From 2bc593e990e2915d63503df8d4be72d10fa77e9d Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 3 Sep 2022 16:00:53 +0200 Subject: Second commit --- karton/android/android.py | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'karton/android/android.py') diff --git a/karton/android/android.py b/karton/android/android.py index be4a11a..b05bce2 100644 --- a/karton/android/android.py +++ b/karton/android/android.py @@ -1,13 +1,12 @@ -import sys - -import androguard -from karton.core import Karton, Task +import androguard.core.bytecodes.apk # type: ignore +from karton.core import Karton, Task # type: ignore from .__version__ import __version__ + class Android(Karton): """ - Augment apk files with various information. + Augment apk files with various metadata. """ identity = "karton.android" @@ -19,27 +18,31 @@ class Android(Karton): def process(self, task: Task) -> None: sample = task.get_resource("sample") - a = androguard.core.bytecodes.apk.APK(sample) + a = androguard.core.bytecodes.apk.APK(sample.content, raw=True) if not a.is_valid_APK(): self.log.info("Not a valid APK file.") return metadata = { - 'package': a.package, - 'sample': sample, - 'activities': a.get_activites(), - 'main_activity': a.get_main_activity(), - 'permissions': a.get_permissions(), + "package": [a.package], + "activities": sorted(a.get_activities()), + "main_activity": [a.get_main_activity()], + "permissions": sorted(a.get_permissions()), } if a.is_signed() or a.is_signed_v3(): - metadata['certificate'] = a.get_certificates()[0].sha1_fingerprint.replace(" ", "") + certs = a.get_certificates() + if len(certs): + cert = certs[0] + sha1_cert = cert.sha1_fingerprint.replace(" ", "") + metadata["certificate"] = [sha1_cert] self.send_task( Task( - headers={"type": "sample", "stage": "analyzed"}, - payload=metadata) + headers={ + "type": "sample", + "stage": "analyzed", + }, + payload={"attributes": metadata}, ) - -if __name__ == "__main__": - Android().loop() + ) -- cgit v1.3