trueseeing 2.2.1__tar.gz → 2.2.4__tar.gz

trueseeing-2.2.4/Dockerfile

@@ -0,0 +1,26 @@
+from python:3.9-alpine
+run pip install flit
+copy . /tmp/build/
+run (cd /tmp/build && flit build)
+
+from python:3.9-alpine
+run mkdir /tmp/dist
+# Building LIEF takes a long time so fetch from our wheel cache
+add https://github.com/alterakey/trueseeing-lief/raw/main/dist/lief-0.14.1-cp39-cp39-musllinux_1_2_aarch64.whl /tmp/dist
+add https://github.com/alterakey/trueseeing-lief/raw/main/dist/lief-0.14.1-cp39-cp39-musllinux_1_2_x86_64.whl /tmp/dist
+# .. if you really prefer building it, comment above and uncomment below
+#run (cd /tmp/dist && pip download 'lief~=0.14') || (apk add --no-cache build-base ninja cmake git ccache && git clone -b 0.14.1 https://github.com/lief-project/LIEF.git /tmp/build && (cd /tmp/build/api/python && pip install -r build-requirements.txt && pyproject-build -w && cp -a dist/*.whl /tmp/dist/))
+
+from python:3.9-alpine
+run apk add --no-cache openjdk17-jre-headless zip android-tools
+run mkdir /data /ext /cache /out && ln -sfn /cache /root/.local
+copy --from=0 /tmp/build/dist/*.whl /tmp/dist/
+copy --from=1 /tmp/dist/*.whl /tmp/ext/
+run pip install -f /tmp/ext/ /tmp/dist/*.whl && rm -rf /tmp/dist /tmp/ext
+env PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+env TS2_IN_DOCKER=1
+env TS2_CACHEDIR=/cache
+env TS2_HOME=/data
+env TS2_EXTDIR=/ext
+workdir /out
+entrypoint ["trueseeing"]

{trueseeing-2.2.1 → trueseeing-2.2.4}/PKG-INFO

@@ -1,9 +1,9 @@
 Metadata-Version: 2.1
 Name: trueseeing
-Version: 2.2.1
+Version: 2.2.4
 Summary: Trueseeing is a non-decompiling Android application vulnerability scanner.
 Keywords: android,security,pentest,hacking
-Author-email: Takahiro Yoshimura <altakey@gmail.com>
+Author-email: Takahiro Yoshimura <alterakey@protonmail.com>
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 Classifier: Topic :: Security
@@ -16,13 +16,16 @@ Classifier: License :: OSI Approved :: GNU General Public License v3 or later (G
 Requires-Dist: lxml~=5.0
 Requires-Dist: pyyaml~=6.0
 Requires-Dist: jinja2~=3.1
-Requires-Dist: attrs~=23.2
 Requires-Dist: pypubsub~=4.0
 Requires-Dist: termcolor~=2.4
 Requires-Dist: progressbar2~=4.3
 Requires-Dist: importlib_metadata~=7.0
 Requires-Dist: asn1crypto~=1.5
 Requires-Dist: zstandard~=0.22
+Requires-Dist: aiohttp~=3.9
+Requires-Dist: lief~=0.14
+Requires-Dist: pyaxmlparser~=0.3
+Requires-Dist: prompt-toolkit~=3.0
 Requires-Dist: mypy~=1.7 ; extra == "dev"
 Requires-Dist: pyproject-flake8~=6.1 ; extra == "dev"
 Requires-Dist: typing_extensions~=4.1 ; extra == "dev"
@@ -43,7 +46,7 @@ trueseeing is a fast, accurate and resillient vulnerability scanner for Android
 Currently we can:
 
 * Automatically scan app for vulnerabilities, reporting in HTML/JSON/text format (see below)
-* Manipulate app for easier analysis: e.g. enabling debug bit, enabling full backup, disabling TLS pinning, manipulating target API level, etc.
+* Manipulate app for easier analysis: e.g. enabling debug bit, enabling full backup, disabling TLS pinning, manipulating target API level, injecting frida-gadget, etc.
 * Examine app for general information
 * Copy in/out app data through debug interface
 * Search for certain calls/consts/sput/iput
@@ -81,7 +84,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.1
+    [+] trueseeing 2.2.4
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information
@@ -225,7 +228,7 @@ The following class will provide a sample command as `t`, for example:
 ```python
 from typing import TYPE_CHECKING
 from trueseeing.api import Command
-from truseeing.core.ui import ui
+from trueseeing.core.ui import ui
 if TYPE_CHECKING:
   from trueseeing.api import CommandMap, CommandPatternMap, ModifierMap, OptionMap, ConfigMap
 
@@ -314,7 +317,7 @@ class APKFileFormatHandler(FileFormatHandler):
     return APKFileFormatHandler()
 
   def get_formats(self) -> FormatMap:
-    return {r'\.apk$':dict(e=self._handle, d='sample file format')}
+    return {'apk2':dict(e=self._handle, r=r'\.apk$', d='sample file format')}
 
   def get_configs(self) -> ConfigMap:
     return dict()
@@ -337,9 +340,15 @@ But by design it works only for known types (currently, the `apk`).  So if you a
 context: MyAPKContext = self._helper.get_context().require_type('apk2')  # type:ignore[assignment]
 ```
 
+It is possible to define multiple formats matching the same pattern. We evaluate patterns in the order of from the most stringent (i.e. long) to the least. You use the `-F` switch to force some format to use with the target file, e.g.:
+
+```
+$ trueseeing -F apk2 target.apk
+```
+
 #### Package requirements
 
-Extensions can be either: a) any package placed under `/ext` (container) or `~/.truseeing2/extensions` (pip), or b) any installed module named with the prefix of `trueseeing_ext0_`.
+Extensions can be either: a) any package placed under `/ext` (container) or `~/.trueseeing2/extensions` (pip), or b) any installed module named with the prefix of `trueseeing_ext0_`.
 
 ### Origin of Project Name?
 

{trueseeing-2.2.1 → trueseeing-2.2.4}/README.md

@@ -12,7 +12,7 @@ trueseeing is a fast, accurate and resillient vulnerability scanner for Android
 Currently we can:
 
 * Automatically scan app for vulnerabilities, reporting in HTML/JSON/text format (see below)
-* Manipulate app for easier analysis: e.g. enabling debug bit, enabling full backup, disabling TLS pinning, manipulating target API level, etc.
+* Manipulate app for easier analysis: e.g. enabling debug bit, enabling full backup, disabling TLS pinning, manipulating target API level, injecting frida-gadget, etc.
 * Examine app for general information
 * Copy in/out app data through debug interface
 * Search for certain calls/consts/sput/iput
@@ -50,7 +50,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.1
+    [+] trueseeing 2.2.4
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information
@@ -194,7 +194,7 @@ The following class will provide a sample command as `t`, for example:
 ```python
 from typing import TYPE_CHECKING
 from trueseeing.api import Command
-from truseeing.core.ui import ui
+from trueseeing.core.ui import ui
 if TYPE_CHECKING:
   from trueseeing.api import CommandMap, CommandPatternMap, ModifierMap, OptionMap, ConfigMap
 
@@ -283,7 +283,7 @@ class APKFileFormatHandler(FileFormatHandler):
     return APKFileFormatHandler()
 
   def get_formats(self) -> FormatMap:
-    return {r'\.apk$':dict(e=self._handle, d='sample file format')}
+    return {'apk2':dict(e=self._handle, r=r'\.apk$', d='sample file format')}
 
   def get_configs(self) -> ConfigMap:
     return dict()
@@ -306,9 +306,15 @@ But by design it works only for known types (currently, the `apk`).  So if you a
 context: MyAPKContext = self._helper.get_context().require_type('apk2')  # type:ignore[assignment]
 ```
 
+It is possible to define multiple formats matching the same pattern. We evaluate patterns in the order of from the most stringent (i.e. long) to the least. You use the `-F` switch to force some format to use with the target file, e.g.:
+
+```
+$ trueseeing -F apk2 target.apk
+```
+
 #### Package requirements
 
-Extensions can be either: a) any package placed under `/ext` (container) or `~/.truseeing2/extensions` (pip), or b) any installed module named with the prefix of `trueseeing_ext0_`.
+Extensions can be either: a) any package placed under `/ext` (container) or `~/.trueseeing2/extensions` (pip), or b) any installed module named with the prefix of `trueseeing_ext0_`.
 
 ### Origin of Project Name?
 

{trueseeing-2.2.1 → trueseeing-2.2.4}/pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "flit_core.buildapi"
 [project]
 name = 'trueseeing'
 authors = [
-  {name='Takahiro Yoshimura', email='altakey@gmail.com'}
+  {name='Takahiro Yoshimura', email='alterakey@protonmail.com'}
 ]
 classifiers = [
     "Topic :: Security",
@@ -22,13 +22,16 @@ dependencies = [
     "lxml~=5.0",
     "pyyaml~=6.0",
     "jinja2~=3.1",
-    "attrs~=23.2",
     "pypubsub~=4.0",
     "termcolor~=2.4",
     "progressbar2~=4.3",
     "importlib_metadata~=7.0",
     "asn1crypto~=1.5",
     "zstandard~=0.22",
+    "aiohttp~=3.9",
+    "lief~=0.14",
+    "pyaxmlparser~=0.3",
+    "prompt-toolkit~=3.0",
 ]
 requires-python = ">=3.9"
 dynamic = ['version', 'description']
@@ -57,6 +60,7 @@ module = [
   "jinja2",
   "pubsub",
   "asn1crypto.*",
+  "pyaxmlparser.*",
 ]
 ignore_missing_imports = true
 

{trueseeing-2.2.1 → trueseeing-2.2.4}/trueseeing/__init__.py

@@ -1,2 +1,2 @@
 """Trueseeing is a non-decompiling Android application vulnerability scanner."""
-__version__ = '2.2.1'
+__version__ = '2.2.4'

{trueseeing-2.2.1 → trueseeing-2.2.4}/trueseeing/api.py

@@ -10,9 +10,12 @@ if TYPE_CHECKING:
   from trueseeing.core.android.context import APKContext
   from trueseeing.core.model.issue import Issue, IssueConfidence
 
+  ModifierEvent = Literal['begin', 'end']
+
   CommandEntrypoint = Callable[[deque[str]], Coroutine[Any, Any, None]]
   CommandlineEntrypoint = Callable[[str], Coroutine[Any, Any, None]]
   CommandPatternEntrypoints = Union[CommandEntrypoint, CommandlineEntrypoint]
+  ModifierListenerEntrypoint = Callable[[ModifierEvent, str], Coroutine[Any, Any, None]]
   SignatureEntrypoint = Callable[[], Coroutine[Any, Any, None]]
   FormatHandlerEntrypoint = Callable[[str], Optional[Context]]
   ConfigGetterEntrypoint = Callable[[], Any]
@@ -34,7 +37,7 @@ if TYPE_CHECKING:
     pass
 
   class ModifierEntry(Entry):
-    pass
+    e: Optional[ModifierListenerEntrypoint]  # type: ignore[misc]
 
   class ConfigEntry(TypedDict):
     g: ConfigGetterEntrypoint
@@ -48,6 +51,7 @@ if TYPE_CHECKING:
 
   class FormatEntry(TypedDict):
     e: FormatHandlerEntrypoint
+    r: str
     d: str
 
   CommandMap = Mapping[str, CommandEntry]
@@ -71,13 +75,13 @@ if TYPE_CHECKING:
     def get_context(self, typ: ContextType) -> Context: ...
     @overload
     @deprecated('use get_context().analyze(...)')
-    async def get_context_analyzed(self, *, level: int = 3) -> Context: ...
+    async def get_context_analyzed(self, *, level: int = 4) -> Context: ...
     @overload
     @deprecated('use get_context().require_type(...).analyze(...)')
-    async def get_context_analyzed(self, typ: Literal['apk'], *, level: int = 3) -> APKContext: ...
+    async def get_context_analyzed(self, typ: Literal['apk'], *, level: int = 4) -> APKContext: ...
     @overload
     @deprecated('use get_context().require_type(...).analyze(...)')
-    async def get_context_analyzed(self, typ: ContextType, *, level: int = 3) -> Context: ...
+    async def get_context_analyzed(self, typ: ContextType, *, level: int = 4) -> Context: ...
     def decode_analysis_level(self, level: int) -> str: ...
     async def run(self, s: str) -> None: ...
     async def run_cmd(self, tokens: deque[str], line: Optional[str]) -> bool: ...

{trueseeing-2.2.1 → trueseeing-2.2.4}/trueseeing/app/cmd/__init__.py

@@ -8,11 +8,10 @@ if TYPE_CHECKING:
 def discover() -> Iterator[Type[Command]]:
   from trueseeing.api import Command
   from importlib import import_module
-  from trueseeing.core.model.cmd import CommandMixin
   from trueseeing.core.tools import get_public_subclasses, get_missing_methods, discover_modules_under
 
   for mod in discover_modules_under('trueseeing.app.cmd'):
     m = import_module(mod)
-    for c in get_public_subclasses(m, Command, [CommandMixin]):  # type:ignore[type-abstract]
+    for c in get_public_subclasses(m, Command, 'CommandMixin'):  # type:ignore[type-abstract]
       assert not get_missing_methods(c)
       yield c

{trueseeing-2.2.1 → trueseeing-2.2.4}/trueseeing/app/cmd/analyze.py

@@ -19,10 +19,12 @@ class AnalyzeCommand(CommandMixin):
 
   def get_commands(self) -> CommandMap:
     return {
-      'a':dict(e=self._analyze, n='a[a][!]', d='analyze target (aa: full analysis)'),
+      'a':dict(e=self._analyze, n='a[a][a][!]', d='analyze target (aa: marginal, aaa: full)'),
       'a!':dict(e=self._analyze),
       'aa':dict(e=self._analyze2),
       'aa!':dict(e=self._analyze2),
+      'aaa':dict(e=self._analyze3),
+      'aaa!':dict(e=self._analyze3),
     }
 
   async def _analyze(self, args: deque[str], level: int = 2) -> None:
@@ -39,3 +41,6 @@ class AnalyzeCommand(CommandMixin):
 
   async def _analyze2(self, args: deque[str]) -> None:
     await self._analyze(args, level=3)
+
+  async def _analyze3(self, args: deque[str]) -> None:
+    await self._analyze(args, level=4)

{trueseeing-2.2.1 → trueseeing-2.2.4}/trueseeing/app/cmd/android/asm.py

@@ -47,16 +47,24 @@ class AssembleCommand(CommandMixin):
       ui.fatal('need root path')
 
     import os
+    import re
     import time
     from tempfile import TemporaryDirectory
     from trueseeing.core.android.asm import APKAssembler
     from trueseeing.core.android.tools import move_apk
 
     root = args.popleft()
-    origapk = apk.replace('.apk', '.apk.orig')
+    origapk = re.sub(r'(\.x?apk)$', r'\1.orig', apk)
 
-    if os.path.exists(origapk) and not cmd.endswith('!'):
-      ui.fatal('backup file exists; force (!) to overwrite')
+    stem = re.sub(r'\.x?apk$', '', apk)
+    for typ in ['apk', 'xapk']:
+      print(origapk, f'{stem}.{typ}.orig')
+      if os.path.exists(f'{stem}.{typ}.orig') and not cmd.endswith('!'):
+        ui.fatal('backup file exists; force (!) to overwrite')
+
+    if apk.endswith('.xapk'):
+      ui.warn('assembling xapk is not supported; assembling as merged apk')
+      apk = apk.replace('.xapk', '.apk')
 
     opts = self._helper.get_effective_options(self._helper.get_modifiers(args))
 
@@ -140,7 +148,7 @@ class AssembleCommand(CommandMixin):
     at = time.time()
 
     with TemporaryDirectory() as td:
-      await APKDisassembler.disassemble_to_path(apk, td, nodex=nodex)
+      await APKDisassembler.disassemble_to_path(apk, td, nodex=nodex, merge=apk.endswith('.xapk'))
 
       if not archive:
         with FileTransferProgressReporter('disassemble: writing').scoped() as progress:
@@ -185,7 +193,7 @@ class AssembleCommand(CommandMixin):
 
     at = time.time()
     extracted = 0
-    context = self._helper.get_context().require_type('apk')
+    context = self._helper.get_context()
     q = context.store().query()
 
     if not archive: