android_parser 2.4.1

data/android_parser.gemspec

@@ -0,0 +1,64 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: ruby_apk 2.3.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "android_parser".freeze
+  s.version = "2.4.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["SecureBrain".freeze]
+  s.date = "2021-08-04"
+  s.description = "static analysis tool for android apk".freeze
+  s.email = "info@securebrain.co.jp".freeze
+  s.extra_rdoc_files = [
+    "CHANGELOG.md",
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files    = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  s.homepage = "https://github.com/icyleaf/ruby_apk".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "3.0.3".freeze
+  s.summary = "static analysis tool for android apk".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rubyzip>.freeze, [">= 1.0.0"])
+      s.add_development_dependency(%q<rspec-its>.freeze, [">= 1.2.0"])
+      s.add_development_dependency(%q<rspec-collection_matchers>.freeze, [">= 1.1.0"])
+      s.add_development_dependency(%q<rspec-mocks>.freeze, [">= 3.6.0"])
+      s.add_development_dependency(%q<bundler>.freeze, [">= 1.1.5"])
+      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_development_dependency(%q<yard>.freeze, [">= 0"])
+      s.add_development_dependency(%q<redcarpet>.freeze, [">= 0"])
+      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
+    else
+      s.add_dependency(%q<rubyzip>.freeze, [">= 1.0.0"])
+      s.add_dependency(%q<rspec-its>.freeze, [">= 1.2.0"])
+      s.add_dependency(%q<rspec-collection_matchers>.freeze, [">= 1.1.0"])
+      s.add_dependency(%q<rspec-mocks>.freeze, [">= 3.6.0"])
+      s.add_dependency(%q<bundler>.freeze, [">= 1.1.5"])
+      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_dependency(%q<yard>.freeze, [">= 0"])
+      s.add_dependency(%q<redcarpet>.freeze, [">= 0"])
+      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rubyzip>.freeze, [">= 1.0.0"])
+    s.add_dependency(%q<rspec-its>.freeze, [">= 1.2.0"])
+    s.add_dependency(%q<rspec-collection_matchers>.freeze, [">= 1.1.0"])
+    s.add_dependency(%q<rspec-mocks>.freeze, [">= 3.6.0"])
+    s.add_dependency(%q<bundler>.freeze, [">= 1.1.5"])
+    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<yard>.freeze, [">= 0"])
+    s.add_dependency(%q<redcarpet>.freeze, [">= 0"])
+    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+  end
+end
+

data/lib/android/apk.rb

@@ -0,0 +1,220 @@
+require 'zip' # need rubyzip gem -> doc: http://rubyzip.sourceforge.net/
+require 'digest/md5'
+require 'digest/sha1'
+require 'digest/sha2'
+require 'openssl'
+
+module Android
+  class NotApkFileError < StandardError; end
+  class NotFoundError < StandardError; end
+
+  # apk object class
+  class Apk
+
+    # @return [String] apk file path
+    attr_reader :path
+    # @return [Android::Manifest] manifest instance
+    # @return [nil] when parsing manifest is failed.
+    attr_reader  :manifest
+    # @return [Android::Dex] dex instance
+    # @return [nil] when parsing dex is failed.
+    attr_reader :dex
+    # @return [String] binary data of apk
+    attr_reader :bindata
+    # @return [Resource] resouce data
+    # @return [nil] when parsing resource is failed.
+    attr_reader :resource
+
+    # AndroidManifest file name
+    MANIFEST = 'AndroidManifest.xml'
+    # dex file name
+    DEX = 'classes.dex'
+    # resource file name
+    RESOURCE = 'resources.arsc'
+
+    # create new apk object
+    # @param [String] filepath apk file path
+    # @raise [Android::NotFoundError] path file does'nt exist
+    # @raise [Android::NotApkFileError] path file is not Apk file.
+    def initialize(filepath)
+      @path = filepath
+      raise NotFoundError, "'#{filepath}'" unless File.exist? @path
+      begin
+        @zip = Zip::File.open(@path)
+      rescue Zip::Error => e
+        raise NotApkFileError, e.message 
+      end
+
+      @bindata = File.open(@path, 'rb') {|f| f.read }
+      @bindata.force_encoding(Encoding::ASCII_8BIT)
+      raise NotApkFileError, "manifest file is not found." if @zip.find_entry(MANIFEST).nil?
+      begin
+        @resource = Android::Resource.new(self.file(RESOURCE))
+      rescue => e
+        $stderr.puts "failed to parse resource:#{e}"
+        #$stderr.puts e.backtrace
+      end
+      begin
+        @manifest = Android::Manifest.new(self.file(MANIFEST), @resource)
+      rescue => e
+        $stderr.puts "failed to parse manifest:#{e}"
+        #$stderr.puts e.backtrace
+      end
+      begin
+        @dex = Android::Dex.new(self.file(DEX))
+      rescue => e
+        $stderr.puts "failed to parse dex:#{e}"
+        #$stderr.puts e.backtrace
+      end
+    end
+
+    # return apk file size
+    # @return [Integer] bytes
+    def size
+      @bindata.size
+    end
+
+    # return hex digest string of apk file
+    # @param [Symbol] type hash digest type(:sha1, sha256, :md5)
+    # @return [String] hex digest string
+    # @raise [ArgumentError] type is knknown type
+    def digest(type = :sha1)
+      case type
+      when :sha1
+        Digest::SHA1.hexdigest(@bindata)
+      when :sha256
+        Digest::SHA256.hexdigest(@bindata)
+      when :md5
+        Digest::MD5.hexdigest(@bindata)
+      else
+        raise ArgumentError
+      end
+    end
+
+    # returns date of AndroidManifest.xml as Apk date
+    # @return [Time]
+    def time
+      entry(MANIFEST).time
+    end
+
+    # @yield [name, data]
+    # @yieldparam [String] name file name in apk
+    # @yieldparam [String] data file data in apk
+    def each_file
+      @zip.each do |entry|
+        next unless entry.file?
+        yield entry.name, @zip.read(entry)
+      end
+    end
+
+    # find and return binary data with name
+    # @param [String] name file name in apk(fullpath)
+    # @return [String] binary data
+    # @raise [NotFoundError] when 'name' doesn't exist in the apk
+    def file(name) # get data by entry name(path)
+      @zip.read(entry(name))
+    end
+
+    # @yield [entry]
+    # @yieldparam [Zip::Entry] entry zip entry
+    def each_entry
+      @zip.each do |entry|
+        next unless entry.file?
+        yield entry
+      end
+    end
+
+    # find and return zip entry with name
+    # @param [String] name file name in apk(fullpath)
+    # @return [Zip::Entry] zip entry object
+    # @raise [NotFoundError] when 'name' doesn't exist in the apk
+    def entry(name)
+      entry = @zip.find_entry(name)
+      raise NotFoundError, "'#{name}'" if entry.nil?
+      return entry
+    end
+
+    # find files which is matched with block condition
+    # @yield [name, data] find condition
+    # @yieldparam [String] name file name in apk
+    # @yieldparam [String] data file data in apk
+    # @yieldreturn [Array] Array of matched entry name
+    # @return [Array] Array of matched entry name
+    # @example
+    #   apk = Apk.new(path)
+    #   elf_files = apk.find  { |name, data|  data[0..3] == [0x7f, 0x45, 0x4c, 0x46] } # ELF magic number
+    def find(&block)
+      found = []
+      self.each_file do |name, data|
+        ret = block.call(name, data)
+        found << name if ret
+      end
+      found
+    end
+
+    # extract application icon data from AndroidManifest and resource.
+    # @return [Hash{ String => String }] hash key is icon filename. value is image data
+    # @raise [NotFoundError]
+    # @since 0.6.0
+    def icon
+      icon_id = @manifest.doc.elements['/manifest/application'].attributes['icon']
+      icon_by_id(icon_id)
+    end
+
+    # extract icon data from AndroidManifest and resource by a given icon id.
+    # @param [String] icon_id to be searched in the resource.
+    # @return [Hash{ String => String }] hash key is icon filename. value is image data
+    # @raise [NotFoundError]
+    # @since 0.6.0
+    def icon_by_id(icon_id)
+      if /^@(\w+\/\w+)|(0x[0-9a-fA-F]{8})$/ =~ icon_id
+        drawables = @resource.find(icon_id)
+        Hash[drawables.map {|name| [name, file(name)] }]
+      else
+        begin
+          { icon_id => file(icon_id) } # ugh!: not tested!!
+        rescue NotFoundError
+          {}
+        end
+      end
+    end
+
+    # get application label from AndroidManifest and resources.
+    # @param [String] lang language code like 'ja', 'cn', ...
+    # @return [String] application label string
+    # @return [nil] when label is not found
+    # @deprecated move to {Android::Manifest#label}
+    # @since 0.6.0
+    def label(lang=nil)
+      @manifest.label
+    end
+
+    # get screen layout xml datas
+    # @return [Hash{ String => Android::Layout }] key: laytout file path, value: layout object
+    # @since 0.6.0
+    def layouts
+      @layouts ||= Layout.collect_layouts(self) # lazy parse
+    end
+
+    # apk's signature information
+    # @return [Hash{ String => OpenSSL::PKCS7 } ] key: sign file path, value: signature
+    # @since 0.7.0
+    def signs
+      signs = {}
+      self.each_file do |path, data|
+        # find META-INF/xxx.{RSA|DSA}
+        next unless path =~ /^META-INF\// && data.unpack("CC") == [0x30, 0x82]
+        signs[path] = OpenSSL::PKCS7.new(data)
+      end
+      signs
+    end
+
+    # certificate info which is used for signing
+    # @return [Hash{String => OpenSSL::X509::Certificate }] key: sign file path, value: first certficate in the sign file
+    # @since 0.7.0
+    def certificates
+      return Hash[self.signs.map{|path, sign| [path, sign.certificates.first] }]
+    end
+  end
+end
+

data/lib/android/axml_parser.rb

@@ -0,0 +1,239 @@
+require 'rexml/document'
+require 'stringio'
+
+
+module Android
+  # binary AXML parser
+  # @see https://android.googlesource.com/platform/frameworks/base.git Android OS frameworks source
+  # @note
+  #   refer to Android OS framework code:
+  #
+  #   /frameworks/base/include/androidfw/ResourceTypes.h,
+  #
+  #   /frameworks/base/libs/androidfw/ResourceTypes.cpp
+  class AXMLParser
+    def self.axml?(data)
+      (data[0..3] == "\x03\x00\x08\x00")
+    end
+
+    # axml parse error
+    class ReadError < StandardError; end
+
+    TAG_START_NAMESPACE = 0x00100100
+    TAG_END_NAMESPACE =   0x00100101
+    TAG_START =           0x00100102
+    TAG_END =             0x00100103
+    TAG_TEXT =            0x00100104
+    TAG_CDSECT =          0x00100105
+    TAG_ENTITY_REF =      0x00100106
+
+    VAL_TYPE_NULL              =0
+    VAL_TYPE_REFERENCE         =1
+    VAL_TYPE_ATTRIBUTE         =2
+    VAL_TYPE_STRING            =3
+    VAL_TYPE_FLOAT             =4
+    VAL_TYPE_DIMENSION         =5
+    VAL_TYPE_FRACTION          =6
+    VAL_TYPE_INT_DEC           =16
+    VAL_TYPE_INT_HEX           =17
+    VAL_TYPE_INT_BOOLEAN       =18
+    VAL_TYPE_INT_COLOR_ARGB8   =28
+    VAL_TYPE_INT_COLOR_RGB8    =29
+    VAL_TYPE_INT_COLOR_ARGB4   =30
+    VAL_TYPE_INT_COLOR_RGB4    =31
+
+    # @return [Array<String>] strings defined in axml
+    attr_reader :strings, :metadata
+
+    # @param [String] axml binary xml data
+    def initialize(axml)
+      @io = StringIO.new(axml, "rb")
+      @strings = []
+    end
+
+    # parse binary xml
+    # @return [REXML::Document]
+    def parse
+      @doc = REXML::Document.new
+      @doc << REXML::XMLDecl.new
+
+      @num_str = word(4*4)
+      @xml_offset = word(3*4)
+
+      @parents = [@doc]
+      @namespaces = []
+      @metadata = []
+      parse_strings
+      parse_tags
+      @doc
+    end
+
+
+    # read one word(4byte) as integer
+    # @param [Integer] offset offset from top position. current position is used if ofset is nil
+    # @return [Integer] little endian word value
+    def word(offset=nil)
+      @io.pos = offset unless offset.nil?
+      @io.read(4).unpack("V")[0]
+    end
+
+    # read 2byte as short integer
+    # @param [Integer] offset offset from top position. current position is used if ofset is nil
+    # @return [Integer] little endian unsign short value
+    def short(offset)
+      @io.pos = offset unless offset.nil?
+      @io.read(2).unpack("v")[0]
+    end
+
+    # relace string table parser
+    def parse_strings
+      strpool = Resource::ResStringPool.new(@io.string, 8) # ugh!
+      @strings = strpool.strings
+    end
+
+    # parse tag
+    def parse_tags
+      # skip until first TAG_START_NAMESPACE
+      pos = @xml_offset
+      pos += 4 until (word(pos) == TAG_START_NAMESPACE)
+      @io.pos -= 4
+
+      # read tags
+      #puts "start tag parse: %d(%#x)" % [@io.pos, @io.pos]
+      until @io.eof?
+        last_pos = @io.pos
+        tag, tag1, line, tag3, ns_id, name_id = @io.read(4*6).unpack("V*")
+        case tag
+        when TAG_START
+          tag6, num_attrs, tag8  = @io.read(4*3).unpack("V*")
+
+          prefix = ''
+          if ns_id != 0xFFFFFFFF
+            namespace_uri = @strings[ns_id]
+            prefix = get_namespace_prefix(namespace_uri) + ':'
+          end
+          elem = REXML::Element.new(prefix + @strings[name_id])
+
+          meta_tag = if @strings[name_id] == 'meta-data'
+                        @metadata << {}
+                        true
+                      end
+
+          # If this element is a direct descendent of a namespace declaration
+          # we add the namespace definition as an attribute.
+          if @namespaces.last[:nesting_level] == current_nesting_level
+            elem.add_namespace(@namespaces.last[:prefix], @namespaces.last[:uri])
+          end
+          #puts "start tag %d(%#x): #{@strings[name_id]} attrs:#{num_attrs}" % [last_pos, last_pos]
+          @parents.last.add_element elem
+          num_attrs.times do
+            key, val, type = parse_attribute
+
+            if meta_tag
+              @metadata.last[key] = {
+                value: val,
+                position: @io.pos - 4,
+                val_str_id: @io.pos - 12,
+                is_string: type == VAL_TYPE_STRING
+              }
+            end
+
+            if val.is_a?(String)
+              # drop invalid chars that would be rejected by REXML from string
+              val = val.scan(REXML::Text::VALID_XML_CHARS).join
+            end
+            elem.add_attribute(key, val)
+          end
+          @parents.push elem
+        when TAG_END
+          @parents.pop
+        when TAG_END_NAMESPACE
+          @namespaces.pop
+          break if @namespaces.empty? # if the topmost namespace (usually 'android:') has been closed, we‘re done.
+        when TAG_TEXT
+          text = REXML::Text.new(@strings[ns_id])
+          @parents.last.text = text
+          dummy = @io.read(4*1).unpack("V*") # skip 4bytes
+        when TAG_START_NAMESPACE
+          prefix = @strings[ns_id]
+          uri = @strings[name_id]
+          @namespaces.push({ prefix: prefix, uri: uri, nesting_level: current_nesting_level })
+        when TAG_CDSECT
+          raise ReadError, "TAG_CDSECT not implemented"
+        when TAG_ENTITY_REF
+          raise ReadError, "TAG_ENTITY_REF not implemented"
+        else
+          raise ReadError, "pos=%d(%#x)[tag:%#x]" % [last_pos, last_pos, tag]
+        end
+      end
+    end
+
+    # parse attribute of a element
+    def parse_attribute
+      ns_id, name_id, val_str_id, flags, val = @io.read(4*5).unpack("V*")
+      key = @strings[name_id]
+      unless ns_id == 0xFFFFFFFF
+        namespace_uri = @strings[ns_id]
+        prefix = get_namespace_prefix(namespace_uri)
+        key = "#{prefix}:#{key}"
+      end
+      value = convert_value(val_str_id, flags, val)
+      return key, value, (flags >> 24)
+    end
+
+    # find the first declared namespace prefix for a URI
+    def get_namespace_prefix(ns_uri)
+      # a namespace might be given as a URI or as a reference to a previously defined namespace.
+      # E.g. like this:
+      # <tag1 xmlns:android="http://schemas.android.com/apk/res/android">
+      #   <tag2 xmlns:n0="android" />
+      # </tag1>
+
+      # Walk recursively through the namespaces to
+      # transitively resolve URIs that just pointed to previous namespace prefixes
+      current_uri = ns_uri
+      @namespaces.reverse.each do |ns|
+        if ns[:prefix] == current_uri
+          # we found a previous namespace declaration that was referenced to by
+          # the current_uri. Proceed with this namespace’s URI and try to see if this
+          # is also just a reference to a previous namespace
+          current_uri = ns[:uri]
+        end
+      end
+
+      # current_uri now contains the URI of the topmost namespace declaration.
+      # We’ll take the prefix of this and return it.
+      @namespaces.reverse.each do |ns|
+        return ns[:prefix] if ns[:uri] == current_uri
+      end
+      raise "Could not resolve URI #{ns_uri} to a namespace prefix"
+    end
+
+    def current_nesting_level
+      @parents.length
+    end
+
+    def convert_value(val_str_id, flags, val)
+      unless val_str_id == 0xFFFFFFFF
+        value = @strings[val_str_id]
+      else
+        type = flags >> 24
+        case type
+        when VAL_TYPE_NULL
+          value = nil
+        when VAL_TYPE_REFERENCE
+          value = "@%#x" % val # refered resource id.
+        when VAL_TYPE_INT_DEC
+          value = val
+        when VAL_TYPE_INT_HEX
+          value = "%#x" % val
+        when VAL_TYPE_INT_BOOLEAN
+          value = ((val == 0xFFFFFFFF) || (val==1)) ? true : false
+        else
+          value = "[%#x, flag=%#x]" % [val, flags]
+        end
+      end
+    end
+  end
+
+end