ruby_android 0.0.2 → 0.7.2

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0

data/CHANGELOG.md

@@ -0,0 +1,51 @@
+# ChangeLog
+## 0.7.2
+* updated rubyzip from wrong dependency '<1.0.0'
+
+## 0.7.1
+*
+
+## 0.7.0
+* implement Apk#signs, Apk#certificates and Manifest#version_name (#14, #15)
+* bugfix
+
+## 0.6.0
+* implement Android::Apk#layouts(#10), Android::Apk#icon(#11), Android::Apk#label(#12),
+* fix bug (#13)
+
+## 0.5.1
+* [#8] add Android::Manifest#label
+* [#7] fix wrong boolean value in manifest parser
+* [#6] add accessor Android::Manifest#doc
+
+## 0.5.0
+* [issue #1] implement Android::Resource#find, #res_readable_id, #res_hex_id methods
+
+## 0.4.2
+* fix bugs(#2, #3)
+* divide change log from readme
+
+## 0.4.1
+* fix typo
+* add document
+
+## 0.4.0
+* add resource parser
+* enhance dex parser
+
+## 0.3.0
+* add and change name space
+* add Android::Utils module and some util methods
+* add Apk#entry, Apk#each_entry, and Apk#time methods,
+
+## 0.2.0
+* update documents
+* add Apk::Dex#each_strings, Apk::Dex#each_class_names
+
+## 0.1.2
+* fix bug(improve android binary xml parser)
+
+## 0.1.1
+* fix bug(failed to initialize Apk::Manifest::Meta class)
+* replace iconv to String#encode(for ruby1.9)
+

data/Gemfile

@@ -7,9 +7,9 @@ gem "rubyzip", ">= 1.1.6"
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  gem "rspec", ">= 2.11.0"
-  gem "bundler", ">= 1.5.2"
-  gem "jeweler", ">= 2.0.0"
+  gem "rspec", "~> 2.11.0"
+  gem "bundler", ">= 1.3.0"
+  gem "jeweler", "~> 1.8.7"
   gem "yard", require: false
   gem "redcarpet"
   gem "simplecov", require: false

data/Gemfile.lock

@@ -0,0 +1,73 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.3.5)
+    builder (3.2.2)
+    diff-lcs (1.1.3)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
+    git (1.2.6)
+    github_api (0.10.1)
+      addressable
+      faraday (~> 0.8.1)
+      hashie (>= 1.2)
+      multi_json (~> 1.4)
+      nokogiri (~> 1.5.2)
+      oauth2
+    hashie (2.0.5)
+    highline (1.6.19)
+    httpauth (0.2.0)
+    jeweler (1.8.7)
+      builder
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      github_api (= 0.10.1)
+      highline (>= 1.6.15)
+      nokogiri (= 1.5.10)
+      rake
+      rdoc
+    json (1.8.0)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    multi_json (1.8.0)
+    multi_xml (0.5.5)
+    multipart-post (1.2.0)
+    nokogiri (1.5.10)
+    oauth2 (0.9.2)
+      faraday (~> 0.8)
+      httpauth (~> 0.2)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    rack (1.5.2)
+    rake (10.1.0)
+    rdoc (4.0.1)
+      json (~> 1.4)
+    redcarpet (3.0.0)
+    rspec (2.11.0)
+      rspec-core (~> 2.11.0)
+      rspec-expectations (~> 2.11.0)
+      rspec-mocks (~> 2.11.0)
+    rspec-core (2.11.1)
+    rspec-expectations (2.11.3)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.11.3)
+    rubyzip (1.1.6)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    yard (0.8.7.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (>= 1.3.0)
+  jeweler (~> 1.8.7)
+  redcarpet
+  rspec (~> 2.11.0)
+  rubyzip (>= 1.1.6)
+  simplecov
+  yard

data/LICENSE.txt

@@ -1,6 +1,6 @@
-Copyright (c) 2014 Michal Tajchert
+(The MIT License)
 
-MIT License
+Copyright (c) 2012 Securebrain
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Rakefile

@@ -1,2 +1,43 @@
-require "bundler/gem_tasks"
+# encoding: utf-8
 
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "ruby_android"
+  gem.homepage = "https://github.com/tajchert/ruby_apk"
+  gem.license = "MIT"
+  gem.summary = %Q{static analysis tool for android apk}
+  gem.description = %Q{static analysis tool for android apk}
+  gem.email = "thetajchert@gmail.com"
+  gem.authors = ["Michal Tajchert","SecureBrain"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+
+task :default => :spec
+
+require 'yard'
+require 'yard/rake/yardoc_task'
+YARD::Rake::YardocTask.new do |t|
+  t.files = ['lib/**/*.rb']
+  t.options = []
+  t.options << '--debug' << '--verbose' if $trace
+end

data/VERSION

@@ -0,0 +1 @@
+0.7.2

data/lib/android/apk.rb

@@ -0,0 +1,207 @@
+require 'zip' # need rubyzip gem -> doc: http://rubyzip.sourceforge.net/
+require 'digest/md5'
+require 'digest/sha1'
+require 'digest/sha2'
+require 'openssl'
+
+module Android
+  class NotApkFileError < StandardError; end
+  class NotFoundError < StandardError; end
+
+  # apk object class
+  class Apk
+
+    # @return [String] apk file path
+    attr_reader :path
+    # @return [Android::Manifest] manifest instance
+    # @return [nil] when parsing manifest is failed.
+    attr_reader  :manifest
+    # @return [Android::Dex] dex instance
+    # @return [nil] when parsing dex is failed.
+    attr_reader :dex
+    # @return [String] binary data of apk
+    attr_reader :bindata
+    # @return [Resource] resouce data
+    # @return [nil] when parsing resource is failed.
+    attr_reader :resource
+
+    # AndroidManifest file name
+    MANIFEST = 'AndroidManifest.xml'
+    # dex file name
+    DEX = 'classes.dex'
+    # resource file name
+    RESOURCE = 'resources.arsc'
+
+    # create new apk object
+    # @param [String] filepath apk file path
+    # @raise [Android::NotFoundError] path file does'nt exist
+    # @raise [Android::NotApkFileError] path file is not Apk file.
+    def initialize(filepath)
+      @path = filepath
+      raise NotFoundError, "'#{filepath}'" unless File.exist? @path
+      begin
+        @zip = Zip::File.open(@path)
+      rescue Zip::Error => e
+        raise NotApkFileError, e.message 
+      end
+
+      @bindata = File.open(@path, 'rb') {|f| f.read }
+      @bindata.force_encoding(Encoding::ASCII_8BIT)
+      raise NotApkFileError, "manifest file is not found." if @zip.find_entry(MANIFEST).nil?
+      begin
+        @resource = Android::Resource.new(self.file(RESOURCE))
+      rescue => e
+        $stderr.puts "failed to parse resource:#{e}"
+        #$stderr.puts e.backtrace
+      end
+      begin
+        @manifest = Android::Manifest.new(self.file(MANIFEST), @resource)
+      rescue => e
+        $stderr.puts "failed to parse manifest:#{e}"
+        #$stderr.puts e.backtrace
+      end
+      begin
+        @dex = Android::Dex.new(self.file(DEX))
+      rescue => e
+        $stderr.puts "failed to parse dex:#{e}"
+        #$stderr.puts e.backtrace
+      end
+    end
+
+    # return apk file size
+    # @return [Integer] bytes
+    def size
+      @bindata.size
+    end
+
+    # return hex digest string of apk file
+    # @param [Symbol] type hash digest type(:sha1, sha256, :md5)
+    # @return [String] hex digest string
+    # @raise [ArgumentError] type is knknown type
+    def digest(type = :sha1)
+      case type
+      when :sha1
+        Digest::SHA1.hexdigest(@bindata)
+      when :sha256
+        Digest::SHA256.hexdigest(@bindata)
+      when :md5
+        Digest::MD5.hexdigest(@bindata)
+      else
+        raise ArgumentError
+      end
+    end
+
+    # returns date of AndroidManifest.xml as Apk date
+    # @return [Time]
+    def time
+      entry(MANIFEST).time
+    end
+
+    # @yield [name, data]
+    # @yieldparam [String] name file name in apk
+    # @yieldparam [String] data file data in apk
+    def each_file
+      @zip.each do |entry|
+        next unless entry.file?
+        yield entry.name, @zip.read(entry)
+      end
+    end
+
+    # find and return binary data with name
+    # @param [String] name file name in apk(fullpath)
+    # @return [String] binary data
+    # @raise [NotFoundError] when 'name' doesn't exist in the apk
+    def file(name) # get data by entry name(path)
+      @zip.read(entry(name))
+    end
+
+    # @yield [entry]
+    # @yieldparam [Zip::Entry] entry zip entry
+    def each_entry
+      @zip.each do |entry|
+        next unless entry.file?
+        yield entry
+      end
+    end
+
+    # find and return zip entry with name
+    # @param [String] name file name in apk(fullpath)
+    # @return [Zip::ZipEntry] zip entry object
+    # @raise [NotFoundError] when 'name' doesn't exist in the apk
+    def entry(name)
+      entry = @zip.find_entry(name)
+      raise NotFoundError, "'#{name}'" if entry.nil?
+      return entry
+    end
+
+    # find files which is matched with block condition
+    # @yield [name, data] find condition
+    # @yieldparam [String] name file name in apk
+    # @yieldparam [String] data file data in apk
+    # @yieldreturn [Array] Array of matched entry name
+    # @return [Array] Array of matched entry name
+    # @example
+    #   apk = Apk.new(path)
+    #   elf_files = apk.find  { |name, data|  data[0..3] == [0x7f, 0x45, 0x4c, 0x46] } # ELF magic number
+    def find(&block)
+      found = []
+      self.each_file do |name, data|
+        ret = block.call(name, data)
+        found << name if ret
+      end
+      found
+    end
+
+    # extract icon data from AndroidManifest and resource.
+    # @return [Hash{ String => String }] hash key is icon filename. value is image data
+    # @raise [NotFoundError]
+    # @since 0.6.0
+    def icon
+      icon_id = @manifest.doc.elements['/manifest/application'].attributes['icon']
+      if /^@(\w+\/\w+)|(0x[0-9a-fA-F]{8})$/ =~ icon_id
+        drawables = @resource.find(icon_id)
+        Hash[drawables.map {|name| [name, file(name)] }]
+      else 
+        { icon_id => file(icon_id) } # ugh!: not tested!!
+      end
+    end
+
+    # get application label from AndroidManifest and resources.
+    # @param [String] lang language code like 'ja', 'cn', ...
+    # @return [String] application label string
+    # @return [nil] when label is not found
+    # @deprecated move to {Android::Manifest#label}
+    # @since 0.6.0
+    def label(lang=nil)
+      @manifest.label
+    end
+
+    # get screen layout xml datas
+    # @return [Hash{ String => Android::Layout }] key: laytout file path, value: layout object
+    # @since 0.6.0
+    def layouts
+      @layouts ||= Layout.collect_layouts(self) # lazy parse
+    end
+
+    # apk's signature information
+    # @return [Hash{ String => OpenSSL::PKCS7 } ] key: sign file path, value: signature
+    # @since 0.7.0
+    def signs
+      signs = {}
+      self.each_file do |path, data|
+        # find META-INF/xxx.{RSA|DSA}
+        next unless path =~ /^META-INF\// && data.unpack("CC") == [0x30, 0x82]
+        signs[path] = OpenSSL::PKCS7.new(data)
+      end
+      signs
+    end
+
+    # certificate info which is used for signing
+    # @return [Hash{String => OpenSSL::X509::Certificate }] key: sign file path, value: first certficate in the sign file
+    # @since 0.7.0
+    def certificates
+      return Hash[self.signs.map{|path, sign| [path, sign.certificates.first] }]
+    end
+  end
+end
+

data/lib/android/axml_parser.rb

@@ -0,0 +1,173 @@
+require 'rexml/document'
+require 'stringio'
+
+
+module Android
+  # binary AXML parser
+  # @see https://android.googlesource.com/platform/frameworks/base.git Android OS frameworks source
+  # @note
+  #   refer to Android OS framework code:
+  #   
+  #   /frameworks/base/include/androidfw/ResourceTypes.h,
+  #   
+  #   /frameworks/base/libs/androidfw/ResourceTypes.cpp
+  class AXMLParser
+    def self.axml?(data)
+      (data[0..3] == "\x03\x00\x08\x00")
+    end
+
+    # axml parse error
+    class ReadError < StandardError; end
+
+    TAG_START_DOC = 0x00100100
+    TAG_END_DOC =   0x00100101
+    TAG_START =     0x00100102
+    TAG_END =       0x00100103
+    TAG_TEXT =      0x00100104
+    TAG_CDSECT =    0x00100105
+    TAG_ENTITY_REF= 0x00100106
+
+    VAL_TYPE_NULL              =0
+    VAL_TYPE_REFERENCE         =1
+    VAL_TYPE_ATTRIBUTE         =2
+    VAL_TYPE_STRING            =3
+    VAL_TYPE_FLOAT             =4
+    VAL_TYPE_DIMENSION         =5
+    VAL_TYPE_FRACTION          =6
+    VAL_TYPE_INT_DEC           =16
+    VAL_TYPE_INT_HEX           =17
+    VAL_TYPE_INT_BOOLEAN       =18
+    VAL_TYPE_INT_COLOR_ARGB8   =28
+    VAL_TYPE_INT_COLOR_RGB8    =29
+    VAL_TYPE_INT_COLOR_ARGB4   =30
+    VAL_TYPE_INT_COLOR_RGB4    =31
+
+    # @return [Array<String>] strings defined in axml
+    attr_reader :strings
+
+    # @param [String] axml binary xml data
+    def initialize(axml)
+      @io = StringIO.new(axml, "rb")
+      @strings = []
+    end
+
+    # parse binary xml
+    # @return [REXML::Document]
+    def parse
+      @doc = REXML::Document.new
+      @doc << REXML::XMLDecl.new
+
+      @num_str = word(4*4)
+      @xml_offset = word(3*4)
+
+      @parents = [@doc]
+      @ns = []
+      parse_strings
+      parse_tags
+      @doc
+    end
+
+
+    # read one word(4byte) as integer
+    # @param [Integer] offset offset from top position. current position is used if ofset is nil
+    # @return [Integer] little endian word value
+    def word(offset=nil)
+      @io.pos = offset unless offset.nil?
+      @io.read(4).unpack("V")[0]
+    end
+
+    # read 2byte as short integer
+    # @param [Integer] offset offset from top position. current position is used if ofset is nil
+    # @return [Integer] little endian unsign short value
+    def short(offset)
+      @io.pos = offset unless offset.nil?
+      @io.read(2).unpack("v")[0]
+    end
+
+    # relace string table parser
+    def parse_strings
+      strpool = Resource::ResStringPool.new(@io.string, 8) # ugh!
+      @strings = strpool.strings
+    end
+
+    # parse tag
+    def parse_tags
+      # skip until START_TAG
+      pos = @xml_offset
+      pos += 4 until (word(pos) == TAG_START) #ugh!
+      @io.pos -= 4
+
+      # read tags
+      #puts "start tag parse: %d(%#x)" % [@io.pos, @io.pos]
+      until @io.eof?
+        last_pos = @io.pos
+        tag, tag1, line, tag3, ns_id, name_id = @io.read(4*6).unpack("V*")
+        case tag
+        when TAG_START
+          tag6, num_attrs, tag8  = @io.read(4*3).unpack("V*")
+          elem = REXML::Element.new(@strings[name_id])
+          #puts "start tag %d(%#x): #{@strings[name_id]} attrs:#{num_attrs}" % [last_pos, last_pos]
+          @parents.last.add_element elem
+          num_attrs.times do
+            key, val = parse_attribute
+            elem.add_attribute(key, val)
+          end
+          @parents.push elem
+        when TAG_END
+          @parents.pop
+        when TAG_END_DOC
+          break
+        when TAG_TEXT
+          text = REXML::Text.new(@strings[ns_id])
+          @parents.last.text = text
+          dummy = @io.read(4*1).unpack("V*") # skip 4bytes
+        when TAG_START_DOC, TAG_CDSECT, TAG_ENTITY_REF
+          # not implemented yet.
+        else
+          raise ReadError, "pos=%d(%#x)[tag:%#x]" % [last_pos, last_pos, tag]
+        end
+      end
+    end
+
+    # parse attribute of a element
+    def parse_attribute
+      ns_id, name_id, val_str_id, flags, val = @io.read(4*5).unpack("V*")
+      key = @strings[name_id]
+      unless ns_id == 0xFFFFFFFF
+        ns = @strings[ns_id] 
+        prefix = ns.sub(/.*\//,'')
+        unless @ns.include? ns
+          @ns << ns
+          @doc.root.add_namespace(prefix, ns)
+        end
+        key = "#{prefix}:#{key}"
+      end
+      value = convert_value(val_str_id, flags, val)
+      return key, value
+    end
+
+
+    def convert_value(val_str_id, flags, val)
+      unless val_str_id == 0xFFFFFFFF
+        value = @strings[val_str_id]
+      else
+        type = flags >> 24
+        case type
+        when VAL_TYPE_NULL
+          value = nil
+        when VAL_TYPE_REFERENCE
+          value = "@%#x" % val # refered resource id.
+        when VAL_TYPE_INT_DEC
+          value = val
+        when VAL_TYPE_INT_HEX
+          value = "%#x" % val
+        when VAL_TYPE_INT_BOOLEAN
+          value = ((val == 0xFFFFFFFF) || (val==1)) ? true : false
+        else
+          value = "[%#x, flag=%#x]" % [val, flags]
+        end
+      end
+    end
+  end
+
+end

data/lib/android/dex/access_flag.rb

@@ -0,0 +1,74 @@
+
+module Android
+  class Dex
+    # access flag object
+    class AccessFlag
+      # @return [Integer] flag value
+      attr_reader :flag
+      def initialize(flag)
+        @flag = flag
+      end
+    end
+
+    # access flag object for class in dex
+    class ClassAccessFlag < AccessFlag
+      ACCESSORS = [
+        {value:0x1,     name:'public'},
+        {value:0x2,     name:'private'},
+        {value:0x4,     name:'protected'},
+        {value:0x8,     name:'static'},
+        {value:0x10,    name:'final'},
+        {value:0x20,    name:'synchronized'},
+        {value:0x40,    name:'volatile'},
+        {value:0x80,    name:'transient'},
+        {value:0x100,   name:'native'},
+        {value:0x200,   name:'interface'},
+        {value:0x400,   name:'abstract'},
+        {value:0x800,   name:'strict'},
+        {value:0x1000,  name:'synthetic'},
+        {value:0x2000,  name:'annotation'},
+        {value:0x4000,  name:'enum'},
+        #{value:0x8000,  name:'unused'},
+        {value:0x10000, name:'constructor'},
+        {value:0x20000, name:'declared-synchronized'},
+      ]
+
+      # convert access flag to string
+      # @return [String]
+      def to_s
+        ACCESSORS.select{|e| ((e[:value] & @flag) != 0) }.map{|e| e[:name] }.join(' ')
+      end
+    end
+   
+    # access flag object for method in dex
+    class MethodAccessFlag < AccessFlag
+      ACCESSORS = [
+        {value: 0x1,     name:'public'},
+        {value: 0x2,     name:'private'},
+        {value: 0x4,     name:'protected'},
+        {value: 0x8,     name:'static'},
+        {value: 0x10,    name:'final'},
+        {value: 0x20,    name:'synchronized'},
+        {value: 0x40,    name:'bridge'},
+        {value: 0x80,    name:'varargs'},
+        {value: 0x100,   name:'native'},
+        {value: 0x200,   name:'interface'},
+        {value: 0x400,   name:'abstract'},
+        {value: 0x800,   name:'strict'},
+        {value: 0x1000,  name:'synthetic'},
+        {value: 0x2000,  name:'annotation'},
+        {value: 0x4000,  name:'enum'},
+        #{value: 0x8000,  name:'unused'},
+        {value: 0x10000, name:'constructor'},
+        {value: 0x20000, name:'declared-synchronized'},
+      ]
+      # convert access flag to string
+      # @return [String]
+      def to_s
+        ACCESSORS.select{|e| ((e[:value] & @flag) != 0) }.map{|e| e[:name] }.join(' ')
+      end
+    end
+  end
+end
+
+