From 264be7bafd7ab92ddadc5c0d9d5c4489c9cda5d4 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Tue, 18 Sep 2018 09:09:16 +0200 Subject: Loaded APK files using a Python script. --- plugins/python/apkfiles/apkfiles.py | 43 ++++++++++++++++++------------------ src/analysis/contents/encapsulated.c | 15 ++++++++----- 2 files changed, 30 insertions(+), 28 deletions(-) diff --git a/plugins/python/apkfiles/apkfiles.py b/plugins/python/apkfiles/apkfiles.py index c45f8c9..0cffdd7 100644 --- a/plugins/python/apkfiles/apkfiles.py +++ b/plugins/python/apkfiles/apkfiles.py @@ -2,6 +2,10 @@ # -*- coding: utf-8 -*- from pychrysalide import PluginModule +from pychrysalide.analysis.contents import EncapsulatedContent +from pychrysalide.analysis.contents import MemoryContent +from pychrysalide.core import _global +import io import zipfile @@ -18,41 +22,36 @@ class ApkFiles(PluginModule): 'desc' : 'Add suppport for the APK file format', 'version' : '0.1', - 'actions' : [ PluginModule.PGA_PLUGIN_INIT ] + 'actions' : [ PluginModule.PGA_CONTENT_EXPLORER ] } return desc - def init(self): - """Initialize the plugin.""" + def handle_content(self, action, content, wid, status): + """Process an operation on a binary content.""" - return True + assert(action == PluginModule.PGA_CONTENT_EXPLORER) + pseudo_file = io.BytesIO(content.data) - def get_action(self): - """Register the plugin for given actions.""" + if zipfile.is_zipfile(pseudo_file): - return Plugin.PGA_FORMAT_MATCHER + zf = zipfile.ZipFile(pseudo_file) + if zf.namelist().count('classes.dex') > 0 \ + and zf.namelist().count('AndroidManifest.xml') > 0: - def is_matching(self, filename, data): - """Define if the given file can be handled.""" + explorer = _global().content_explorer - if not zipfile.is_zipfile(filename): - return Plugin.MFA_NONE, None, None + for name in zf.namelist(): - zf = zipfile.ZipFile(filename) + f = zf.open(name, 'r') + data = f.read() + f.closed - if zf.namelist().count('classes.dex') > 0 \ - and zf.namelist().count('AndroidManifest.xml') > 0: + mem_content = MemoryContent(data) + encaps_content = EncapsulatedContent(content, name, mem_content) - f = zf.open('classes.dex', 'r') - data = f.read() - f.closed - - return Plugin.MFA_RELOAD, None, bytearray(data) - - else: - return Plugin.MFA_NONE, None, None + explorer.populate_group(wid, encaps_content) diff --git a/src/analysis/contents/encapsulated.c b/src/analysis/contents/encapsulated.c index e307e6b..74795ea 100644 --- a/src/analysis/contents/encapsulated.c +++ b/src/analysis/contents/encapsulated.c @@ -225,11 +225,9 @@ static void g_encaps_content_interface_init(GBinContentInterface *iface) static void g_encaps_content_dispose(GEncapsContent *content) { - if (content->base != NULL) - g_object_unref(content->base); + g_clear_object(&content->base); - if (content->endpoint != NULL) - g_object_unref(content->endpoint); + g_clear_object(&content->endpoint); G_OBJECT_CLASS(g_encaps_content_parent_class)->dispose(G_OBJECT(content)); @@ -281,6 +279,9 @@ GBinContent *g_encaps_content_new(GBinContent *base, const char *path, GBinConte result = g_object_new(G_TYPE_ENCAPS_CONTENT, NULL); + g_object_ref(base); + g_object_ref(endpoint); + result->base = base; result->path = strdup(path); result->endpoint = endpoint; @@ -349,10 +350,12 @@ GBinContent *g_encaps_content_new_from_xml(xmlXPathContextPtr context, const cha endpoint = NULL;/// TODO if (endpoint != NULL) + { result = g_encaps_content_new(original, target, endpoint); + g_object_unref(G_OBJECT(endpoint)); + } - else - g_object_unref(G_OBJECT(original)); + g_object_unref(G_OBJECT(original)); } else -- cgit v0.11.2-87-g4458