(os.path.join(path, name)):
files.append(name)
def main():
for apkFileHTTP injavaee files:
file_name = os.path.splitext(apkFile)[0]
print(apkFijetbrains什么意思le)
o安全期计算器ut =安全 AnalyzeAPK(path + '/' +jetbrains mono apkFile)
a = out[0]
d = out[1]
dx = out[2]
for meth in dx.classes['Ljava/io/Fgoogleile;'].get_methods():工程造价
print("usage of method {}".format(meth.name)安全教育)
# 拿到改函数的引证函数
for _, call, _ in meth.get_xref_from():
print("  called by -> {} -- {}".format(call.class_name, call.name))
if _龚俊_name__ == '__main__':
main()

输出作用

usage of method getPath
called by -> Landroid/support/v4/util/AtomicFile; -- <init>
usage ofjavascript method <init>
call安全教育渠道登录ed安全工程专业 by -> Landroid/support/v4/util/AtomicFile; -- <init>
usage of method delete
called by -> Landroidjetbrains什么意思/shttpwatchupport/v4/util/AtomicFile; -- failWrite
called by -> Landroid/狗狗币support/v4/u安全出产法til/AtomicFile; -- delete
called by -> Landroi安全出产法d/support/v4java面试题/u安全出产法til/AtomicFile; -- delete
called by -> Land龚俊roid/support/v4/util/AtomicFile; -- startWrite
called by -> L安全出产法android/support/v4/util/AtomicFile; -- openRGoead
called by -> Landhttp 404ro宫颈癌id/supportjetbrains有哪些产品/v4/util/AtomicFile; -- finishWrite
usage of method renameTo
called工程造价 by -> Landroid/support/v4/util/AtomicFile; -- op工程造价enRead
called by -&gtjavaee; Landrjava言语oid/support/vhttp 5004/util/AtomicFile; -- failWrite
called by -> Landroid/support/v4/util/AtomicFile; -- startWrite
usagjava环境变量配备e of method exists
called by -> Landroid/support/v4安全教育渠道/util/AtomicFile; -- startWrite
called by -> Landroid/support/v4/util/AtomicFile; -- openRead
called by -> Landroid/support/v4/util/AtomicFile; -- startWjava模拟器ritehttp 302
usage of method getParentFile
called by -> Landroid/support/v4/util/AtomicFile; --jetbrains中文版 startWrite
usage of method mkdir
called by -> Landroid/support/v4/util/AtomicFile; -- startWrite
  • ‘Ljava/io/File;’ 需求检测的类
  • meth.get_xref_from() 那该类中jetbrains激活码函数被引证的当地
  • 你也能够自己搞个数组,配备好要安全教育渠道登录检查的相关函数,然后在上面代码中参加if过滤即可

假设你想找Android体系定位,被运用哪些办法调用,你就能够这样做:

dx.classhttpwatches['Landroid/location/LocationManager;']

再运行一遍脚本就能够看到作用了。

结束

写这篇博客,首要目的是为了让更多人知道这个东西吧,我自己去查找文章的时工商管理分发现并没有多少能够参阅的,导致很多人无从下手,但其实官方文档也很具体,可是英文的,看起来也不方便,也期望这篇简略的文章给你供应协助,假设有问题请再联络我或留言议论

欢迎注重新jetbrains中文版网站

jetpack.net.cn

发表评论

提供最优质的资源集合

立即查看 了解详情