trueseeing 2.2.7__tar.gz → 2.2.8__tar.gz

trueseeing-2.2.8/.dockerignore

@@ -0,0 +1,4 @@
+.git*
+.venv
+dist
+.mypy_cache

trueseeing-2.2.8/.github/workflows/lint.yaml

@@ -0,0 +1,27 @@
+name: lint
+
+on: push
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          version: "0.8.22"
+          enable-cache: false
+
+      - name: Install Python
+        run: uv python install
+
+      - name: Install dependencies
+        run: uv sync --locked --dev
+
+      - name: Analysing the code
+        run: |
+          uv run mypy trueseeing
+          uv run pflake8 --color=never trueseeing

trueseeing-2.2.8/Dockerfile

@@ -0,0 +1,24 @@
+from python:3.13-slim-bookworm
+run apt-get update -y
+run apt-get install -y --no-install-recommends git
+run pip install --no-cache-dir uv
+copy . /usr/lib/ts2
+run bash -c "cd /usr/lib/ts2 && uv sync --active --locked --no-dev"
+run (cd /usr/lib && git clone https://github.com/alterakey/ts2-frida-ios-dump.git frida-ios-dump && cd frida-ios-dump && uv venv && uv pip install -r ./requirements.txt)
+
+from python:3.13-slim-bookworm
+run apt-get update -y
+run apt-get install -y --no-install-recommends openjdk-17-jre-headless zip adb && rm -rf /var/lib/apt/lists/*
+run install -d -m 777 /data /ext /cache /out && ln -sfn /cache /root/.local
+copy --from=0 /usr/lib/frida-ios-dump /usr/lib/frida-ios-dump
+copy --from=0 /usr/lib/ts2 /usr/lib/ts2
+env PATH=/usr/lib/ts2/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+env TS2_IN_DOCKER=1
+env TS2_CACHEDIR=/cache
+env TS2_HOME=/data
+env TS2_EXTDIR=/ext
+env TS2_FRIDA_IOS_DUMP_PATH=/usr/lib/frida-ios-dump/dump.py
+env TS2_FRIDA_IOS_DUMP_INTERP=/usr/lib/frida-ios-dump/.venv/bin/python3
+env TS2_SWIFT_DEMANGLER_URL=http://ts2-swift-demangle
+workdir /out
+entrypoint ["trueseeing"]

{trueseeing-2.2.7 → trueseeing-2.2.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trueseeing
-Version: 2.2.7
+Version: 2.2.8
 Summary: Trueseeing is a non-decompiling iOS/Android application vulnerability scanner.
 Keywords: ios,android,security,pentest,hacking
 Author-email: Takahiro Yoshimura <alterakey@protonmail.com>
@@ -14,25 +14,21 @@ Classifier: Operating System :: MacOS :: MacOS X
 Classifier: Operating System :: Android
 Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
 License-File: COPYING
-Requires-Dist: lxml~=5.0
-Requires-Dist: pyyaml~=6.0
-Requires-Dist: jinja2~=3.1
-Requires-Dist: pypubsub~=4.0
-Requires-Dist: termcolor~=2.4
-Requires-Dist: progressbar2~=4.3
-Requires-Dist: importlib_metadata~=7.0
-Requires-Dist: asn1crypto~=1.5
-Requires-Dist: pyzstd~=0.16
 Requires-Dist: aiohttp~=3.9
+Requires-Dist: asn1crypto~=1.5
+Requires-Dist: frida-tools~=13.6
+Requires-Dist: importlib-metadata~=7.0
+Requires-Dist: jinja2~=3.1
 Requires-Dist: lief~=0.14
-Requires-Dist: pyaxmlparser~=0.3
+Requires-Dist: lxml~=5.0
+Requires-Dist: progressbar2~=4.3
 Requires-Dist: prompt-toolkit~=3.0
-Requires-Dist: frida-tools~=13.6
-Requires-Dist: mypy~=1.13 ; extra == "dev"
-Requires-Dist: pyproject-flake8~=7.0 ; extra == "dev"
-Requires-Dist: typing_extensions~=4.12 ; extra == "dev"
+Requires-Dist: pyaxmlparser~=0.3
+Requires-Dist: pypubsub~=4.0
+Requires-Dist: pyyaml~=6.0
+Requires-Dist: pyzstd~=0.16
+Requires-Dist: termcolor~=2.4
 Project-URL: Source, https://github.com/alterakey/trueseeing
-Provides-Extra: dev
 
 # README
 
@@ -77,13 +73,18 @@ If you want to run statelessly you omit mounting volume onto /cache (not recomme
     $ docker run --rm -v $(pwd):/out ghcr.io/alterakey/trueseeing
 
 
-### With pip
+### With pip / uvx
 
 Alternatively, you can install our package with pip as follows. This form of installation might be useful for extensions, as it grants them the greatest freedom. Just remember you need a JRE and Android SDK (optionally; to mess with devices):
 
     $ pip install --user trueseeing
     $ trueseeing
 
+Or, with [uv](https://github.com/astral-sh/uv) you could do:
+
+    $ uvx trueseeing
+
+
 ## Usage
 
 ### Interactive mode
@@ -91,7 +92,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.7
+    [+] trueseeing 2.2.8
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information
@@ -179,6 +180,17 @@ To hack it, you need to create a proper build environment. To create one, set up
     (.venv) $ flit build                             # to build (wheel)
     (.venv) $ docker build -t trueseeing .           # to build (container)
 
+Or, with [uv](https://github.com/astral-sh/uv) you could do:
+
+    $ git clone https://github.com/alterakey/trueseeing.git wc
+    $ uv sync --locked
+    $ (... hack ...)
+    $ uv run trueseeing ...                                # to run
+    $ uv run mypy trueseeing && uv run pflake8 trueseeing  # to validate
+    Success: no issues found in XX source files
+    $ uv run flit build                                    # to build (wheel)
+    $ docker build -t trueseeing .                         # to build (container)
+
 
 ## Details
 

{trueseeing-2.2.7 → trueseeing-2.2.8}/README.md

@@ -41,13 +41,18 @@ If you want to run statelessly you omit mounting volume onto /cache (not recomme
     $ docker run --rm -v $(pwd):/out ghcr.io/alterakey/trueseeing
 
 
-### With pip
+### With pip / uvx
 
 Alternatively, you can install our package with pip as follows. This form of installation might be useful for extensions, as it grants them the greatest freedom. Just remember you need a JRE and Android SDK (optionally; to mess with devices):
 
     $ pip install --user trueseeing
     $ trueseeing
 
+Or, with [uv](https://github.com/astral-sh/uv) you could do:
+
+    $ uvx trueseeing
+
+
 ## Usage
 
 ### Interactive mode
@@ -55,7 +60,7 @@ Alternatively, you can install our package with pip as follows. This form of ins
 You can interactively scan/analyze/patch/etc. apps -- making it the ideal choice for manual analysis:
 
     $ trueseeing target.apk
-    [+] trueseeing 2.2.7
+    [+] trueseeing 2.2.8
     ts[target.apk]> ?
     ...
     ts[target.apk]> i                      # show generic information
@@ -143,6 +148,17 @@ To hack it, you need to create a proper build environment. To create one, set up
     (.venv) $ flit build                             # to build (wheel)
     (.venv) $ docker build -t trueseeing .           # to build (container)
 
+Or, with [uv](https://github.com/astral-sh/uv) you could do:
+
+    $ git clone https://github.com/alterakey/trueseeing.git wc
+    $ uv sync --locked
+    $ (... hack ...)
+    $ uv run trueseeing ...                                # to run
+    $ uv run mypy trueseeing && uv run pflake8 trueseeing  # to validate
+    Success: no issues found in XX source files
+    $ uv run flit build                                    # to build (wheel)
+    $ docker build -t trueseeing .                         # to build (container)
+
 
 ## Details
 

{trueseeing-2.2.7 → trueseeing-2.2.8}/pyproject.toml

@@ -19,31 +19,24 @@ classifiers = [
 readme = "README.md"
 keywords = ['ios', 'android', 'security', 'pentest', 'hacking']
 dependencies = [
-    "lxml~=5.0",
-    "pyyaml~=6.0",
-    "jinja2~=3.1",
-    "pypubsub~=4.0",
-    "termcolor~=2.4",
-    "progressbar2~=4.3",
-    "importlib_metadata~=7.0",
-    "asn1crypto~=1.5",
-    "pyzstd~=0.16",
     "aiohttp~=3.9",
+    "asn1crypto~=1.5",
+    "frida-tools~=13.6",
+    "importlib-metadata~=7.0",
+    "jinja2~=3.1",
     "lief~=0.14",
-    "pyaxmlparser~=0.3",
+    "lxml~=5.0",
+    "progressbar2~=4.3",
     "prompt-toolkit~=3.0",
-    'frida-tools~=13.6',
+    "pyaxmlparser~=0.3",
+    "pypubsub~=4.0",
+    "pyyaml~=6.0",
+    "pyzstd~=0.16",
+    "termcolor~=2.4",
 ]
 requires-python = ">=3.9"
 dynamic = ['version', 'description']
 
-[project.optional-dependencies]
-dev = [
-  "mypy~=1.13",
-  "pyproject-flake8~=7.0",
-  "typing_extensions~=4.12",
-]
-
 [project.urls]
 Source = "https://github.com/alterakey/trueseeing"
 
@@ -69,3 +62,12 @@ ignore_missing_imports = true
 [tool.flake8]
 extend-ignore = "E301,E302,E265,E114,E501,E231,E252,E261,E701,E722,E741"
 indent-size = 2
+
+[dependency-groups]
+dev = [
+    "flit>=3.12.0",
+    "mypy~=1.13",
+    "pyproject-flake8~=7.0",
+    "types-pygments>=2.19.0.20250809",
+    "typing_extensions~=4.12",
+]

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/__init__.py

@@ -1,2 +1,2 @@
 """Trueseeing is a non-decompiling iOS/Android application vulnerability scanner."""
-__version__ = '2.2.7'
+__version__ = '2.2.8'

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/app/cmd/android/engage.py

@@ -219,7 +219,7 @@ class EngageCommand(CommandMixin):
     ui.info('enabling full backup {apk}'.format(apk=apk))
 
     at = time.time()
-    context = await self._helper.get_context().require_type('apk').analyze(level=1)
+    context = await self._helper.get_context().require_type('apk').analyze(level=2)
     with context.store().query().scoped() as q:
       path = 'AndroidManifest.xml'
       blob = q.file_get(path, patched=True)
@@ -868,6 +868,8 @@ class EngageCommand(CommandMixin):
     context: APKContext = self._helper.get_context().require_type('apk')
     apk = context.target
 
+    import os.path
+    from tempfile import TemporaryDirectory
     from time import time
     from shlex import quote
     from pubsub import pub
@@ -888,25 +890,46 @@ class EngageCommand(CommandMixin):
           if b'success' in l.lower():
             ui.warn('removing existing package')
       except CalledProcessError as e:
-        ui.fatal('uninstall failed: {}'.format(e.stdout.decode().rstrip()))
+        ui.warn('uninstalling appears to have failed (continuing anyway): {}'.format(e.stdout.decode().rstrip()))
 
-    with AndroidInstallProgressReporter().scoped():
-      pub.sendMessage('progress.android.adb.begin', what='installing ... ')
-      try:
-        async for l in dev.invoke_adb_streaming(f'install --no-streaming {quote(apk)}', redir_stderr=True):
-          pub.sendMessage('progress.android.adb.update')
-          if b'failure' in l.lower():
-            ui.stderr('')
-            if not cmd.endswith('!'):
-              ui.fatal('install failed; force (!) to replace ({})'.format(l.decode('UTF-8')))
-            else:
-              ui.fatal('install failed ({})'.format(l.decode('UTF-8')))
+    async def _do(apk: str, wd: str,  *, in_retry: bool = False) -> None:
+      with AndroidInstallProgressReporter().scoped():
+        pub.sendMessage('progress.android.adb.begin', what='installing ... ')
 
-        pub.sendMessage('progress.android.adb.done')
-      except CalledProcessError as e:
-        ui.fatal('install failed: {}'.format(e.stdout.decode().rstrip()))
+        if not apk.endswith('.xapk'):
+          cmd = f'install --no-streaming {quote(apk)}'
+        else:
+          from trueseeing.core.android.asm import APKDisassembler
+          slices = [s async for s in APKDisassembler.get_slices(apk, os.path.join(wd, 'slices'))]
+          cmd = ' '.join(['install-multiple', '--no-streaming'] + slices)
+
+        try:
+          async for l in dev.invoke_adb_streaming(cmd, redir_stderr=True):
+            pub.sendMessage('progress.android.adb.update')
+            msg = l.lower()
+            if b'failure' in msg:
+              ui.stderr('')
+
+              if b'signature' in msg and not in_retry: # XXX
+                ui.warn('package signature seems to be broken: re-signing')
+                with TemporaryDirectory(dir=wd) as td:
+                  from trueseeing.core.android.asm import APKSigner
+                  apk, _ = await APKSigner().sign(apk, td)
+                  return await _do(apk, td, in_retry=True)
+
+              if not cmd.endswith('!'):
+                ui.fatal('install failed; force (!) to replace ({})'.format(l.decode('UTF-8')))
+              else:
+                ui.fatal('install failed ({})'.format(l.decode('UTF-8')))
+
+          pub.sendMessage('progress.android.adb.done')
+        except CalledProcessError as e:
+          ui.fatal('install failed: {}'.format(e.stdout.decode().rstrip()))
+
+    with TemporaryDirectory() as td:
+      await _do(apk, td)
 
-      ui.success('done ({t:.02f} sec){trailer}'.format(t=time() - at, trailer=' '*8))
+    ui.success('done ({t:.02f} sec){trailer}'.format(t=time() - at, trailer=' '*8))
 
   async def _engage_undeploy_package(self, args: deque[str]) -> None:
     _ = args.popleft()

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/app/cmd/android/recon.py

@@ -39,17 +39,17 @@ class ReconCommand(CommandMixin):
 
   def get_commands(self) -> CommandMap:
     return {
-      '!!':dict(e=self._recon_shell, n='!!', d='run shell on device'),
-      'rwl':dict(e=self._recon_watch_logcat, n='rwl[!] [pat]', d='recon: watch logcat (!: system-wide)'),
-      'rwl!':dict(e=self._recon_watch_logcat),
-      'rwf':dict(e=self._recon_watch_fs, n='rwf', d='recon: watch filesystem'),
-      'rwt':dict(e=self._recon_watch_intent, n='rwt[!] [pat]', d='recon: watch intent'),
-      'rwt!':dict(e=self._recon_watch_intent),
-      'rwu':dict(e=self._recon_watch_ui, n='rwu[!] [pat|xp:xpath] [output.xml]', d='recon: watch device UI'),
-      'rwu!':dict(e=self._recon_watch_ui),
-      'rwx':dict(e=self._recon_watch_start, n='rwx', d='recon: start watching'),
-      'rp':dict(e=self._recon_list_packages, n='rp', d='recon: list installed packages'),
-      'ru':dict(e=self._recon_dump_ui, n='ru [output.xml]', d='recon: dump device UI'),
+      '!!':dict(e=self._recon_shell, n='!!', d='run shell on device', t={'apk'}),
+      'rwl':dict(e=self._recon_watch_logcat, n='rwl[!] [pat]', d='recon: watch logcat (!: system-wide)', t={'apk'}),
+      'rwl!':dict(e=self._recon_watch_logcat, t={'apk'}),
+      'rwf':dict(e=self._recon_watch_fs, n='rwf', d='recon: watch filesystem', t={'apk'}),
+      'rwt':dict(e=self._recon_watch_intent, n='rwt[!] [pat]', d='recon: watch intent', t={'apk'}),
+      'rwt!':dict(e=self._recon_watch_intent, t={'apk'}),
+      'rwu':dict(e=self._recon_watch_ui, n='rwu[!] [pat|xp:xpath] [output.xml]', d='recon: watch device UI', t={'apk'}),
+      'rwu!':dict(e=self._recon_watch_ui, t={'apk'}),
+      'rwx':dict(e=self._recon_watch_start, n='rwx', d='recon: start watching', t={'apk'}),
+      'rp':dict(e=self._recon_list_packages, n='rp', d='recon: list installed packages', t={'apk'}),
+      'ru':dict(e=self._recon_dump_ui, n='ru [output.xml]', d='recon: dump device UI', t={'apk'}),
     }
 
   def _get_apk_context(self) -> APKContext:

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/app/cmd/ios/engage.py

@@ -8,7 +8,7 @@ from trueseeing.core.model.cmd import CommandMixin
 from trueseeing.core.ui import ui
 
 if TYPE_CHECKING:
-  from typing import Mapping, List
+  from typing import Mapping, List, Tuple
   from trueseeing.api import CommandHelper, Command, CommandMap, OptionMap
   from trueseeing.core.ios.context import IPAContext
   from trueseeing.core.ios.device import IOSDevice
@@ -80,7 +80,7 @@ class EngageCommand(CommandMixin):
 
       if force:
         ui.warn(f"killing {name}")
-        await dev.invoke_frida_passthru(f"frida-kill -U {name}")
+        await dev.invoke_frida_passthru(f"frida-kill @dev@ {name}")
 
       ui.info(f"starting frida on {name}")
 
@@ -130,7 +130,7 @@ class EngageCommand(CommandMixin):
 
       if force:
         ui.warn(f"killing {name}")
-        await dev.invoke_frida_passthru(f"frida-kill -U {name}")
+        await dev.invoke_frida_passthru(f"frida-kill @dev@ {name}")
 
       ui.info(f"starting frida on {name}")
 
@@ -173,20 +173,25 @@ class EngageCommand(CommandMixin):
 
     with TemporaryDirectory() as td:
       from os import chdir, getcwd
-      from trueseeing.core.env import get_frida_ios_dump_interp, get_frida_ios_dump_path
+      from trueseeing.core.env import get_frida_ios_dump_interp, get_frida_ios_dump_path, get_ios_frida_server_host, get_frida_ios_dump_ssh_host
       from shlex import quote
       cd = getcwd()
+      hoststr = get_frida_ios_dump_ssh_host()
+      ssh_host, ssh_port = self._parse_host(hoststr, 2222)
       try:
         chdir(td)
         from subprocess import CalledProcessError
         try:
-          await dev.invoke_frida_passthru("{interp} {dump} -o t.ipa {name}".format(
+          await dev.invoke_frida_passthru("env FRIDA_HOST={host} {interp} {dump} -H {ssh_host} -p {ssh_port} -o t.ipa {name}".format(
+            host=get_ios_frida_server_host(),
             interp=get_frida_ios_dump_interp(),
             dump=get_frida_ios_dump_path(),
+            ssh_host=ssh_host,
+            ssh_port=ssh_port,
             name=quote(pkg),
           ))
         except CalledProcessError:
-          ui.fatal('cannot attach to process')
+          ui.fatal(f'grab failed (try tunnelling {ssh_host}:{ssh_port} to device port 22 or 44)')
 
         from shutil import copy2
         copy2('t.ipa', outfn)
@@ -195,6 +200,13 @@ class EngageCommand(CommandMixin):
       finally:
         chdir(cd)
 
+  def _parse_host(self, hoststr: str, default_port: int) -> Tuple[str, int]:
+    c = hoststr.split(':', maxsplit=1)
+    if len(c) > 1:
+      return c[0], int(c[1])
+    else:
+      return c[0], default_port
+
   def _get_context(self) -> IPAContext:
     return self._helper.get_context().require_type('ipa')  # type:ignore[return-value]
 
@@ -217,7 +229,7 @@ class FridaAttacher:
     from asyncio import TimeoutError
     ui.info('attaching to the foreground process')
     try:
-      await self._dev.invoke_frida_passthru("frida -UF {args}".format(
+      await self._dev.invoke_frida_passthru("frida @dev@ -F {args}".format(
         args=self._format_args(),
       ))
     except (TimeoutError, CalledProcessError):
@@ -236,7 +248,7 @@ class FridaAttacher:
     from subprocess import CalledProcessError
     from asyncio import TimeoutError
     try:
-      await self._dev.invoke_frida_passthru("frida -Uf {name} {args}".format(
+      await self._dev.invoke_frida_passthru("frida @dev@ -f {name} {args}".format(
         name=name,
         args=self._format_args(),
       ), timeout=3.)
@@ -248,7 +260,7 @@ class FridaAttacher:
     from asyncio import TimeoutError
     ui.info('waiting for the process; launch the app on the device in 60s')
     try:
-      await self._dev.invoke_frida_passthru("frida -UW {name} {args}".format(
+      await self._dev.invoke_frida_passthru("frida @dev@ -W {name} {args}".format(
         name=name,
         args=self._format_args(),
       ), timeout=60.)
@@ -282,7 +294,7 @@ class FridaTracer:
     from asyncio import TimeoutError
     ui.info('attaching to the foreground process')
     try:
-      await self._dev.invoke_frida_passthru("frida-trace -UF {args}".format(
+      await self._dev.invoke_frida_passthru("frida-trace @dev@ -F {args}".format(
         args=self._format_args(),
       ))
     except (TimeoutError, CalledProcessError):
@@ -301,7 +313,7 @@ class FridaTracer:
     from subprocess import CalledProcessError
     from asyncio import TimeoutError
     try:
-      await self._dev.invoke_frida_passthru("frida-trace -Uf {name} {args}".format(
+      await self._dev.invoke_frida_passthru("frida-trace @dev@ -f {name} {args}".format(
         name=name,
         args=self._format_args(),
       ))
@@ -313,7 +325,7 @@ class FridaTracer:
     from asyncio import TimeoutError
     ui.info('waiting for the process; launch the app on the device in 60s')
     try:
-      await self._dev.invoke_frida_passthru("frida-trace -UW {name} {args}".format(
+      await self._dev.invoke_frida_passthru("frida-trace @dev@ -W {name} {args}".format(
         name=name,
         args=self._format_args(),
       ))

trueseeing-2.2.8/trueseeing/app/cmd/ios/recon.py

@@ -0,0 +1,53 @@
+from __future__ import annotations
+from typing import TYPE_CHECKING
+
+from collections import deque
+
+from trueseeing.core.model.cmd import CommandMixin
+from trueseeing.core.ui import ui
+
+if TYPE_CHECKING:
+  from typing import Literal
+  from trueseeing.api import CommandHelper, Command, CommandMap
+
+  UIPatternType = Literal['re', 'xpath']
+
+class ReconCommand(CommandMixin):
+  def __init__(self, helper: CommandHelper) -> None:
+    self._helper = helper
+
+  @staticmethod
+  def create(helper: CommandHelper) -> Command:
+    return ReconCommand(helper)
+
+  def get_commands(self) -> CommandMap:
+    return {
+      'rp':dict(e=self._recon_list_packages, n='rp', d='recon: list installed packages', t={'ipa'}),
+    }
+
+  async def _recon_list_packages(self, args: deque[str]) -> None:
+    _ = args.popleft()
+
+    ui.info('listing packages')
+
+    import time
+    import re
+    import io
+    from trueseeing.core.ios.device import IOSDevice
+
+    dev = IOSDevice()
+
+    at = time.time()
+    nr = 0
+    for l in io.StringIO(await dev.invoke_frida('frida-ps @dev@ -ai')):
+      if l.startswith('----'):
+        continue
+      m = re.match(r'^\s*([0-9-]+)\s+(.*?)\s+([a-z0-9._-]+)\s*$', l)
+      if not m:
+        continue
+      if m.group(1) == '-':
+        ui.info('{bid} ({name})'.format(bid=m.group(3), name=m.group(2)))
+      else:
+        ui.info('{bid} ({name}) [{pid}]'.format(bid=m.group(3), name=m.group(2), pid=m.group(1)))
+      nr += 1
+    ui.success('done, {nr} packages found ({t:.02f} sec.)'.format(nr=nr, t=(time.time() - at)))

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/app/inspect.py

@@ -71,7 +71,7 @@ class InspectMode:
       sys.ps1, sys.ps2 = ps1, ps2
 
 class LambdaConsole(InteractiveConsole):
-  def __init__(self, /, runner: Runner, locals: Optional[Mapping[str, Any]] = None) -> None:
+  def __init__(self, /, runner: Runner, locals: Optional[Dict[str, Any]] = None) -> None:
     super().__init__(locals=locals, filename='<input>')
     from prompt_toolkit import PromptSession
     self._sess: Any = PromptSession()

{trueseeing-2.2.7 → trueseeing-2.2.8}/trueseeing/core/android/asm.py

@@ -10,7 +10,7 @@ from trueseeing.core.env import get_home_dir
 from trueseeing.core.ui import ui
 
 if TYPE_CHECKING:
-  from typing import Tuple, Optional
+  from typing import Tuple, Optional, AsyncIterator
   from trueseeing.core.context import Context
   from trueseeing.core.db import FileEntry
 
@@ -119,6 +119,32 @@ class APKDisassembler:
 
     pub.sendMessage('progress.core.asm.disasm.done')
 
+  @classmethod
+  async def get_slices(cls, xapk: str, wd: str) -> AsyncIterator[str]:
+    from shlex import quote
+    from trueseeing.core.tools import invoke_streaming
+    from trueseeing.core.android.tools import toolchains
+
+    td = wd
+
+    pub.sendMessage('progress.core.asm.disasm.begin')
+    with toolchains() as tc:
+      async for l in invoke_streaming(
+          '(java -jar {apkeditor} d -o {path} -i {xapk} -dex -t raw)'.format(
+            xapk=quote(xapk),
+            apkeditor=tc['apkeditor'],
+            path=quote(td),
+          ), redir_stderr=True
+      ):
+        pub.sendMessage('progress.core.asm.disasm.update')
+    pub.sendMessage('progress.core.asm.disasm.done')
+
+    with open(f'{td}/root/manifest.json') as f:
+      import json
+      dom = json.loads(f.read())
+      for s in dom['split_apks']:
+        yield os.path.join(td, 'root', s['file'])
+
 class APKAssembler:
   @classmethod
   async def assemble_from_path(cls, wd: str, path: str) -> Tuple[str, str]:
@@ -166,6 +192,34 @@ class APKAssembler:
 
     return os.path.join(wd, 'output.apk'), os.path.join(wd, 'output.apk.idsig')
 
+class APKSigner:
+  @classmethod
+  async def sign(cls, path: str, wd: str) -> Tuple[str, str]:
+    if path.endswith('.xapk'):
+      return await APKAssembler.merge_slices(path, wd)
+
+    import os
+    from shlex import quote
+    from trueseeing.core.tools import invoke_streaming
+    from trueseeing.core.android.tools import toolchains
+
+    pub.sendMessage('progress.core.asm.asm.begin')
+
+    with toolchains() as tc:
+      async for l in invoke_streaming(
+        '(rm -f {wd}/output.apk* && cp {path} {wd}/output.apk && java -jar {apksigner} sign --ks {keystore} --ks-pass pass:android {wd}/output.apk)'.format(
+          wd=quote(wd), path=quote(path),
+          apksigner=tc['apksigner'],
+          keystore=await SigningKey().key(),
+        ), redir_stderr=True
+      ):
+        pub.sendMessage('progress.core.asm.asm.update')
+
+    pub.sendMessage('progress.core.asm.asm.done')
+
+    return os.path.join(wd, 'output.apk'), os.path.join(wd, 'output.apk.idsig')
+
+
 class SigningKey:
   _path: str