Search the Community
Showing results for tags 'class'.
-
README.rst ========================================= Static Code Analysis for Smali ========================================= If you ever have looked at Android applications you know to appreciate the ability of analyzing your target at the most advanced level. Dynamic programm analysis will give you a pretty good overview of your applications activities and general behaviour. However sometimes you'll want to just analyze your application **without** running it. You'll want to have a look at its components, analyze how they interact and how data is tainted from one point to another. This is was the major factor driving the development of *smalisca*. There are indeed some good reasons for a *static code analysis* before the *dynamic* one. Before interacting with the application I like to know how the application has been build, if there is any API and generate all sort of *call flow graphs*. In fact graphs have been very important to me since they *visualize* things. Instead of jumping from file to file, from class to class, I just look at the graphs. While graph building has been an important reason for me to code such a tool, *smalisca* has some other neat **features** you should read about. Features ======== At the moment there are some few major functionalities like: * **parsing** You can parse a whole directory of **Smali** files and **extract**: * class information * class properties * class methods * calls between methods of different classes You can then **export** the results as **JSON** or **SQLite**. Have a loot at the `parsing page <http://smalisca.readthedocs.org/en/latest/parsing.html>`_ for more information. * **analyzing** After exporting the results you'll get an **interactive prompt** to take a closer look at your parsed data. You can **search** for classes, properties, methods and even method calls. You can then apply several **filters** to your search criterias like:: smalisca> sc -c class_name -p test -r 10 -x path -s class_type This command will search for *10* (-r 10) classes which contain the pattern *test* (-p) in their *class name* (-c). Afterwards the command will exclude the column *path* (-x path) from the results and sort them by the *class type* (-s). Let's have a look at another example:: smalisca> scl -fc com/android -fm init -r 10 This will search for all **method calls** whose *calling* class name contains the pattern *com/android* (-fc). Additionally we can look for calls originating from methods whose name contain the pattern *init* (-fm). You can of course read your commands from a file and analyze your results in a *batch*- like manner:: $ cat cmd.txt sc -c class_name -p com/gmail/xlibs -r 10 -x path quit $ ./smalisca.py analyzer -i results.sqlite -f sqlite -c cmd.txt ... Have a loot at the `analysis page <http://smalisca.readthedocs.org/en/latest/analysis.html>`_ for more information. * **visualizing** I think this the **most** valuable feature of *smalisca*. The ability to visualize your results in a structured way makes your life more comfortable. Depending on what you're interested in, this tool has several graph drawing features I'd like to promote. At first you can draw your packages including their classes, properties and methods:: smalisca> dc -c class_name -p test -f dot -o /tmp/classes.dot :: INFO Wrote results to /tmp/classes.dot smalisca> This will first search classes whose class name contains *test* and then export the results in the **Graphviz DOT** language. You can then manually generate a graph using *dot*, *neato*, *circo* etc. Or you do that using the interactive prompt:: smalisca> dc -c class_name -p test -f pdf -o /tmp/classes.pdf --prog neato :: INFO Wrote results to /tmp/classes.pdf smalisca> Have a loot at the `drawing page <http://smalisca.readthedocs.org/en/latest/drawing.html>`_ for more information. Screenshots =========== .. figure:: http://smalisca.readthedocs.org/en/latest/_images/smalisca_search_classes.png :scale: 99% :alt: Basic usage Output results as table. .. figure:: http://smalisca.readthedocs.org/en/latest/_images/smalisca_dxcl_dot_0.png :scale: 99% :alt: Cross calls Basic relationships between classes and modules. Have a look at the `screenshots page <http://smalisca.readthedocs.org/en/latest/screenshots.html>`_. Installation ============ Refer to the `installation page <http://smalisca.readthedocs.org/en/latest/installation.html>`_. Requirements: * Python (2.x / 3.x) * `cement <http://builtoncement.com/>`_ * Graphviz * SQLAlchemy How to use it ============= After installing the tool, you may want to first pick up an Android application (APK) to play with. Use `apktool <https://code.google.com/p/android-apktool/>`_ or my own tool `ADUS <https://github.com/dorneanu/adus>`_ to dump the APKs content. For the sake of simplicity I'll be using **FakeBanker** which I've analyzed in a previous `blog post <http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/>`_. First touch ----------- But first let's have a look at the tools main options:: $ smalisca --help ___ /\_ \ __ ____ ___ ___ __ \//\ \ /\_\ ____ ___ __ /',__\ /' __` __`\ /'__`\ \ \ \ \/\ \ /',__\ /'___\ /'__`\ /\__, `\/\ \/\ \/\ \/\ \L\.\_ \_\ \_\ \ \/\__, `\/\ \__//\ \L\.\_ \/\____/\ \_\ \_\ \_\ \__/.\_\/\____\\ \_\/\____/\ \____\ \__/.\_\ \/___/ \/_/\/_/\/_/\/__/\/_/\/____/ \/_/\/___/ \/____/\/__/\/_/ -------------------------------------------------------------------------------- :: Author: Victor <Cyneox> Dorneanu :: Desc: Static Code Analysis tool for Smali files :: URL: http://nullsecurity.net, http://{blog,www}.dornea.nu :: Version: 1.0 -------------------------------------------------------------------------------- usage: smalisca.py (sub-commands ...) [options ...] {arguments ...} [--] Static Code Analysis (SCA) tool for Baskmali (Smali) files. commands: analyzer [--] Analyze results using an interactive prompt or on the command line. parser [--] Parse files and extract data based on Smali syntax. optional arguments: -h, --help show this help message and exit --debug toggle debug output --quiet suppress all output --log-level {debug,info,warn,error,critical} Change logging level (Default: info) -v, --version show program's version number and exit Parsing ------- I'll first **parse** some directory for **Smali** files before doing the analysis stuff:: $ smalisca parser -l ~/tmp/FakeBanker2/dumped/smali -s java -f sqlite -o fakebanker.sqlite ... :: INFO Parsing .java files in /home/victor/tmp/FakeBanker2/dumped/smali ... :: INFO Finished parsing! :: INFO Exporting results to SQLite :: INFO Extract classes ... :: INFO Extract class properties ... :: INFO Extract class methods ... :: INFO Extract calls ... :: INFO Commit changes to SQLite DB :: INFO Wrote results to fakebanker.sqlite :: INFO Finished scanning Also have a look at the `parsing page <http://smalisca.readthedocs.org/en/latest/parsing.html>`_ for further information. Analyzing ---------- Now you're free to do whatever you want with your generated exports. You can inspect the **SQLite DB** directly or use *smaliscas* **analysis** features:: $ smalisca analyzer -f sqlite -i fakebanker.sqlite ... smalisca>sc -x path -r 10 +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ | id | class_name | class_type | class_package | depth | +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ | 1 | Landroid/support/v4/net/ConnectivityManagerCompat | public | Landroid.support.v4.net | 5 | | 2 | Landroid/support/v4/view/AccessibilityDelegateCompat$AccessibilityDelegateJellyBeanImpl | | Landroid.support.v4.view | 5 | | 3 | Landroid/support/v4/view/ViewCompat$ViewCompatImpl | interface abstract | Landroid.support.v4.view | 5 | | 4 | Landroid/support/v4/app/ActivityCompatHoneycomb | | Landroid.support.v4.app | 5 | | 5 | Landroid/support/v4/app/NoSaveStateFrameLayout | | Landroid.support.v4.app | 5 | | 6 | Landroid/support/v4/net/ConnectivityManagerCompatHoneycombMR2 | | Landroid.support.v4.net | 5 | | 7 | Lcom/gmail/xpack/BuildConfig | public final | Lcom.gmail.xpack | 4 | | 8 | Landroid/support/v4/app/BackStackRecord$Op | final | Landroid.support.v4.app | 5 | | 9 | Landroid/support/v4/app/FragmentManagerImpl | final | Landroid.support.v4.app | 5 | | 10 | Landroid/support/v4/app/ShareCompat$ShareCompatImpl | interface abstract | Landroid.support.v4.app | 5 | +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+ Also refer to the `analysis page <http://smalisca.readthedocs.org/en/latest/analysis.html>`_ for more available **commands** and options. Drawing ------- Please refer to the `drawing page <http://smalisca.readthedocs.org/en/latest/drawing.html>`_ for full examples. License ======== *smalisca* has been released under the **MIT** license. Have a look at the **LICENSE.rst** file. Credits ======= This tool is dedicated to **Lic?**. Many thanks also go to: * `Stephen McAllister <https://de.linkedin.com/pub/stephen-mcallister/13/843/71a>`_ * Many thanks for all those hours full of APK debugging and great ideas * My gf * Thank you very much for your patience and understanding! * `nullsecurity.net <http://nullsecurity.net>`_ * Hack the planet! Download: smalisca-0.1.tar.gz Description: Static Code Analysis tool for Smali files. MD5: 943930dbd144c52635f3d5b874482d3a Author: Cyneox
-
Clasa de mai jos este scrisa de mine pentru a ajuta la conectarea si inserarea de date intr-o baza de date de tip acces(mdb - access 2003, accdb - access 2007). Clasa am scris-o deoarece nu am gasit nici una existenta in acest moment, poate si datorita faptului ca se doreste renuntarea la conectivitatea prin odbc. Momantan clasa nu este 100% completa si voi revenii cu unele modificari. To Do list: Metoda pentru error raporting Metoda pentru executare dinamica a query-urilor atat insert cat si select. Metoda pentru selectarea si afisarea dinamica a tabelelor Cele 3 obiective vor fi terminate dupa ce termin programelul la care lucrez momentan pentru care nu am nevoie decat de metodele existente. Pentru a putea utiliza aceasta functie este necesar sa legati libraria libodbc32.a - cei care utilizeaza code blocks o vor avea - si sa adaugati cele 2 fisiere proiectului vostru. odbc.h /** * Aceasta clasa faciliteaza conexiunea la un fisier de tip mdb sau accdb(Acces 2003 respectiv 2007) * Functia este creeata pentru a facilita inserarea conectarea si inserarea intr-o baza de date acces * Metodele pentru care este necesara verificarea executarii executiei vor avea ca valoare de return un int * Acesta va fii fie 1 fie -1, 1 pentru succes, -1 pentru esec * Pentru ca aceasta clasa sa fie compilata cu succes aveti nevoie de libraria libodbc32.a */ #ifndef ODBC_H_INCLUDED #define ODBC_H_INCLUDED #include <iostream> #include <string> #include <sstream> #include <fstream> #include <windows.h> #include <sql.h> #include <sqlext.h> using namespace std; class Codbc { public: Codbc(); /** constructorul default */ Codbc(string dns); /** Constructorul pentru conexiune, preia un string cu adresa bazei de date */ string verificare(string nume); /** functie ce verifica daca un nume exista in baza de date, detalii in implementare */ int inserare(string date); /** functia de inserare a datelor - aceasta o puteti modifica pentru propriile necesitati */ void close(); /** functia pentru inchiderea conexiunii */ ~Codbc(); /** destructor */ private: HENV hEnv; /** handle pentru mediul de lucru */ HDBC hDbc; /** handle pentru conexiune */ HSTMT hStmt; /** handle pentru statement-urile pe care le vom executa */ RETCODE rc; /** va tine codul pe care il returneaza functiile native odbc gasite in libraria libodbc32.a */ char szConnStrOut[255]; int iConnStrLength2Ptr; }; #endif // ODBC_H_INCLUDED odbc.cpp #include "odbc.h" /** * Constructorul gol trebuie definit deoarece daca utilizatorul defineste un alt destructor * C++ nu mai defineste automat un constructor gol */ Codbc::Codbc(){} /** * destructorul * inchide conexiunea la baza de date si elibereaza handle-urile */ Codbc::~Codbc() { SQLDisconnect(hDbc); SQLFreeHandle(SQL_HANDLE_DBC, hDbc); SQLFreeHandle(SQL_HANDLE_ENV, hEnv); } /** * Constructorul costum prin care se creeaza toate cele necesare si se efectueaza conexiunea la baza de date. * Contine si datele pentru conectarea la baza de date cat si verifica daca s-a conexiunea s-a efectuat cu succes. * Preia sub forma unui string adresa catre baza de date */ Codbc::Codbc(string dns) { char szDSN[255] = "Driver={Microsoft Access Driver (*.mdb)};DSN='';DBQ="; strcat(szDSN, dns.c_str()); rc = SQLAllocEnv(&hEnv); rc = SQLAllocConnect(hEnv, &hDbc); rc = SQLDriverConnect(hDbc, NULL, (unsigned char*)szDSN, SQL_NTS, (unsigned char*)szConnStrOut, 255, (SQLSMALLINT*)&iConnStrLength2Ptr, SQL_DRIVER_NOPROMPT); if(SQL_SUCCEEDED(rc)) { cout << "Conexiune efectuata cu succes.\n\n"; } else { cout << "Conexiunea nu s-a putut efectua.\n\n"; close(); } } /** * Functia care verifica existenta unui nume si returneaza numele la care se adauga un indice * pe baza numarului de identificari + 1, in baza de date a numelui respectiv * Spre exemplu daca un nume exista de 3 ori in baza de date la care suntem conectati * functia va returna nume 4 */ string Codbc::verificare(string nume) { SQLCHAR valoareCustomers[128]; int counter = 0; int returnCode; string linieTemporara; string tempQuerry = "Select Customers.ContactLastName FROM Customers;"; unsigned char* tempQuery = (unsigned char*)tempQuerry.c_str(); rc = SQLAllocStmt(hDbc, &hStmt); rc = SQLPrepare(hStmt, tempQuery, SQL_NTS); rc = SQLBindCol(hStmt, 1, SQL_C_CHAR, valoareCustomers, 128, (SQLINTEGER*)&returnCode); rc = SQLExecute(hStmt); if(SQL_SUCCEEDED(rc)) { rc = SQLFetch(hStmt); while(SQL_SUCCEEDED(rc)) { linieTemporara = (char*)valoareCustomers; if((linieTemporara.find(nume) != string::npos) && (linieTemporara.size() <= (nume.size() + 2))) { if(((linieTemporara[linieTemporara.size() - 1] < '9') && (linieTemporara[linieTemporara.size() - 1] > '0'))) { counter++; } else if(linieTemporara == nume) { counter++; } } rc = SQLFetch(hStmt); } } if(counter == 0) { rc = SQLFreeStmt(hStmt, SQL_DROP); return nume; } else { stringstream sstemp; string temp; sstemp << counter; sstemp >> temp; nume = nume + " " + temp; rc = SQLFreeStmt(hStmt, SQL_DROP); return nume; } return nume; } /** * Functia de inserare a datelor, va prelua un strig ce va contine: * indicator judet, nume, strada/numar/bloc/apartament smd, sat si sau comuna, judet, data comanda, telefon, oferta * aceasta o puteti modifica pentru a se potrivi nevoilor voastre * in cazul in care inserarea se efectueaza cu succes atunci se returneaza 1 * in cazul incare inserarea a esuat se returneaza -1 */ int Codbc::inserare(string date) { string tempQuerry1 = "INSERT INTO Customers(ContactFirstName, ContactLastName, BillingAddress, City, StateOrProvince, PostalCode, PhoneNumber, Extension) Values ("; string tempQuerry2 = tempQuerry1 + date + ");"; rc = SQLAllocStmt(hDbc, &hStmt); rc = SQLPrepare(hStmt, (unsigned char*)tempQuerry2.c_str(), SQL_NTS); rc = SQLExecute(hStmt); if(SQL_SUCCEEDED(rc)) { cout << "Inserarea s-a efectuat cu succes.\n"; rc = SQLFreeStmt(hStmt, SQL_DROP); return 1; // succes } else { cout << "Inserarea nu s-a putut face pentru " << endl; cout << date << endl; rc = SQLFreeStmt(hStmt, SQL_DROP); return -1; // eroare } return -1; } /** * Aceasta functie va inchide conexiunea cu baza de date si va elibera handle-urile necesare */ void Codbc::close() { SQLDisconnect(hDbc); SQLFreeHandle(SQL_HANDLE_DBC, hDbc); SQLFreeHandle(SQL_HANDLE_ENV, hEnv); cout << "Clean up done."; } Oricine poate lua aceasta clasa si o poate utiliza cum doreste. Daca aveti sugestii in orice privinta va ascult. Le: Aceasta clasa nu a fost facuta tocmai bine, prezinta un memory leak destul de mare. Utilizati functiile de aiciSunt mai bune, mai generale si mai bine scrise.
-
- 1
-
- class
- conectare odbc
-
(and 1 more)
Tagged with: