trueseeing 2.2.2__tar.gz → 2.2.5__tar.gz

trueseeing-2.2.5/.github/FUNDING.yml

@@ -0,0 +1,14 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: alterakey
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

{trueseeing-2.2.2 → trueseeing-2.2.5}/Dockerfile

@@ -22,5 +22,6 @@ env TS2_IN_DOCKER=1
 env TS2_CACHEDIR=/cache
 env TS2_HOME=/data
 env TS2_EXTDIR=/ext
+env TS2_SWIFT_DEMANGLER_URL=http://ts2-swift-demangle
 workdir /out
 entrypoint ["trueseeing"]

{trueseeing-2.2.2 → trueseeing-2.2.5}/PKG-INFO

@@ -1,7 +1,7 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: trueseeing
-Version: 2.2.2
-Summary: Trueseeing is a non-decompiling Android application vulnerability scanner.
+Version: 2.2.5
+Summary: Trueseeing is a non-decompiling iOS/Android application vulnerability scanner.
 Keywords: android,security,pentest,hacking
 Author-email: Takahiro Yoshimura <alterakey@protonmail.com>
 Requires-Python: >=3.9
@@ -16,7 +16,6 @@ Classifier: License :: OSI Approved :: GNU General Public License v3 or later (G
 Requires-Dist: lxml~=5.0
 Requires-Dist: pyyaml~=6.0
 Requires-Dist: jinja2~=3.1
-Requires-Dist: attrs~=23.2
 Requires-Dist: pypubsub~=4.0
 Requires-Dist: termcolor~=2.4
 Requires-Dist: progressbar2~=4.3
@@ -25,6 +24,8 @@ Requires-Dist: asn1crypto~=1.5
 Requires-Dist: zstandard~=0.22
 Requires-Dist: aiohttp~=3.9
 Requires-Dist: lief~=0.14
+Requires-Dist: pyaxmlparser~=0.3
+Requires-Dist: prompt-toolkit~=3.0
 Requires-Dist: mypy~=1.7 ; extra == "dev"
 Requires-Dist: pyproject-flake8~=6.1 ; extra == "dev"
 Requires-Dist: typing_extensions~=4.1 ; extra == "dev"
@@ -38,7 +39,7 @@ Provides-Extra: dev
 ![Main branch deploy status](https://github.com/alterakey/trueseeing/workflows/deploy/badge.svg)
 ![Main branch last commit](https://img.shields.io/github/last-commit/alterakey/trueseeing/main)
 
-trueseeing is a fast, accurate and resillient vulnerability scanner for Android apps.  We operate on the Dalvik VM level -- i.e. we don't care if the target app is obfuscated or not.
+trueseeing is a fast, accurate and resillient vulnerability scanner for iOS/Android apps.  We operate on the Dalvik VM level for Android -- i.e. we don't care if the target app is obfuscated or not.
 
 ## Capability
 
@@ -50,6 +51,8 @@ Currently we can:
 * Copy in/out app data through debug interface
 * Search for certain calls/consts/sput/iput
 * Deduce constants/typesets for args of op
+* Scan API/private calls for native codes (NB: you need [ts2-disasm-ghidra](https://github.com/alterakey/ts2-disasm-ghidra))
+* Scan iOS apps for basic vulnerabilities (NB: you need [ts2-disasm-ghidra](https://github.com/alterakey/ts2-disasm-ghidra))
 * etc.
 
 ## Installation
@@ -83,7 +86,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.2
+    [+] trueseeing 2.2.5
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information

{trueseeing-2.2.2 → trueseeing-2.2.5}/README.md

@@ -5,7 +5,7 @@
 ![Main branch deploy status](https://github.com/alterakey/trueseeing/workflows/deploy/badge.svg)
 ![Main branch last commit](https://img.shields.io/github/last-commit/alterakey/trueseeing/main)
 
-trueseeing is a fast, accurate and resillient vulnerability scanner for Android apps.  We operate on the Dalvik VM level -- i.e. we don't care if the target app is obfuscated or not.
+trueseeing is a fast, accurate and resillient vulnerability scanner for iOS/Android apps.  We operate on the Dalvik VM level for Android -- i.e. we don't care if the target app is obfuscated or not.
 
 ## Capability
 
@@ -17,6 +17,8 @@ Currently we can:
 * Copy in/out app data through debug interface
 * Search for certain calls/consts/sput/iput
 * Deduce constants/typesets for args of op
+* Scan API/private calls for native codes (NB: you need [ts2-disasm-ghidra](https://github.com/alterakey/ts2-disasm-ghidra))
+* Scan iOS apps for basic vulnerabilities (NB: you need [ts2-disasm-ghidra](https://github.com/alterakey/ts2-disasm-ghidra))
 * etc.
 
 ## Installation
@@ -50,7 +52,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.2
+    [+] trueseeing 2.2.5
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information

{trueseeing-2.2.2 → trueseeing-2.2.5}/pyproject.toml

@@ -22,7 +22,6 @@ dependencies = [
     "lxml~=5.0",
     "pyyaml~=6.0",
     "jinja2~=3.1",
-    "attrs~=23.2",
     "pypubsub~=4.0",
     "termcolor~=2.4",
     "progressbar2~=4.3",
@@ -31,6 +30,8 @@ dependencies = [
     "zstandard~=0.22",
     "aiohttp~=3.9",
     "lief~=0.14",
+    "pyaxmlparser~=0.3",
+    "prompt-toolkit~=3.0",
 ]
 requires-python = ">=3.9"
 dynamic = ['version', 'description']
@@ -59,6 +60,7 @@ module = [
   "jinja2",
   "pubsub",
   "asn1crypto.*",
+  "pyaxmlparser.*",
 ]
 ignore_missing_imports = true
 

trueseeing-2.2.5/trueseeing/__init__.py

@@ -0,0 +1,2 @@
+"""Trueseeing is a non-decompiling iOS/Android application vulnerability scanner."""
+__version__ = '2.2.5'

{trueseeing-2.2.2 → trueseeing-2.2.5}/trueseeing/api.py

@@ -4,15 +4,18 @@ from abc import ABC, abstractmethod
 
 if TYPE_CHECKING:
   from collections import deque
-  from typing import Any, TypedDict, Protocol, Optional, Callable, Coroutine, Union, List, Mapping, overload, Literal
+  from typing import Any, TypedDict, Protocol, Optional, Callable, Coroutine, Union, List, Mapping, overload, Literal, Set
   from typing_extensions import deprecated
   from trueseeing.core.context import Context, ContextType
   from trueseeing.core.android.context import APKContext
   from trueseeing.core.model.issue import Issue, IssueConfidence
 
+  ModifierEvent = Literal['begin', 'end']
+
   CommandEntrypoint = Callable[[deque[str]], Coroutine[Any, Any, None]]
   CommandlineEntrypoint = Callable[[str], Coroutine[Any, Any, None]]
   CommandPatternEntrypoints = Union[CommandEntrypoint, CommandlineEntrypoint]
+  ModifierListenerEntrypoint = Callable[[ModifierEvent, str], Coroutine[Any, Any, None]]
   SignatureEntrypoint = Callable[[], Coroutine[Any, Any, None]]
   FormatHandlerEntrypoint = Callable[[str], Optional[Context]]
   ConfigGetterEntrypoint = Callable[[], Any]
@@ -22,6 +25,7 @@ if TYPE_CHECKING:
     e: CommandEntrypoint
     n: str
     d: str
+    t: Set[str]
 
   class CommandEntry(Entry):
     pass
@@ -34,7 +38,7 @@ if TYPE_CHECKING:
     pass
 
   class ModifierEntry(Entry):
-    pass
+    e: Optional[ModifierListenerEntrypoint]  # type: ignore[misc]
 
   class ConfigEntry(TypedDict):
     g: ConfigGetterEntrypoint
@@ -62,6 +66,7 @@ if TYPE_CHECKING:
   class CommandHelper(Protocol):
     def get_target(self) -> Optional[str]: ...
     def require_target(self, msg: Optional[str] = None) -> str: ...
+    def get_context_type(self) -> Optional[Set[ContextType]]: ...
     @overload
     def get_context(self) -> Context: ...
     @overload

{trueseeing-2.2.2 → trueseeing-2.2.5}/trueseeing/app/cmd/__init__.py

@@ -1,18 +1,19 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING
+from functools import cache
 
 if TYPE_CHECKING:
   from typing import Type, Iterator
   from trueseeing.api import Command
 
+@cache
 def discover() -> Iterator[Type[Command]]:
   from trueseeing.api import Command
   from importlib import import_module
-  from trueseeing.core.model.cmd import CommandMixin
   from trueseeing.core.tools import get_public_subclasses, get_missing_methods, discover_modules_under
 
   for mod in discover_modules_under('trueseeing.app.cmd'):
     m = import_module(mod)
-    for c in get_public_subclasses(m, Command, [CommandMixin]):  # type:ignore[type-abstract]
+    for c in get_public_subclasses(m, Command, 'CommandMixin'):  # type:ignore[type-abstract]
       assert not get_missing_methods(c)
       yield c

{trueseeing-2.2.2 → trueseeing-2.2.5}/trueseeing/app/cmd/android/asm.py

@@ -23,19 +23,21 @@ class AssembleCommand(CommandMixin):
 
   def get_commands(self) -> CommandMap:
     return {
-      'ca':dict(e=self._assemble, n='ca[!] /path', d='assemble as target from path'),
-      'ca!':dict(e=self._assemble),
-      'cd':dict(e=self._disassemble, n='cd[s][!] /path', d='disassemble target into path'),
-      'cd!':dict(e=self._disassemble),
-      'cds':dict(e=self._disassemble_nodex),
-      'cds!':dict(e=self._disassemble_nodex),
-      'co':dict(e=self._export_context, n='co[!] /path [pat]', d='export codebase'),
-      'co!':dict(e=self._export_context),
+      'ca':dict(e=self._assemble, n='ca[!] /path', d='assemble as target from path', t={'apk'}),
+      'ca!':dict(e=self._assemble, t={'apk'}),
+      'cd':dict(e=self._disassemble, n='cd[s][!] /path', d='disassemble target into path', t={'apk'}),
+      'cd!':dict(e=self._disassemble, t={'apk'}),
+      'cds':dict(e=self._disassemble_nodex, t={'apk'}),
+      'cds!':dict(e=self._disassemble_nodex, t={'apk'}),
+      'cm':dict(e=self._merge, n='cm[!] [output.apk]', d='merge slices into a plain apk', t={'xapk'}),
+      'cm!':dict(e=self._merge, t={'xapk'}),
+      'co':dict(e=self._export_context, n='co[!] /path [pat]', d='export codebase', t={'apk'}),
+      'co!':dict(e=self._export_context, t={'apk'}),
     }
 
   def get_options(self) -> OptionMap:
     return {
-      'nocache':dict(n='nocache', d='do not replicate content before build [ca]')
+      'nocache':dict(n='nocache', d='do not replicate content before build [ca]', t={'apk'}),
     }
 
   async def _assemble(self, args: deque[str]) -> None:
@@ -47,16 +49,24 @@ class AssembleCommand(CommandMixin):
       ui.fatal('need root path')
 
     import os
+    import re
     import time
     from tempfile import TemporaryDirectory
     from trueseeing.core.android.asm import APKAssembler
     from trueseeing.core.android.tools import move_apk
 
     root = args.popleft()
-    origapk = apk.replace('.apk', '.apk.orig')
+    origapk = re.sub(r'(\.x?apk)$', r'\1.orig', apk)
 
-    if os.path.exists(origapk) and not cmd.endswith('!'):
-      ui.fatal('backup file exists; force (!) to overwrite')
+    stem = re.sub(r'\.x?apk$', '', apk)
+    for typ in ['apk', 'xapk']:
+      print(origapk, f'{stem}.{typ}.orig')
+      if os.path.exists(f'{stem}.{typ}.orig') and not cmd.endswith('!'):
+        ui.fatal('backup file exists; force (!) to overwrite')
+
+    if apk.endswith('.xapk'):
+      ui.warn('assembling xapk is not supported; assembling as merged apk')
+      apk = apk.replace('.xapk', '.apk')
 
     opts = self._helper.get_effective_options(self._helper.get_modifiers(args))
 
@@ -140,7 +150,7 @@ class AssembleCommand(CommandMixin):
     at = time.time()
 
     with TemporaryDirectory() as td:
-      await APKDisassembler.disassemble_to_path(apk, td, nodex=nodex)
+      await APKDisassembler.disassemble_to_path(apk, td, nodex=nodex, merge=apk.endswith('.xapk'))
 
       if not archive:
         with FileTransferProgressReporter('disassemble: writing').scoped() as progress:
@@ -185,7 +195,7 @@ class AssembleCommand(CommandMixin):
 
     at = time.time()
     extracted = 0
-    context = self._helper.get_context().require_type('apk')
+    context = self._helper.get_context()
     q = context.store().query()
 
     if not archive:
@@ -206,7 +216,7 @@ class AssembleCommand(CommandMixin):
       if subformat in ['gz']:
         kwargs.update(dict(compresslevel=3))
 
-      with tarfile.open(root, 'w:{}'.format(subformat), **kwargs) as tf:  # type: ignore[arg-type]
+      with tarfile.open(root, 'w:{}'.format(subformat), **kwargs) as tf:  # type: ignore[call-overload]
         now = int(time.time())
         for path,blob in q.file_enum(pat=pat, regex=True):
           target = os.path.join('files', *path.split('/'))
@@ -215,6 +225,7 @@ class AssembleCommand(CommandMixin):
 
           bf = BytesIO(blob)
           ti = tarfile.TarInfo(name=target)
+          ti.size = len(blob)
           ti.uname = 'root'
           ti.gname = 'root'
           ti.mode = 0o600
@@ -231,3 +242,38 @@ class AssembleCommand(CommandMixin):
       return 'tar:gz'
     else:
       return None
+
+  async def _merge(self, args: deque[str]) -> None:
+    target = self._helper.require_target('need target')
+
+    cmd = args.popleft()
+
+    import os
+    import time
+    from tempfile import TemporaryDirectory
+    from trueseeing.core.android.asm import APKAssembler
+    from trueseeing.core.android.tools import move_apk
+
+    if args:
+      outfn = args.popleft()
+    else:
+      outfn = target.replace('.xapk', '.apk')
+
+    origfn = outfn.replace('.apk', '.apk.orig')
+
+    if os.path.exists(origfn) and not cmd.endswith('!'):
+      ui.fatal('backup file exists; force (!) to overwrite')
+
+    ui.info('merging slices {target} -> {outfn}'.format(target=target, outfn=outfn))
+
+    at = time.time()
+
+    with TemporaryDirectory() as td:
+      apk, sig = await APKAssembler.merge_slices(target, td)
+
+      if os.path.exists(outfn):
+        move_apk(outfn, origfn)
+
+      move_apk(apk, outfn)
+
+    ui.success('done ({t:.02f} sec.)'.format(t=(time.time() - at)))