Update to latest androguard and adds func plugin

Te-k · Mar 28, 2024 · 063b732 · 063b732
1 parent 23b1764
commit 063b732
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -33,6 +33,7 @@ positional arguments:
     enum                Enumerate interesting informations
     find                Find something in the APK
     frosting            Check if Google Play metadata (frosting) is in the APK
+    func                Provides details on a function
     info                Show the certificate
     json                Extract information on the APK in JSON format
     manifest            Show the manifest

diff --git a/apkcli/main.py b/apkcli/main.py
@@ -4,6 +4,7 @@
 
 from androguard.core import androconf
 from androguard.misc import AnalyzeAPK
+from loguru import logger
 
 from apkcli.plugins.base import Plugin
 
@@ -22,6 +23,8 @@ def init_plugins():
 
 
 def main():
+    # Disable androguard logging
+    logger.disable("androguard")
     parser = argparse.ArgumentParser()
     subparsers = parser.add_subparsers(help='Plugins')
 

diff --git a/apkcli/plugins/func.py b/apkcli/plugins/func.py
@@ -0,0 +1,32 @@
+#! /usr/bin/env python
+from hexdump import hexdump
+
+from apkcli.plugins.base import Plugin
+
+
+class PluginFunction(Plugin):
+    name = "func"
+    description = "Provides details on a function"
+
+    def add_arguments(self, parser):
+        parser.add_argument('CLASS', help="class name (like com/google/something)")
+        parser.add_argument('METHOD', help="method name")
+        self.parser = parser
+
+    def run(self, args, a, d, dx):
+        methods = [m for m in dx.get_methods() if args.CLASS in m.class_name and m.name == args.METHOD]
+        if len(methods) == 0:
+            print("Method not found")
+            return
+
+        for m in methods:
+            mm = m.get_method()
+            print("Method found : {} - {}".format(m.class_name, m.name))
+            print(m.full_name)
+            print("")
+            print(m.show())
+            print("")
+            print(mm.show())
+            if mm.get_code():
+                print("")
+                print(hexdump(mm.get_code().get_bc().get_raw()))
diff --git a/setup.py b/setup.py
@@ -14,7 +14,7 @@
     author_email='[email protected]',
     keywords='malware',
     include_package_data=True,
-    install_requires=['androguard==3.3.5', 'ipython', 'yara-python==4.1.0', 'lxml>=4.2.6', 'rich'],
+    install_requires=['androguard==4.1.1', 'ipython', 'yara-python==4.1.0', 'lxml>=4.2.6', 'rich', 'hexdump'],
     license='MIT',
     python_requires='>=3.5',
     packages=['apkcli', 'apkcli.plugins', 'apkcli.lib', 'apkcli.data'],