├── config ├── __init__.py ├── main.py ├── settings.json └── malware_perms.json ├── core ├── __init__.py ├── malware │ ├── __init__.py │ ├── actionSpy.py │ ├── wolfRat.py │ └── anubis.py ├── utils.py ├── androhelper.py ├── settings.py ├── app.py ├── adb.py └── snapshot.py ├── utils ├── __init__.py ├── out.py ├── args_parser.py └── main_settings.py ├── requirements.txt ├── images ├── AMDH.png └── AMDH_800x400.png ├── .github ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── workflows │ └── codeql.yml ├── amdh.spec ├── .gitignore ├── README.md ├── amdh.py └── LICENSE /config/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /utils/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /core/malware/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | androguard 2 | pwntools -------------------------------------------------------------------------------- /images/AMDH.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A-YATTA/AMDH/HEAD/images/AMDH.png -------------------------------------------------------------------------------- /images/AMDH_800x400.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A-YATTA/AMDH/HEAD/images/AMDH_800x400.png -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | --- 8 | 9 | **Description** 10 | Please provide a brief/detailed description of the feature. 11 | 12 | **Additional context** 13 | Please add any other context or screenshots about the feature request. 14 | 15 | 16 | -------------------------------------------------------------------------------- /config/main.py: -------------------------------------------------------------------------------- 1 | # by default, it will lock into the PATH env var for adb binary 2 | ADB_BINARY = "adb" 3 | SETTINGS_FILE = "config/settings.json" 4 | ADB_WINDOWS_PATH = "%LOCALAPPDATA%/Android/Sdk/platform-tools/adb" 5 | LIST_APPS_MAX_PRINT = 15 6 | PERMS_COMBINATIONS_FILE = "config/perms_combination.json" 7 | PERMISSIONS_FILE = "config/permissions.json" 8 | MALWARE_PERMS = "config/malware_perms.json" 9 | MALWARE_PACKAGES_FILE = "config/malware_packages.json" 10 | OUTPUT_DIR = "./out" 11 | SNAPSHOT_REPORT_FILE = "snap_report.json" 12 | SNAPSHOT_DIR = "snap" 13 | -------------------------------------------------------------------------------- /core/utils.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | # TO-DO: Add Enum for headers 4 | def check_header(header): 5 | if header == "504b0304": 6 | return "JAR" 7 | 8 | if header == "7f454c46": 9 | return "ELF" 10 | 11 | return "UNKNOWN" 12 | 13 | 14 | def write_file_to_dir(output_dir, filename, content): 15 | if not os.path.isdir(output_dir): 16 | os.makedirs(output_dir) 17 | if not output_dir[:-1] == '/': 18 | output_dir += "/" 19 | 20 | f = open(output_dir + filename, 'wb') 21 | f.write(content) 22 | f.close() 23 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior 15 | 16 | **Expected behavior** 17 | A clear and concise description of what you expected to happen. 18 | 19 | 20 | **Desktop (please complete the following information):** 21 | - OS: [e.g. Linux] 22 | - Python [e.g. 3.6] 23 | 24 | **Smartphone (please complete the following information):** 25 | - Device: [e.g. Samsung] 26 | - OS: [e.g. Galaxy S9] 27 | - Android version [e.g. 22] 28 | 29 | **Additional context** 30 | Add any other context about the problem here. 31 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | name: "CodeQL" 2 | 3 | on: 4 | push: 5 | branches: [ "master" ] 6 | pull_request: 7 | branches: [ "master" ] 8 | schedule: 9 | - cron: "18 19 * * 0" 10 | 11 | jobs: 12 | analyze: 13 | name: Analyze 14 | runs-on: ubuntu-latest 15 | permissions: 16 | actions: read 17 | contents: read 18 | security-events: write 19 | 20 | strategy: 21 | fail-fast: false 22 | matrix: 23 | language: [ python ] 24 | 25 | steps: 26 | - name: Checkout 27 | uses: actions/checkout@v3 28 | 29 | - name: Initialize CodeQL 30 | uses: github/codeql-action/init@v2 31 | with: 32 | languages: ${{ matrix.language }} 33 | queries: +security-and-quality 34 | 35 | - name: Autobuild 36 | uses: github/codeql-action/autobuild@v2 37 | 38 | - name: Perform CodeQL Analysis 39 | uses: github/codeql-action/analyze@v2 40 | with: 41 | category: "/language:${{ matrix.language }}" 42 | -------------------------------------------------------------------------------- /amdh.spec: -------------------------------------------------------------------------------- 1 | # -*- mode: python ; coding: utf-8 -*- 2 | from PyInstaller.utils.hooks import collect_all 3 | import os 4 | 5 | hiddenimports = [] 6 | venv_path = os.environ['VIRTUAL_ENV'] 7 | 8 | binaries=[(venv_path+'/lib/python3.10/site-packages/androguard/core/api_specific_resources/aosp_permissions/', 9 | 'androguard/core/api_specific_resources/aosp_permissions/'), 10 | (venv_path+'/lib/python3.10/site-packages/pwnlib/shellcraft/templates/__doc__', 11 | 'pwnlib/shellcraft/templates/')] 12 | 13 | datas=[(venv_path+'/lib/python3.10/site-packages/androguard/core/resources/public.xml', 'androguard/core/resources')] 14 | pathex=[venv_path+'/lib/python3.10/site-packages/'] 15 | 16 | block_cipher = None 17 | 18 | 19 | a = Analysis( 20 | ['amdh.py'], 21 | pathex=pathex, 22 | binaries=binaries, 23 | datas=datas, 24 | hiddenimports=hiddenimports, 25 | hookspath=[], 26 | hooksconfig={}, 27 | runtime_hooks=[], 28 | excludes=[], 29 | win_no_prefer_redirects=False, 30 | win_private_assemblies=False, 31 | cipher=block_cipher, 32 | noarchive=False, 33 | ) 34 | pyz = PYZ(a.pure, a.zipped_data, cipher=block_cipher) 35 | 36 | exe = EXE( 37 | pyz, 38 | a.scripts, 39 | a.binaries, 40 | a.zipfiles, 41 | a.datas, 42 | [], 43 | name='amdh', 44 | debug=False, 45 | bootloader_ignore_signals=False, 46 | strip=False, 47 | upx=True, 48 | upx_exclude=[], 49 | runtime_tmpdir=None, 50 | console=True, 51 | disable_windowed_traceback=False, 52 | argv_emulation=False, 53 | target_arch=None, 54 | codesign_identity=None, 55 | entitlements_file=None, 56 | ) 57 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | share/python-wheels/ 24 | *.egg-info/ 25 | 26 | 27 | .installed.cfg 28 | *.egg 29 | MANIFEST 30 | 31 | # PyInstaller 32 | # Usually these files are written by a python script from a template 33 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 34 | *.manifest 35 | #*.spec 36 | 37 | # Installer logs 38 | pip-log.txt 39 | pip-delete-this-directory.txt 40 | 41 | # Unit test / coverage reports 42 | htmlcov/ 43 | .tox/ 44 | .nox/ 45 | .coverage 46 | .coverage.* 47 | .cache 48 | nosetests.xml 49 | coverage.xml 50 | *.cover 51 | *.py,cover 52 | .hypothesis/ 53 | .pytest_cache/ 54 | cover/ 55 | 56 | # Translations 57 | *.mo 58 | *.pot 59 | 60 | # Django stuff: 61 | *.log 62 | local_settings.py 63 | db.sqlite3 64 | db.sqlite3-journal 65 | 66 | # Flask stuff: 67 | instance/ 68 | .webassets-cache 69 | 70 | # Scrapy stuff: 71 | .scrapy 72 | 73 | # Sphinx documentation 74 | docs/_build/ 75 | 76 | # PyBuilder 77 | .pybuilder/ 78 | target/ 79 | 80 | # Jupyter Notebook 81 | .ipynb_checkpoints 82 | 83 | # IPython 84 | profile_default/ 85 | ipython_config.py 86 | 87 | # pyenv 88 | # For a library or package, you might want to ignore these files since the code is 89 | # intended to run in multiple environments; otherwise, check them in: 90 | # .python-version 91 | 92 | # pipenv 93 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 94 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 95 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 96 | # install all needed dependencies. 97 | #Pipfile.lock 98 | 99 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 100 | __pypackages__/ 101 | 102 | # Celery stuff 103 | celerybeat-schedule 104 | celerybeat.pid 105 | 106 | # SageMath parsed files 107 | *.sage.py 108 | 109 | # Environments 110 | .env 111 | .venv 112 | env/ 113 | venv/ 114 | ENV/ 115 | env.bak/ 116 | venv.bak/ 117 | 118 | # Spyder project settings 119 | .spyderproject 120 | .spyproject 121 | 122 | # Rope project settings 123 | .ropeproject 124 | 125 | # mkdocs documentation 126 | /site 127 | 128 | # mypy 129 | .mypy_cache/ 130 | .dmypy.json 131 | dmypy.json 132 | 133 | # Pyre type checker 134 | .pyre/ 135 | 136 | # pytype static type analyzer 137 | .pytype/ 138 | 139 | # Cython debug symbols 140 | cython_debug/ 141 | 142 | 143 | core/__pycache__/* 144 | utils/__pycache__/* 145 | core/malware/__pycache__/* 146 | core/malware/__pycache__/* 147 | .idea/ 148 | -------------------------------------------------------------------------------- /utils/out.py: -------------------------------------------------------------------------------- 1 | 2 | class BColors: 3 | HEADER = '\033[95m' 4 | INFO = '\033[94m' 5 | OKGREEN = '\033[92m' 6 | WARNING = '\033[93m' 7 | FAIL = '\033[91m' 8 | ENDC = '\033[0m' 9 | WARNING_HEADER = '\033[33m' 10 | UNDERLINE = '\033[4m' 11 | 12 | 13 | class Out: 14 | def __init__(self, platform="Linux", filename=None): 15 | self.platform = platform 16 | self.log = None 17 | if filename: 18 | self.log = open(filename, "w") 19 | 20 | def print(self, message): 21 | if self.log: 22 | self.log.write(f"{message}\n") 23 | return 24 | 25 | print(f"{message}\n") 26 | 27 | def print_info(self, message): 28 | if self.log: 29 | self.log.write("[-] INFO: %s\n" % message) 30 | return 31 | 32 | if self.platform == "Linux" or self.platform == "Darwin": 33 | print(BColors.INFO + "[-] INFO: " + BColors.ENDC + f"{message}") 34 | else: 35 | print("[-] INFO: " + f"{message}") 36 | 37 | def print_warning(self, message): 38 | if self.log: 39 | self.log.write("[!] WARNING: %s\n" % message) 40 | return 41 | 42 | if self.platform == "Linux" or self.platform == "Darwin": 43 | print(BColors.WARNING + "[!] WARNING: " + f"{message}" + BColors.ENDC) 44 | else: 45 | print("[!] WARNING: " + f"{message}") 46 | 47 | def print_warning_header(self, message): 48 | if self.log: 49 | self.log.write("[!] WARNING: %s\n" % message) 50 | return 51 | 52 | if self.platform == "Linux" or self.platform == "Darwin": 53 | print(BColors.WARNING_HEADER + "[!] " + f"{message}" + BColors.ENDC) 54 | else: 55 | print("[!] WARNING: " + f"{message}") 56 | 57 | def print_error(self, message): 58 | if self.log: 59 | self.log.write("[X] ERROR: %s\n" % message) 60 | return 61 | 62 | if self.platform == "Linux" or self.platform == "Darwin": 63 | print(BColors.FAIL + "[X] ERROR: " + f"{message}" + BColors.ENDC) 64 | else: 65 | print("[X] ERROR: " + f"{message}") 66 | 67 | def print_success(self, message): 68 | if self.log: 69 | self.log.write("[+] OK: %s\n" % message) 70 | return 71 | 72 | if self.platform == "Linux" or self.platform == "Darwin": 73 | print(BColors.OKGREEN + "[+] OK: " + f"{message}" + BColors.ENDC) 74 | else: 75 | print("[+] OK: " + f"{message}") 76 | 77 | def print_high_warning(self, message): 78 | if self.log: 79 | self.log.write("[!] WARNING (HIGH): %s\n" % message) 80 | return 81 | 82 | if self.platform == "Linux" or self.platform == "Darwin": 83 | print(BColors.FAIL + "[!] WARNING: " + f"{message}" + BColors.ENDC) 84 | else: 85 | print("[!] WARNING (HIGH): %s" % message) 86 | -------------------------------------------------------------------------------- /core/androhelper.py: -------------------------------------------------------------------------------- 1 | from androguard.misc import AnalyzeAPK 2 | import re 3 | import json 4 | from core.malware.actionSpy import ActionSpy 5 | from core.malware.wolfRat import WolfRat 6 | from core.malware.anubis import Anubis 7 | from core.utils import check_header, write_file_to_dir 8 | from config.main import * 9 | 10 | 11 | class AndroHelper: 12 | 13 | def __init__(self, apk_path, output_dir): 14 | self.apk_path = apk_path 15 | # output directory 16 | self.output_dir = output_dir + "/" 17 | self.packed_files = dict() 18 | self.a, self.d, self.dx = AnalyzeAPK(self.apk_path) 19 | self.detected_malware = dict() 20 | 21 | def analyze(self): 22 | self.packed_files = dict() 23 | self.malware_detect() 24 | 25 | for file in self.a.get_files(): 26 | file_type = check_header(self.a.get_file(file)[0:4].hex()) 27 | 28 | if file_type == "JAR": 29 | write_file_to_dir(self.output_dir, file.split("/")[-1], a.get_file(file)) 30 | try: 31 | a, d, dx = AnalyzeAPK(self.output_dir + file.split("/")[-1]) 32 | if a.get_package(): 33 | self.packed_files[self.a.get_package()] = {file: {}} 34 | else: 35 | continue 36 | except Exception as e: 37 | # not an APK file 38 | continue 39 | 40 | with open(PERMISSIONS_FILE) as json_file: 41 | permissions = json.load(json_file) 42 | 43 | perms_desc = {} 44 | dangerous_perms = {} 45 | 46 | if a.get_permissions(): 47 | for perm in a.get_permissions(): 48 | try: 49 | perms_desc[perm] = {"description": permissions[perm]["description"], 50 | "level": permissions[perm]["protection_lvl"]} 51 | if any(re.findall(r'dangerous', permissions[perm]["protection_lvl"], re.IGNORECASE)): 52 | # Permission is flagged as dangerous 53 | dangerous_perms[permissions[perm]["permission"]] = permissions[perm]["description"] 54 | 55 | except Exception as e: 56 | continue 57 | 58 | self.packed_files[self.a.get_package()][file] = dangerous_perms 59 | 60 | return {"packed_file": self.packed_files, "detected_malware": self.detected_malware} 61 | 62 | def malware_detect(self): 63 | action_spy = ActionSpy(apk_path=self.apk_path, output_dir=self.output_dir) 64 | succeeded_test = action_spy.check() 65 | self.detected_malware["actionspy"] = succeeded_test 66 | 67 | wolf_rat = WolfRat(apk_path=self.apk_path, output_dir=self.output_dir) 68 | succeeded_test = wolf_rat.check() 69 | self.detected_malware["wolfrat"] = succeeded_test 70 | 71 | anubis = Anubis(apk_path=self.apk_path, output_dir=self.output_dir) 72 | succeeded_test = anubis.check() 73 | self.detected_malware["anubis"] = succeeded_test 74 | 75 | -------------------------------------------------------------------------------- /core/malware/actionSpy.py: -------------------------------------------------------------------------------- 1 | from pwnlib.elf import elf 2 | import os 3 | 4 | from core.androhelper import * 5 | from core.utils import check_header, write_file_to_dir 6 | 7 | 8 | class ActionSpy: 9 | def __init__(self, apk_path, output_dir="out"): 10 | 11 | self.known_packages = ['com.omn.vvi', 'com.isyjv.klxblnwc.r', 'com.isyjv.klxblnwc.r', 'com.isyjv.klxblnwc', 12 | 'com.android.dmp.rec', 'com.android.dmp.r', 'com.android.dmp.l', 'com.android.dmp.cm', 13 | 'com.android.dmp.c', 'com.ecs.esap', 'com.cd.weixin'] 14 | self.known_function_libs_names = ['makeInMemoryDexElements', 'fill_memory_filefunc', 'handData', 15 | 'huaweishareFromJNI', 'is_batteryinfo_valid', 'get_apk_content', 16 | 'get_apk_size', 'get_apk_file_buffer', 'enciphering', 17 | 'Java_com_isyjv_klxblnwc_s_NativeManager_b', 18 | 'Java_com_isyjv_klxblnwc_s_NativeManager_a'] 19 | self.known_libs = ["hello-jni", "SecShell", "blocSDK7a", "uuguarderclient-jni", "uuguarder-jni"] 20 | 21 | self.apk_path = apk_path 22 | self.a, self.d, self.dx = AnalyzeAPK(self.apk_path) 23 | self.output_dir = output_dir 24 | self.score = 0 25 | 26 | def check(self): 27 | self.score = 0 28 | 29 | # test 30 | if self.a.get_package in self.known_packages: 31 | self.score = self.score + 1 32 | 33 | for file in self.a.get_files(): 34 | 35 | file_type = check_header(self.a.get_file(file)[0:4].hex()) 36 | 37 | if "ELF" == file_type: 38 | try: 39 | self.dump_and_func_check(self.a, file) 40 | except Exception as e: 41 | continue 42 | 43 | if "ZIP" == file_type: 44 | write_file_to_dir(self.output_dir, file.split("/")[-1], a.get_file(file)) 45 | 46 | try: 47 | a, d, dx = AnalyzeAPK(self.output_dir + file.split("/")[-1]) 48 | 49 | # The archive is an APK 50 | self.score = self.score + 1 51 | 52 | except Exception as e: 53 | # not apk file 54 | continue 55 | 56 | for sub_file in a.get_files(): 57 | sub_file_type = check_header(a.get_file(sub_file)[0:4].hex()) 58 | 59 | if sub_file in self.known_libs: 60 | self.score += 1 61 | 62 | if sub_file_type is not None: 63 | try: 64 | self.dump_and_func_check(a, sub_file) 65 | except Exception as e: 66 | print(e) 67 | continue 68 | 69 | return self.score 70 | 71 | def dump_and_func_check(self, a, file): 72 | 73 | if not os.path.isdir(self.output_dir): 74 | os.makedirs(self.output_dir) 75 | 76 | out_file = self.output_dir + file.split("/")[-1] 77 | f = open(out_file, 'wb') 78 | f.write(a.get_file(file)) 79 | f.close() 80 | library = elf.ELF(out_file) 81 | # checks libraries functions names 82 | for key in library.symbols.keys(): 83 | for func in self.known_function_libs_names: 84 | if func in key: 85 | self.score = self.score + 1 86 | 87 | return self.score 88 | -------------------------------------------------------------------------------- /utils/args_parser.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import sys 3 | 4 | def args_parse(print_help=False): 5 | parser = argparse.ArgumentParser(description='Android Mobile Device Hardening\n', 6 | formatter_class=argparse.RawTextHelpFormatter) 7 | 8 | parser.add_argument('-d', '--devices', 9 | help='list of devices separated by comma or "ALL" for all connected devices', 10 | dest='devices') 11 | 12 | parser.add_argument('-sS', 13 | help='Scan the system settings', 14 | action='store_true') 15 | 16 | parser.add_argument('-sA', 17 | help='Scan the installed applications', 18 | action='store_true') 19 | 20 | parser.add_argument('-H', 21 | help='Harden system settings /!\ Developer Options and ADB will be disabled /!\ ', 22 | action='store_true') 23 | 24 | parser.add_argument('-a', '--adb-path', 25 | help='Path to ADB binary', 26 | default='adb', 27 | dest='adb_path') 28 | 29 | parser.add_argument('-t', 30 | choices=['e', 'd', '3', 's'], 31 | help='Type of applications:\n\te: enabled Apps\n\td: disabled Apps\n\t3: Third party Apps' 32 | '\n\ts: System Apps', 33 | default='3', 34 | dest='app_type') 35 | 36 | parser.add_argument('-D', '--dump-apks', 37 | help='Dump APKs from device to APKS_DUMP_FOLDER directory', 38 | dest='apks_dump_folder') 39 | 40 | parser.add_argument('-rar', 41 | help='Remove admin receivers: Remove all admin receivers if the app is not a system App\n' 42 | 'Scan application option "-sA" is required', 43 | action='store_true') 44 | 45 | parser.add_argument('-R', 46 | help='For each app revoke all dangerous permissions\n' 47 | 'Scan application option "-sA" is required', 48 | action='store_true') 49 | 50 | parser.add_argument('-l', 51 | help='List numbered applications to disable, uninstall or analyze\n', 52 | action='store_true') 53 | 54 | parser.add_argument('-P', 55 | help='List current users processes', 56 | action='store_true') 57 | 58 | parser.add_argument('-S', '--snapshot', 59 | help='Snapshot the current state of the phone to a json file and backup applications into ' 60 | 'SNAPSHOT_DIR', 61 | dest='snapshot_dir') 62 | 63 | parser.add_argument('-cS', '--cmp-snapshot', 64 | help='Compare SNAPSHOT_REPORT with the current phone state', 65 | dest='snapshot_report') 66 | 67 | parser.add_argument('-rS', '--restore-snapshot', 68 | help='Restore SNAPSHOT_TO_RESTORE', 69 | dest='snapshot_to_restore') 70 | 71 | parser.add_argument('-o', '--output-dir', 72 | help='Output directory for reports and logs. Default: out', 73 | dest='output_dir') 74 | 75 | args = parser.parse_args() 76 | 77 | if (args.rar or args.R) and not args.sA: 78 | out["std"].print_error("Option depend on scan application '-sA' ") 79 | sys.exit(1) 80 | 81 | if args.H and not args.sS: 82 | out["std"].print_error("Option depend on scan -sS") 83 | sys.exit(1) 84 | 85 | if print_help: 86 | parser.print_help(sys.stderr) 87 | return 88 | 89 | return args -------------------------------------------------------------------------------- /core/settings.py: -------------------------------------------------------------------------------- 1 | import json 2 | from enum import Enum 3 | 4 | from config.main import * 5 | from utils.out import Out 6 | 7 | 8 | class SettingTest(Enum): 9 | PASSED = 'passed' 10 | FAILED = 'failed' 11 | HARDENED = 'changed' 12 | 13 | 14 | class Settings: 15 | 16 | def __init__(self, json_settings_file, adb, harden=False, out=Out()): 17 | self.json_settings_file = json_settings_file 18 | self.adb = adb 19 | self.harden = harden 20 | self.out = out 21 | self.result_scan = dict() 22 | 23 | def check(self): 24 | with open(SETTINGS_FILE) as settingsFile: 25 | settings = json.load(settingsFile) 26 | 27 | for key, value in settings.items(): 28 | self.out.print_info("++++++++++++++++++++++++++++++++++++++++++++++++") 29 | self.out.print_info(f"+ Checking {key} Settings +") 30 | self.out.print_info("++++++++++++++++++++++++++++++++++++++++++++++++") 31 | self.loop_settings_check(key, value) 32 | 33 | return self.result_scan 34 | 35 | def loop_settings_check(self, section, settings): 36 | for setting in settings: 37 | command_result = self.adb.content_query_settings(section, setting["name"]) 38 | 39 | self.out.print_info("Checking : " + setting["name"]) 40 | self.out.print_info("\tDescription : " + setting["description"]) 41 | self.out.print_info("\tExpected : " + setting["expected"]) 42 | 43 | if "No result found" in command_result: 44 | self.out.print_warning("\tKey does not exist\n") 45 | self.append_key_to_result_scan_dict(section, {setting["name"]: "key not found"}) 46 | 47 | elif command_result.split("value=")[1].strip() == setting["expected"].strip(): 48 | self.append_key_to_result_scan_dict(section, 49 | { 50 | setting["name"]: 51 | { 52 | "description": setting["description"], 53 | "test": SettingTest.PASSED.value 54 | } 55 | }) 56 | 57 | self.out.print_success("\tCurrent value : " + command_result.split("value=")[1].strip() + "\n") 58 | else: 59 | self.out.print_warning("\tCurrent value : " + str(command_result.split("value=")[1].strip()) + "\n") 60 | test = SettingTest.FAILED.value 61 | if self.harden: 62 | self.adb.content_insert_settings(section, setting["name"], expected_value=setting["expected"], 63 | expected_value_type=setting["type"]) 64 | self.out.print_warning("\tModified : " + setting["expected"] + "\n") 65 | test = f"{SettingTest.FAILED.value}|{SettingTest.HARDENED.value}" 66 | 67 | self.append_key_to_result_scan_dict(section, 68 | { 69 | setting["name"]: 70 | { 71 | "description": setting["description"], 72 | "test": test 73 | } 74 | }) 75 | 76 | return self.result_scan 77 | 78 | def get_scan_report(self, section): 79 | if self.result_scan[section]: 80 | return self.result_scan[section] 81 | return {} 82 | 83 | def append_key_to_result_scan_dict(self, key, value): 84 | if key in self.result_scan: 85 | self.result_scan[key].append(value) 86 | else: 87 | self.result_scan[key] = [value] 88 | 89 | 90 | -------------------------------------------------------------------------------- /core/malware/wolfRat.py: -------------------------------------------------------------------------------- 1 | from androguard.misc import AnalyzeAPK 2 | 3 | 4 | class WolfRat: 5 | def __init__(self, apk_path, output_dir): 6 | self.known_packages = ['com.google.services', 'com.android.playup'] 7 | 8 | self.known_domains_ips = ["cvcws.ponethus.com", "svc.ponethus.com", "www.ponethus.com", 9 | "webmail.ponethus.com", "nampriknum.net", "www.nampriknum.net", 10 | "svc.nampriknum.net", "svcws.nampriknum.net", "svc.somtum.today", 11 | "svcws.somtum.today", "www.somtum.today", "somtum.today", "shop.databit.today", 12 | "svc.databit.today", "test.databit.today", "www.databit.today", "admin.databit.today", 13 | "cendata.today", "svc.cendata.today", "svcws.cendata.today", "www.cendata.today", 14 | "47.90.206.185"] # 47.90.206.185: vpn IP 15 | 16 | self.known_strings = ["dumpsys activity | grep \"Run #\" | grep -v ScreenCaptureImageActivity | head -n 1", 17 | "jp.naver.line.android/.activity.chathistory.ChatHistoryActivity", 18 | "com.whatsapp/.voipcalling.VoipActivityV2", 19 | "OrbotVpnThread", "OrbotVpn", 20 | "jp.naver.line.android/com.linecorp.voip.ui.freecall.FreeCallActivity", 21 | "com.android.playup", "/Bots/get_update", 22 | # endpoints 23 | "/Commands/comm_getfunction", "/Bots/get_update", "/Commands/delete_comm", 24 | "/Filesautosend/upload_file", "/Filesautosend/delete_file", "/Messages/mess_update", 25 | "/Transbots/bots_add", "/Authen/verify_token"] 26 | 27 | # common wolfRat classes in 3 analyzed versions 28 | self.known_classes = ['Lcom/dao/BotsDao;', 29 | 'Lcom/dao/CommandDao;', 30 | 'Lcom/dao/ConnectionSvcws;', 31 | 'Lcom/dao/FilesAutoSendDao;', 32 | 'Lcom/dao/FilesDao;', 33 | 'Lcom/dao/MessagesDao;', 34 | 'Lcom/dao/TransBotsDao;', 35 | 'Lcom/dao/UserDao;', 36 | 'Lcom/daoimp/BotsDaoImpl;', 37 | 'Lcom/daoimp/CommandDaoImpl;', 38 | 'Lcom/daoimp/DAOFactory;', 39 | 'Lcom/daoimp/FilesAutoSendDaoImpl;', 40 | 'Lcom/daoimp/FilesDaoImpl;', 41 | 'Lcom/daoimp/MessagesDaoImpl;', 42 | 'Lcom/daoimp/TransBotsDaoImpl;', 43 | 'Lcom/daoimp/UserDaoImpl;', 44 | 'Lcom/model/Bots;', 45 | 'Lcom/model/Commands;', 46 | 'Lcom/model/Files;', 47 | 'Lcom/model/FilesAutoSend;', 48 | 'Lcom/model/Messages;', 49 | 'Lcom/model/SmsBox;', 50 | 'Lcom/model/TransBots;', 51 | 'Lcom/model/User;', 52 | 'Lcom/utils/CheckCapture;', 53 | 'Lcom/utils/CheckNetwork;', 54 | 'Lcom/utils/DataService;', 55 | 'Lcom/utils/NetTask;', 56 | 'Lcom/utils/RestClient;'] 57 | 58 | self.apk_path = apk_path 59 | # output directory 60 | self.output_dir = output_dir + "/" 61 | self.packed_files = dict() 62 | 63 | self.a, self.d, self.dx = AnalyzeAPK(self.apk_path) 64 | self.score = 0 65 | 66 | def check(self): 67 | 68 | if next(self.dx.find_classes('.*com.jaredrummler.android.shell.*'), None): 69 | # APK execute Shell commands 70 | self.score += 1 71 | 72 | # next will return None if no element exist instead of raising exception 73 | if next(self.dx.find_classes('.*com.serenegiant.*'), None): 74 | # Libcommon https://github.com/saki4510t/libcommon 75 | self.score += 1 76 | 77 | for string in self.known_strings: 78 | try: 79 | if next(self.dx.find_strings(string=string)): 80 | # known "string" founded 81 | self.score += 1 82 | except Exception as e: 83 | # No element 84 | continue 85 | 86 | nbr_class_founded = 0 87 | for cl in self.known_classes: 88 | for cls in self.dx.find_classes('.*com/dao.*'): 89 | if cls and cl == cls.name: 90 | nbr_class_founded += 1 91 | break 92 | 93 | # if 5 classes founded => score++ 94 | # to be more deterministic, the score can be increased only if all the classes are founded 95 | # if nbr_class_founded == len(self.known_classes): 96 | if nbr_class_founded > 4: 97 | self.score += 1 98 | 99 | return self.score 100 | 101 | -------------------------------------------------------------------------------- /core/app.py: -------------------------------------------------------------------------------- 1 | from enum import Enum 2 | import json 3 | import re 4 | import os 5 | from core.androhelper import AndroHelper 6 | from config import main 7 | 8 | 9 | class Status(Enum): 10 | ENABLED = 'e' 11 | DISABLED = 'd' 12 | THIRD_PARTY = '3' 13 | SYSTEM = 's' 14 | 15 | 16 | class App: 17 | def __init__(self, adb_instance, package_name, scan=True, dump_apk=False, out_dir="apks_dump"): 18 | self.adb_instance = adb_instance 19 | self.package_name = package_name 20 | self.out_dir = out_dir 21 | self.dump_apk = dump_apk 22 | self.device_policy_out = self.adb_instance.dumpsys(["device_policy"]) 23 | self.dangerous_perms = {} 24 | self.scan = scan 25 | self.malware_only_perms = 0 26 | self.malware_combination = 0 27 | self.score = 0 28 | dumpsys_out = adb_instance.dumpsys(["package", package_name]) 29 | self.perms_list = adb_instance.get_req_perms_dumpsys_package(dumpsys_out) 30 | 31 | def check_app(self): 32 | if self.dump_apk: 33 | if not os.path.isdir(self.out_dir): 34 | os.makedirs(self.out_dir) 35 | try: 36 | out_file = self.out_dir + "/" + self.package_name + ".apk" 37 | self.adb_instance.dump_apk_from_device(self.package_name, out_file) 38 | except Exception as e: 39 | print(e) 40 | return None, None, None, None 41 | if self.scan: 42 | perm_desc, self.dangerous_perms = self.check_perms() 43 | return perm_desc, self.dangerous_perms, self.is_app_device_owner(), self.known_malware() 44 | 45 | return None, None, None, self.known_malware() 46 | 47 | def check_perms(self): 48 | with open(main.PERMISSIONS_FILE) as json_file: 49 | permissions = json.load(json_file) 50 | 51 | perms_desc = {} 52 | self.dangerous_perms = {} 53 | self.malware_perms_detect() 54 | 55 | for perm in self.perms_list: 56 | try: 57 | perms_desc[perm] = {"description": permissions[perm]["description"], 58 | "level": permissions[perm]["protection_lvl"]} 59 | if any(re.findall(r'dangerous', permissions[perm]["protection_lvl"], re.IGNORECASE)): 60 | # Permission is flagged as dangerous 61 | self.dangerous_perms[perm] = permissions[perm]["description"] 62 | 63 | except Exception as e: 64 | continue 65 | 66 | return perms_desc, self.dangerous_perms 67 | 68 | # check if package_name is device owner 69 | def is_app_device_owner(self): 70 | if self.package_name in self.device_policy_out: 71 | return True 72 | return False 73 | 74 | def remove_device_admin_for_app(self): 75 | device_admin_receivers = re.findall(r"(" + self.package_name + ".*):", self.device_policy_out) 76 | for device_admin_receiver in device_admin_receivers: 77 | try: 78 | self.adb_instance.remove_dpm(device_admin_receiver) 79 | return True, device_admin_receiver 80 | except Exception as e: 81 | print(e) 82 | return False, device_admin_receiver 83 | 84 | def revoke_dangerous_perms(self): 85 | for perm in self.dangerous_perms: 86 | try: 87 | self.adb_instance.revoke_perm_pkg(self.package_name, perm) 88 | except Exception as e: 89 | print(e) 90 | continue 91 | return True 92 | 93 | def malware_perms_detect(self): 94 | with open(main.MALWARE_PERMS) as json_file: 95 | malware_perms = json.load(json_file) 96 | 97 | nb_combinations = 0 98 | dict_all_perms = malware_perms["all"] 99 | sum_malware = 0 100 | sum_benign = 0 101 | 102 | if not self.perms_list: 103 | return 0 104 | 105 | for perm in self.perms_list: 106 | # check malware only permissions 107 | for p in malware_perms["malware_only"]: 108 | if perm.split(".")[-1] == p: 109 | self.malware_only_perms += 1 110 | current_perm = perm.split(".")[-1] 111 | 112 | if current_perm in dict_all_perms.keys(): 113 | sum_malware = sum_malware + dict_all_perms[current_perm]["malware"] 114 | sum_benign = sum_benign + dict_all_perms[current_perm]["benign"] 115 | 116 | # check permissions combinations 117 | for nb in malware_perms["combinations"]: 118 | for p in malware_perms["combinations"][nb]: 119 | nb_combinations += 1 120 | if set(p["permissions"]).issubset(set([item.split(".")[-1] for item in self.perms_list])): 121 | self.malware_combination += 1 122 | 123 | self.score = round((sum_benign - sum_malware) % 100, 2) 124 | 125 | def static_analysis(self): 126 | if self.dump_apk: 127 | if not os.path.isdir(self.out_dir): 128 | os.mkdir(self.out_dir) 129 | 130 | out_file = self.out_dir + "/" + self.package_name + ".apk" 131 | self.adb_instance.dump_apk_from_device(self.package_name, out_file) 132 | 133 | # output directory for embedded files: "out_dir/package_name/" 134 | androhelper = AndroHelper(out_file, self.out_dir + "/" + self.package_name) 135 | 136 | return androhelper.analyze() 137 | 138 | def known_malware(self): 139 | try: 140 | with open(main.MALWARE_PACKAGES_FILE) as json_file: 141 | malware_packages = json.load(json_file) 142 | except Exception as e: 143 | print(e) 144 | if self.package_name in malware_packages["packages"]: 145 | return True 146 | 147 | return False 148 | -------------------------------------------------------------------------------- /core/malware/anubis.py: -------------------------------------------------------------------------------- 1 | from core.androhelper import * 2 | 3 | 4 | class Anubis: 5 | 6 | def __init__(self, apk_path, output_dir): 7 | 8 | self.known_packages = ['wocwvy.czyxoxmbauu.slsa', 'kijxlnbftwdhbbet.eaafsym.fziuffcjyjetmqxsmcd', 9 | 'tlnulyndib.gidwqjoyzpmtrlz.gnrqdyzuns', 'bbhzprkmn.ouktwsybqlijg.rpmyqy', 10 | 'imjrqkqnugwo.lxrjr.pkdyqhh', 'efqutodrmhkck.jabatumhtihjjzntome.wmniiaogsit', 11 | 'hbo.jcupwrftuhmgktiylxsjqw.pcyonnqfenimdqgshy', 12 | 'ansdandnnasd.ashdgajwasgdafsfdhgasfdhg.nabvsbndvasbndvasnb', 13 | 'gcfscmmtue.mdzrsksczphmec.syq', 'qkrml.mwldzzg.tbplmj', 14 | 'ianlesiexoaso.xxhapabxpylaw.nnsuqiucmpsqeoferdmymhgpg', 15 | 'nwnglclfrcifyzdl.phjglhiyjpkrlyqpjbleouctsy.lpiddkccpzeayjedfosaable', 16 | 'com.gxnsynkqscax.zlculdjqusdk', 'jpxim.tmes.elwiynw', 17 | 'qoifqqhf.nuhnftdmleutwtwhagycgwtmog.nwijtiepdcwwzjmpa', 18 | 'fepl.coglbzmmchlabr.dsjkeoxokzwuzn', 'aawtbrj.lsyifadzwuyhcq.zffqxcrtbmfqix', 19 | 'ums.znyusx.uedxybqjylqquowulalgmppymf', 'rzccqg.sagqdra.zge', 'ggesbh.pvxvaw.xltji', 20 | 'lqk.chno.hqau', 'rdpdf.zptp.bjx', 'com.tudrzewejzvz.eyurzyb', 'avzmgaz.kbgydzh.ydoewn', 21 | 'umpjbjiak.mgswpevilx.bsvtwgqcis', 'mgmyzejuvvkghm.jjpdggysholak.rwkusfzvykmclgy', 22 | 'wteu.cjvow.ldkanccrhcxhrj', 'com.android.vending', 'com.turenak.ch', 23 | 'gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw', 24 | 'com.eojapij.itsysm', 'akowpynmcfnetbhrtkfk.ggojmkcs.zfhjuwobkab', 25 | 'zrzxrdogu.swblzeyazmplxnlo.dtaohnnqugctnjlffyjohaq', 'psudwnk.vtiacueicuqzs.laokhep', 26 | 'wocwvy.czyxoxmbauu.slsa', 'bqehgzgqygllillzks.lpugttkubu.erpwzdxnhtfmqwy', 27 | 'lsdkkx.ylklvnxalzenwy.bwgoejyyaagyh', 'wocwvy.czyxoxmbauu.slsa', 'com.waveyloa.it', 28 | 'question.another.scrub', 'ltvpzw.qjsenilrfznsna.bbwkgwsmorryf', 29 | 'wocwvy.czyxoxmbauu.slsa', 'com.vfhgstw.esnkrp', 'alter.erode.tent', 30 | 'provide.human.fine', 31 | 'com.hsjgwd.hgvjxepj', 'wocwvy.czyxoxmbauu.slsa', 'com.mdprwgkhs.rjzskfpm', 32 | 'com.ocwnkslfuxe.gwnydeqlxbdi', 'wocwvy.czyxoxmbauu.slsa', 'com.hwrzhofbm.hymcyv', 33 | 'wocwvy.czyxoxmbauu.slsa', 'glance.bright.raw', 'com.delnwrhwyej.hzfyiwjpf', 34 | 'com.etkrutbg.rmcbqsaml', 'com.emsqgqvonlad.rpydkfcdhwd', 35 | 'com.ajxhzuvpkqev.pbhgcfavujxc', 36 | 'com.kequdn.juynoiua', 'com.izjctdlk.dzqidfrsuvt', 'hire.immense.hurt', 37 | 'host.jeans.giant', 'com.vrhtlew.akoguymxeojk', 'com.inzfohvlqln.adloadov', 38 | 'tiny.notice.morning', 'ehrw.abizvfina.mjsltfpxlx', 'drip.neck.license', 39 | 'com.wolewrnfy.pqnukozeimz', 'day.cup.clog', 'anu_bispro.app', 'bid.monkey.glove', 40 | 'excuse.attract.balance', 'com.example.livemusay.mess', 'salmon.minute.shed', 41 | 'guide.plunge.private', 'com.thcernurz.tdevjzf', 'com.eaknagiox.xiaogbvrlam', 42 | 'com.wktnqdhpa.bkjvsvw', 'com.irbylhvbakc.qxjdkg', 'com.khpohrdumnj.wdpilonzsna', 43 | 'expire.match.now', 'visit.horse.topple', 'reason.build.priority', 44 | 'wocwvy.czyxoxmbauu.slsa', 'com.dkflrjqbd.peyeyqpd', 'sound.toddler.only', 45 | 'interest.picnic.rate', 'raw.concert.arm', 'wocwvy.czyxoxmbauu.slsa', 46 | 'grow.provide.sauce', 'com.ypumpkj.grxboc', 'anubis.bot.myapplication', 47 | 'sfgvwef.fewrfe.gfdgdddrtr', 'ticket.excite.salon', 'kali.logo.com'] 48 | 49 | self.known_strings = ['**startbrurl**', '|Request USSD is executed (', 'htmllocker', 'lock_amount', 50 | 'exitdagjhadfjedgjsfhexitlgdgsfhafg', 51 | '/fafa.php?f=', 'at.spardat.bcrmobile', 'at.spardat.netbanking', '/o1o/a1.php', 52 | '/o1o/a2.php', '/o1o/a3.php', '/o1o/a4.php', '/o1o/a5.php', '/o1o/a6.php', 53 | '/o1o/a7.php', '/o1o/a8.php', '/o1o/a9.php', '/o1o/a10.php', '/o1o/a11.php', 54 | '/o1o/a12.php', '/o1o/a13.php', '/o1o/a14.php', '/o1o/a15.php', '/o1o/a16.php', 55 | 'http://ktosdelaetskrintotpidor.com', 'http://sositehuypidarasi.com', 56 | 'http://cdnjs.su', 'vkladmin', 'zanubis', 57 | 'The system does not work correctly, you need to enable access to the statistics', 58 | 'For correct operation of the system, you need to get the coordinates, you need to ' + 59 | 'enable geolocation', 'https://twitter.com/qweqweqwe', 'Fattura', '.AnubisCrypt', 60 | 'Cryptolocker', 'del_sws', 'tuk_tuk=', 'RAT_command', 'startscreenVNC', 61 | 'http://bestmix.ga', 'http://10.0.3.2/injclientup', 'ru.sberbankmobile', 62 | 'id_windows_bot', 'keylogger', 'del_sws', 'Запрос', 'lock_inj', 63 | 'save_inj', 'perehvat_sws', 'endstartinj', 'Send_GO_SMS', 'nymBePsG0', 'GetSWSGO', 64 | 'telbookgotext=', 'endtextbook', 'cwc_text', 'recordsound', 'spam -> Commands', 65 | 'Urgent message!', 'ERROR -> startAutoPush', 'USSD -> Commands', 'spamSMS', 66 | 'indexSMSSPAM', 'prmsn_notifications', 'killBot -> Commands', 'urlInj', 'getkeylogger', 67 | 'getkeylogger -> Commands', 'WebSocket -> Commands', 'RATresponce', 'RAT_command', 68 | 'startscreenVNC', 'stopscreenVNC'] 69 | 70 | self.known_classes = ['ServiceAccessibility', 'ServiceCommands', 'ServiceCryptFiles', 'ServiceDeleteSMS', 71 | 'ServiceFindFiles', 'ServiceGeolocationGPS', 'ServiceGeolocationNetwork', 72 | 'ServiceHeadlessSmsSend', 'ServiceInjections', 'ServiceLookScreen', 73 | 'ServiceModuleNotification$fddo', 'ServiceModuleNotification', 'ServiceNL', 74 | 'ServicePedometer', 'ServicePlayProtectToast', 'ServiceRAT', 'StartWhileGlobal', 75 | 'StartWhileRequest', 'byte', 'case', 'char', 'else', 'fddo/fddo/fddo', 'fddo/fddo/for', 76 | 'fddo/fddo/ifdf', 'fddo/fddo', 'fddo/for', 'fddo/ifdf/goto', 'fddo/ifdf/byte', 77 | 'fddo/ifdf/case', 'fddo/ifdf/char', 'fddo/ifdf/else', 'fddo/ifdf/fddo', 'fddo/ifdf/for', 78 | 'fddo/ifdf/ifdf$fddo', 'fddo/ifdf/new', 'fddo/ifdf/ifdf', 'fddo/ifdf/int', 79 | 'fddo/ifdf/long', 'fddo/ifdf/this', 'fddo/ifdf/try', 'fddo/ifdf/void', 'fddo/ifdf', 80 | 'fddo/int$fddo', 'fddo/int', 'fddo'] 81 | 82 | self.apk_path = apk_path 83 | self.a, self.d, self.dx = AnalyzeAPK(self.apk_path) 84 | self.output_dir = output_dir 85 | self.score = 0 86 | 87 | def check(self): 88 | self.score = 0 89 | 90 | if self.a.get_package in self.known_packages: 91 | # Known anubis package 92 | self.score = self.score + 1 93 | 94 | for string in self.known_strings: 95 | 96 | try: 97 | if next(self.dx.find_strings(string=string)): 98 | # known "string" found 99 | self.score += 1 100 | except Exception as e: 101 | # No element 102 | continue 103 | 104 | nbr_class_found = 0 105 | for cl in self.known_classes: 106 | for cls in self.dx.find_classes('.*'): 107 | if cls and cl in str(cls.name): 108 | nbr_class_found += 1 109 | break 110 | 111 | # if 5 classes found => score++ 112 | # to be more deterministic, the score can be increased only if all the classes are found 113 | # if nbr_class_found == len(self.known_classes): 114 | if nbr_class_found > 4: 115 | self.score += 1 116 | 117 | return self.score 118 | -------------------------------------------------------------------------------- /config/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "secure": [ 3 | { 4 | "name": "privacy_mode_enabled", 5 | "description": "Privacy mode is Enabled (MIUI)", 6 | "expected": "1", 7 | "type": "i" 8 | }, 9 | { 10 | "name": "upload_debug_log_pref", 11 | "description": "Upload debug log preferences", 12 | "expected": "0", 13 | "type": "i" 14 | }, 15 | { 16 | "name": "lock_screen_show_notifications", 17 | "description": "Show notifications when screen is locked", 18 | "expected": "0", 19 | "type": "i" 20 | }, 21 | { 22 | "name": "unknown_sources_default_reversed", 23 | "description": "Restrict non market apps to the current user", 24 | "expected": "1", 25 | "type": "i" 26 | }, 27 | 28 | { 29 | "name": "autofill_user_data_max_category_count", 30 | "description": "Relative to autofill service", 31 | "expected": "0", 32 | "type": "i" 33 | }, 34 | { 35 | "name": "user_full_data_backup_aware", 36 | "description": "Governs whether the user is eligible for full app-data backup", 37 | "expected": "1", 38 | "type": "i" 39 | }, 40 | { 41 | "name": "location_mode", 42 | "description": "The current location mode of the device.", 43 | "expected": "0", 44 | "type": "i" 45 | }, 46 | { 47 | "name": "location_providers_allowed", 48 | "description": "Providers allowed for location", 49 | "expected": "", 50 | "type": "s" 51 | }, 52 | { 53 | "name": "lock_screen_allow_private_notifications", 54 | "description": "Private notifications allowed when screen is locked", 55 | "expected": "0", 56 | "type": "i" 57 | }, 58 | { 59 | "name": "speak_password", 60 | "description": "Speak passwords enabled", 61 | "expected": "0", 62 | "type": "i" 63 | }, 64 | { 65 | "name": "wake_gesture_enabled", 66 | "description": "Wake up device on gesture enabled", 67 | "expected": "0", 68 | "type": "i" 69 | }, 70 | { 71 | "name": "backup_enabled", 72 | "description": "Backup enabled", 73 | "expected": "0", 74 | "type": "i" 75 | }, 76 | { 77 | "name": "user_setup_complete", 78 | "description": "User has completed the setup", 79 | "expected": "1", 80 | "type": "i" 81 | }, 82 | { 83 | "name": "lock_screen_lock_after_timeout", 84 | "description": "Time to lock screen after screen goes off", 85 | "expected": "0", 86 | "type": "i" 87 | }, 88 | { 89 | "name": "lockscreen.disabled", 90 | "description": "Screen lock disabled", 91 | "expected": "0", 92 | "type": "i" 93 | }, 94 | { 95 | "name": "lock_screen_owner_info_enabled", 96 | "description": "Enable owner information when screen is locked", 97 | "expected": "1", 98 | "type": "i" 99 | }, 100 | { 101 | "name": "bluetooth_addr_valid", 102 | "description": "Vluetooth address valid", 103 | "expected": "1", 104 | "type": "i" 105 | }, 106 | { 107 | "name": "install_non_market_apps", 108 | "description": "Enable installing apps not from the store", 109 | "expected": "0", 110 | "type": "i" 111 | }, 112 | { 113 | "name": "user_full_data_backup_aware", 114 | "description": "User eligible for full app full app-data backup", 115 | "expected": "0", 116 | "type": "i" 117 | }, 118 | { 119 | "name": "has_enabled_photos_backup_before", 120 | "description": "Photos backup has been enabled", 121 | "expected": "0", 122 | "type": "i" 123 | 124 | }, 125 | { 126 | "name": "lockdown_in_power_menu", 127 | "description": "Puts the phone into the state where it can only be unlocked via the user's primary knowledge factor", 128 | "expected": "1", 129 | "type": "i" 130 | }, 131 | { 132 | "name": "assistant", 133 | "description": "Google assistance", 134 | "expected": "", 135 | "type": "s" 136 | }, 137 | { 138 | "name": "voice_interaction_service", 139 | "description": "Voice interaction assistance", 140 | "expected": "", 141 | "type": "s" 142 | }, 143 | { 144 | "name": "voice_recognition_service", 145 | "description": "Voice recognition assistance", 146 | "expected": "", 147 | "type": "s" 148 | }, 149 | { 150 | "name": "enabled_notification_assistant", 151 | "description": "Notification assistant", 152 | "expected": "", 153 | "type": "s" 154 | }, 155 | { 156 | "name": "web_autofill_query_url", 157 | "description": "Autofill server address", 158 | "expected": "", 159 | "type": "s" 160 | }, 161 | { 162 | "name": "input_methods_subtype_history", 163 | "description": "Setting to record the history of input method subtype", 164 | "expected": "", 165 | "type": "s" 166 | } 167 | ], 168 | "global": [ 169 | { 170 | "name": "network_avoid_bad_wifi", 171 | "description": "Only connect to trusted networks", 172 | "expected": "1", 173 | "type": "i" 174 | }, 175 | { 176 | "name": "device_provisioned", 177 | "description": "Setup completed of the phone", 178 | "expected": "1", 179 | "type": "i" 180 | }, 181 | { 182 | "name": "bluetooth_on", 183 | "description": "Bluetooth is enabled", 184 | "expected": "0", 185 | "type": "i" 186 | }, 187 | { 188 | "name": "wifi_on", 189 | "description": "WiFi is enabled", 190 | "expected": "0", 191 | "type": "i" 192 | }, 193 | { 194 | "name": "auto_time", 195 | "description": "Automatic time synchronisation", 196 | "expected": "1", 197 | "type": "i" 198 | }, 199 | { 200 | "name": "auto_time_zone", 201 | "description": "Automatic time zone synchronisation", 202 | "expected": "1", 203 | "type": "i" 204 | }, 205 | { 206 | "name": "stay_on_while_plugged_in", 207 | "description": "Keep the device on while the device is plugged in", 208 | "expected": "0", 209 | "type": "i" 210 | }, 211 | { 212 | "name": "wait_for_debugger", 213 | "description": "Is waiting for debugger", 214 | "expected": "0", 215 | "type": "i" 216 | }, 217 | { 218 | "name": "add_users_when_locked", 219 | "description": "Add new user when device is locked", 220 | "expected": "0", 221 | "type": "i" 222 | }, 223 | { 224 | "name": "assisted_gps_enabled", 225 | "description": "Assisted GPS enabled", 226 | "expected": "0", 227 | "type": "i" 228 | }, 229 | { 230 | "name": "accessibility_enabled", 231 | "description": "Accessibility enabled", 232 | "expected": "0", 233 | "type": "i" 234 | }, 235 | { 236 | "name": "google_assistant_button_on", 237 | "description": "Google assistant button", 238 | "expected": "0", 239 | "type": "i" 240 | }, 241 | { 242 | "name": "package_verifier_enable", 243 | "description": "Package verifier", 244 | "expected": "1", 245 | "type": "i" 246 | }, 247 | { 248 | "name": "ble_scan_always_enabled", 249 | "description": "Bluetooth scan always enabled", 250 | "expected": "0", 251 | "type": "i" 252 | }, 253 | 254 | { 255 | "name": "set_install_location", 256 | "description": "Let the user pick default install location", 257 | "expected": "0", 258 | "type": "i" 259 | }, 260 | { 261 | "name": "upload_apk_enable", 262 | "description": "Enable upload APK to Play Protect", 263 | "expected": "1", 264 | "type": "i" 265 | }, 266 | { 267 | "name": "package_verifier_user_consent", 268 | "description": "Accept Play Protect user consent", 269 | "expected": "1", 270 | "type": "i" 271 | }, 272 | { 273 | "name": "development_settings_enabled", 274 | "description": "Development settings are enabled", 275 | "expected": "0", 276 | "type": "i" 277 | }, 278 | { 279 | "name": "adb_enabled", 280 | "description": "Android Debug Bridge is enabled", 281 | "expected": "0", 282 | "type": "i" 283 | } 284 | 285 | ] 286 | } -------------------------------------------------------------------------------- /utils/main_settings.py: -------------------------------------------------------------------------------- 1 | from enum import Enum 2 | from sys import platform 3 | import os 4 | from shutil import which 5 | import threading 6 | import argparse 7 | import sys 8 | 9 | from core.adb import ADB 10 | from utils.out import Out 11 | from config.main import * 12 | 13 | from utils.args_parser import args_parse 14 | 15 | 16 | # Status of the App 17 | class Status(Enum): 18 | ENABLED = 'e' 19 | DISABLED = 'd' 20 | THIRD_PARTY = '3' 21 | SYSTEM = 's' 22 | 23 | 24 | class MainSettings: 25 | 26 | def __init__(self): 27 | # variables 28 | self.out = {"std": Out("Linux")} 29 | self.devices = [] 30 | self.dump_apks = False 31 | self.apks_dump_folder = locals().get("OUTPUT_DIR", "out") 32 | self.scan_settings = False 33 | self.scan_applications = False 34 | self.harden = False 35 | self.list_apps = False 36 | self.list_processes = False 37 | self.snapshot = False 38 | self.snapshot_dir = locals().get("SNAPSHOT_DIR", "snap_out") 39 | self.cmp_snap = False 40 | self.snapshot_report = locals().get("SNAPSHOT_REPORT_FILE", "snap_report.json") 41 | self.backup = False 42 | self.restore_snap = False 43 | self.snap_to_restore = locals().get("SNAPSHOT_REPORT_FILE", "snap_report.json") 44 | self.app_type = Status.THIRD_PARTY 45 | self.revoke = False 46 | self.rm_admin_recv = False 47 | self.lock = threading.Lock() 48 | self.adb_path = locals().get("ADB_BINARY", "adb") 49 | self.output_dir = locals().get("OUTPUT_DIR", "out") 50 | self.arguments = None 51 | 52 | def args_parse(self, print_help=False): 53 | parser = argparse.ArgumentParser(description='Android Mobile Device Hardening\n', 54 | formatter_class=argparse.RawTextHelpFormatter) 55 | 56 | parser.add_argument('-d', '--devices', 57 | help='list of devices separated by comma or "ALL" for all connected devices', 58 | dest='devices') 59 | 60 | parser.add_argument('-sS', 61 | help='Scan the system settings', 62 | action='store_true') 63 | 64 | parser.add_argument('-sA', 65 | help='Scan the installed applications', 66 | action='store_true') 67 | 68 | parser.add_argument('-H', 69 | help='Harden system settings /!\ Developer Options and ADB will be disabled /!\ ', 70 | action='store_true') 71 | 72 | parser.add_argument('-a', '--adb-path', 73 | help='Path to ADB binary', 74 | default='adb', 75 | dest='adb_path') 76 | 77 | parser.add_argument('-t', 78 | choices=['e', 'd', '3', 's'], 79 | help='Type of applications:\n\te: enabled Apps\n\td: disabled Apps\n\t3: Third party Apps' 80 | '\n\ts: System Apps', 81 | default='3', 82 | dest='app_type') 83 | 84 | parser.add_argument('-D', '--dump-apks', 85 | help='Dump APKs from device to APKS_DUMP_FOLDER directory', 86 | dest='apks_dump_folder') 87 | 88 | parser.add_argument('-rar', 89 | help='Remove admin receivers: Remove all admin receivers if the app is not a system App\n' 90 | 'Scan application option "-sA" is required', 91 | action='store_true') 92 | 93 | parser.add_argument('-R', 94 | help='For each app revoke all dangerous permissions\n' 95 | 'Scan application option "-sA" is required', 96 | action='store_true') 97 | 98 | parser.add_argument('-l', 99 | help='List numbered applications to disable, uninstall or analyze\n', 100 | action='store_true') 101 | 102 | parser.add_argument('-P', 103 | help='List current users processes', 104 | action='store_true') 105 | 106 | parser.add_argument('-S', '--snapshot', 107 | help='Snapshot the current state of the phone to a json file and backup applications into ' 108 | 'SNAPSHOT_DIR', 109 | dest='snapshot_dir') 110 | 111 | parser.add_argument('-cS', '--cmp-snapshot', 112 | help='Compare SNAPSHOT_REPORT with the current phone state', 113 | dest='snapshot_report') 114 | 115 | parser.add_argument('-rS', '--restore-snapshot', 116 | help='Restore SNAPSHOT_TO_RESTORE', 117 | dest='snapshot_to_restore') 118 | 119 | parser.add_argument('-o', '--output-dir', 120 | help='Output directory for reports and logs. Default: out', 121 | dest='output_dir') 122 | 123 | args = parser.parse_args() 124 | 125 | if (args.rar or args.R) and not args.sA: 126 | self.out["std"].print_error("Option depend on scan application '-sA' ") 127 | sys.exit(1) 128 | 129 | if args.H and not args.sS: 130 | self.out["std"].print_error("Option depend on scan -sS") 131 | sys.exit(1) 132 | 133 | if print_help: 134 | parser.print_help(sys.stderr) 135 | return 136 | 137 | self.arguments = args 138 | return args 139 | 140 | def set_output_std(self): 141 | if platform == "linux" or platform == "linux2": 142 | self.out["std"] = Out("Linux") 143 | elif platform == "darwin": 144 | self.out["std"] = Out("Darwin") 145 | elif platform == "win32": 146 | self.out["std"] = Out("Windows") 147 | 148 | def init_vars(self, arguments=None): 149 | if arguments: 150 | self.arguments = arguments 151 | 152 | self.set_output_std() 153 | 154 | if "adb_path" in self.arguments.__dict__.keys(): 155 | self.adb_path = self.arguments.adb_path 156 | else: 157 | if platform == "linux" or platform == "linux2" or platform == "darwin": 158 | if which("adb") is None and not os.path.isfile(ADB_BINARY): 159 | self.out["std"].print_error("adb not found please use '-a' to specify the path") 160 | args_parse(True) 161 | sys.exit(1) 162 | else: # Windows 163 | if which("adb") is None and not os.path.isfile(ADB_WINDOWS_PATH): 164 | self.out["std"].print_error("adb not found please use '-a' to specify the path") 165 | sys.exit(1) 166 | 167 | if self.arguments.devices: 168 | if ',' in self.arguments.devices: 169 | self.devices = self.arguments.devices.split(',') 170 | elif self.arguments.devices == "ALL": 171 | self.devices = ADB(self.adb_path).list_devices() 172 | else: 173 | self.devices.append(self.arguments.devices) 174 | 175 | elif not ADB(self.adb_path).list_devices(): 176 | self.out["std"].print_error("No device found") 177 | sys.exit(1) 178 | 179 | if self.arguments.apks_dump_folder: 180 | self.dump_apks = True 181 | self.apks_dump_folder = self.arguments.apks_dump_folder 182 | 183 | # Related to scan 184 | # scan settings 185 | if self.arguments.sS: 186 | self.scan_settings = True 187 | 188 | if self.arguments.sA: 189 | self.scan_applications = True 190 | 191 | # Hardening param 192 | if self.arguments.H: 193 | self.harden = True 194 | 195 | # list applications param 196 | if self.arguments.l: 197 | self.list_apps = True 198 | 199 | # list running users processes 200 | if self.arguments.P: 201 | self.list_processes = True 202 | 203 | # Related to snapshot 204 | if self.arguments.snapshot_dir: 205 | self.snapshot = True 206 | self.snapshot_dir = self.arguments.snapshot_dir 207 | 208 | # Snapshot comparison 209 | if self.arguments.snapshot_report: 210 | self.cmp_snap = True 211 | self.backup = False 212 | self.snapshot_report = self.arguments.snapshot_report 213 | 214 | # Snapshot restore 215 | if self.arguments.snapshot_to_restore: 216 | self.restore_snap = True 217 | self.snap_to_restore = self.arguments.snapshot_to_restore 218 | 219 | # Check if one of the operation are chosen 220 | if not self.scan_settings and not self.scan_applications and not self.dump_apks and not self.harden \ 221 | and not self.list_apps and not self.list_processes and not self.snapshot and not self.cmp_snap \ 222 | and not self.restore_snap: 223 | self.out["std"].print_error("Please choose an operation") 224 | self.args_parse(True) 225 | sys.exit(1) 226 | 227 | self.app_type = Status.THIRD_PARTY.value 228 | if self.arguments.app_type: 229 | try: 230 | self.app_type = Status(self.arguments.app_type) 231 | except Exception as e: 232 | self.out["std"].print_error("Invalid application type") 233 | 234 | if self.arguments.R: 235 | self.revoke = True 236 | 237 | if self.arguments.rar: 238 | self.rm_admin_recv = True 239 | 240 | if self.app_type.value == 'e': 241 | self.out["std"].print_info("Scanning system apps may takes a while ...") 242 | 243 | if self.arguments.output_dir: 244 | self.output_dir = self.arguments.output_dir 245 | if not os.path.isdir(self.output_dir): 246 | os.makedirs(self.output_dir) 247 | else: 248 | if not os.path.isdir(self.output_dir): 249 | os.makedirs(self.output_dir) 250 | -------------------------------------------------------------------------------- /core/adb.py: -------------------------------------------------------------------------------- 1 | from subprocess import run, PIPE 2 | import re 3 | 4 | 5 | class ADB: 6 | 7 | def __init__(self, adb_path="", device_id=""): 8 | """Constructor""" 9 | self.adb_path = adb_path 10 | self.device_id = device_id 11 | 12 | def adb_exec(self, commands_array): 13 | """This function return the output of the command 'adb commands_array[0] commands_array[1] ...'""" 14 | 15 | if not self.device_id: 16 | commands_array.insert(0, self.adb_path) 17 | result = run(commands_array, 18 | stdout=PIPE, stderr=PIPE, check=True, 19 | universal_newlines=True) 20 | else: 21 | commands_array.insert(0, self.adb_path) 22 | commands_array.insert(1, "-s") 23 | commands_array.insert(2, self.device_id) 24 | result = run(commands_array, 25 | stdout=PIPE, stderr=PIPE, check=True, 26 | universal_newlines=True) 27 | 28 | return result.stdout 29 | 30 | def list_devices(self): 31 | """This function return a list of the connected devices""" 32 | devices = {} 33 | command_result = self.adb_exec(["devices"]).split("\n")[1:] 34 | for line in command_result: 35 | if line: 36 | temp = line.split("\t") 37 | devices.update({temp[0].strip(): temp[1].strip()}) 38 | return devices 39 | 40 | # exceptions => apps not available 41 | # status => Enum in application.py 42 | def list_installed_packages(self, status): 43 | """This function return a list of the installed packages. """ 44 | adb_command = ["shell", "pm", "list", "packages", "-" + status] 45 | output_command = self.adb_exec(adb_command) 46 | list_installed_apps = [] 47 | for line in output_command.split("\n"): 48 | if not (":" in line): 49 | continue 50 | list_installed_apps.append(line.split(":")[1]) 51 | 52 | return list_installed_apps 53 | 54 | def dump_apk_from_device(self, package_name, output_file="base.apk"): 55 | """This function dump the apk of package_name package as output_file. if output file 56 | exist, it'll be overwritten.""" 57 | adb_path_command = ["shell", "pm", "path", str(package_name)] 58 | apk_path = (self.adb_exec(adb_path_command)).split("\n")[0].split(":")[1] 59 | 60 | adb_pull_command = ["pull", apk_path.strip(), output_file] 61 | output_pull_command = self.adb_exec(adb_pull_command) 62 | 63 | if "1 file pulled" in output_pull_command: 64 | return True 65 | 66 | return False 67 | 68 | def install_app(self, apk_file): 69 | """This function install apk_file.""" 70 | adb_install_command = ["install", apk_file] 71 | output_install_command = self.adb_exec(adb_install_command) 72 | 73 | if "Success" in output_install_command: 74 | return True 75 | 76 | return False 77 | 78 | def uninstall_app(self, package_name): 79 | """This function uninstall package_name using user 0 privileges.""" 80 | adb_uninstall_command = ["shell", "pm", "uninstall", "--user", "0", package_name] 81 | output_uninstall_command = self.adb_exec(adb_uninstall_command) 82 | 83 | if "Success" in output_uninstall_command: 84 | return True 85 | 86 | return False 87 | 88 | def disable_app(self, package_name): 89 | """This function disable package_name using user 0 privileges.""" 90 | adb_uninstall_command = ["shell", "pm", "disable", "--user", "0", package_name] 91 | output_uninstall_command = self.adb_exec(adb_uninstall_command) 92 | 93 | if "Success" in output_uninstall_command: 94 | return True 95 | 96 | return False 97 | 98 | # params is an array of arguments 99 | def dumpsys(self, params): 100 | """This function return the output of the command 'dumpsys param[0] param[1] ...'.""" 101 | dumpsys_command = ["shell", "dumpsys"] + params 102 | return self.adb_exec(dumpsys_command) 103 | 104 | # return list of permissions 105 | # output = dumpsys package package_name 106 | def get_req_perms_dumpsys_package(self, dumpsys_output): 107 | """This function return a list of granted requested permissions from the output of the command 108 | 'dumpsys package {package_name}' command given as parameter. """ 109 | if "requested permissions" in dumpsys_output: 110 | granted_perms = re.findall(r"(.*): granted=true", dumpsys_output) 111 | return [perm.strip(' ') for perm in granted_perms] 112 | 113 | return [] 114 | 115 | def get_install_perms_dumpsys_package(self, dumpsys_output): 116 | """This function return a list of granted install permissions from the output of the command 117 | 'dumpsys package {package_name}' given as parameter. """ 118 | if "install permissions" in dumpsys_output: 119 | p = re.compile(r'(?<=install permissions:).+?(?=User [0-9]+:)') 120 | perms_part = re.search(p, dumpsys_output.replace("\n", " ")) 121 | perms_part_tmp = perms_part.group(0).strip().replace(": granted=true", "") 122 | return re.split(" +", perms_part_tmp) 123 | 124 | return [] 125 | 126 | def get_all_settings_section(self, settings_section): 127 | command = ["shell", "settings", "list", settings_section] 128 | return self.adb_exec(command) 129 | 130 | def content_query_settings(self, settings_section, key): 131 | """This function return the value of 'key' in the settings_section section. 132 | section can be one of: 133 | - secure 134 | - global 135 | - system""" 136 | command = ["shell", "content", "query", "--uri", "content://settings/" + settings_section, 137 | "--projection", "name:value", "--where", "'name=\"" + key + "\"'"] 138 | return self.adb_exec(command) 139 | 140 | def content_delete_settings(self, settings_section, key): 141 | """This function delete the content of 'key' in the settings_section section. 142 | section can be one of: 143 | - secure 144 | - global 145 | - system""" 146 | command = ["shell", "content", "delete", "--uri", "content://settings/" + settings_section, 147 | "--where", "'name=\"" + key + "\"'"] 148 | return self.adb_exec(command) 149 | 150 | def content_insert_settings(self, settings_section, key, expected_value, expected_value_type): 151 | """This function insert the content of 'key' in the settings_section section and update of exist. 152 | section can be one of: 153 | - secure 154 | - global 155 | - system""" 156 | if expected_value_type not in ['b', 's', 'i', 'l', 'f', 'd']: 157 | return "value type is not recognized! type should be: b,s,i,l,f or d" 158 | 159 | command = ["shell", "content", "insert", "--uri", "content://settings/" + settings_section, 160 | "--bind", "name:s:" + key, "--bind value:" + expected_value_type + ":" + expected_value] 161 | return self.adb_exec(command) 162 | 163 | def remove_dpm(self, dpm_receiver): 164 | """This function remove dpm_receiver from active admins list""" 165 | self.adb_exec(["shell", "dpm", "remove-active-admin", dpm_receiver]) 166 | 167 | def revoke_perm_pkg(self, package_name, permission): 168 | """This function revoke 'permission', given as parameter, for the package package_name""" 169 | command = ["shell", "pm", "revoke", package_name, permission] 170 | self.adb_exec(command) 171 | 172 | def check_pending_update(self): 173 | """This function return True if there is a pending update""" 174 | dumpsys_args = ["device_policy"] 175 | res = self.dumpsys(dumpsys_args) 176 | if "Pending System Update" in res: 177 | return True 178 | 179 | return False 180 | 181 | def list_backgroud_apps(self): 182 | """This function return the current running applications in background""" 183 | command = ["shell", "ps", "-A", "|", "grep", "-E", "-o", "'u[0-9]*_a(.*)*'", "|", "tr", "-s", "' '", 184 | "|", "cut", "-d", "' '", "-f", "9"] 185 | return self.adb_exec(command) 186 | 187 | def force_stop_app(self, package_name): 188 | """This function stop background process of package_name""" 189 | adb_force_stop_command = ["shell", "am", "force-stop", package_name] 190 | self.adb_exec(adb_force_stop_command) 191 | 192 | def get_package_first_install_time(self, package_name): 193 | """This function return the first install time of package_name""" 194 | dumpsys_args = ["package", package_name] 195 | res = self.dumpsys(dumpsys_args) 196 | first_install_time = re.search(r'(?<=firstInstallTime=).*', res).group(0) 197 | return first_install_time 198 | 199 | def get_package_last_update_time(self, package_name): 200 | """This function return last update time of package_name""" 201 | dumpsys_args = ["package", package_name] 202 | res = self.dumpsys(dumpsys_args) 203 | first_install_time = re.search(r'(?<=lastUpdateTime=).*', res).group(0) 204 | return first_install_time 205 | 206 | def get_content_sms(self): 207 | """This function return the content of SMSs""" 208 | command = ["shell", "content", "query", "--uri", "content://sms/ "] 209 | return self.adb_exec(command) 210 | 211 | def get_content_sms_projection(self, projection, condition): 212 | """This function return the projection of SMS table if the condition is satisfied""" 213 | command = ["shell", "content", "query", "--uri", "content://sms/", "--projection", projection, "--where", 214 | condition] 215 | return self.adb_exec(command) 216 | 217 | def get_content_contacts(self): 218 | """This Function return the current contacts list""" 219 | command = ["shell", "content", "query", "--uri", "content://com.android.contacts/data"] 220 | return self.adb_exec(command) 221 | 222 | def backup(self, package, out_path): 223 | """this function backup package to the output (out_path)""" 224 | command = ["backup", "-f", out_path, "-apk", package] 225 | return self.adb_exec(command) 226 | 227 | def send_keyevent(self, keyevent): 228 | """This function send a keyevent and return exit code""" 229 | command = ["shell", "input", "keyevent", str(keyevent)] 230 | return self.adb_exec(command) 231 | 232 | def restore(self, backup): 233 | """this function restore the backup file""" 234 | command = ["restore", backup] 235 | return self.adb_exec(command) 236 | -------------------------------------------------------------------------------- /core/snapshot.py: -------------------------------------------------------------------------------- 1 | import re 2 | from threading import Thread 3 | import json 4 | from pathlib import Path 5 | 6 | from core.app import Status 7 | 8 | 9 | class Snapshot: 10 | 11 | def __init__(self, adb_instance, app_type=Status.THIRD_PARTY.value, out_dir="out", 12 | snapshot_file="report.json", backup=True): 13 | self.adb_instance = adb_instance 14 | self.out_dir = out_dir 15 | self.app_type = app_type 16 | self.report = dict() 17 | self.snapshot_file = snapshot_file 18 | self.backup = backup 19 | self.restore_report = dict() 20 | 21 | def snapshot_packages(self): 22 | packages = self.adb_instance.list_installed_packages(self.app_type) 23 | self.report["apps"] = dict() 24 | for package in packages: 25 | dumpsys_package = self.adb_instance.dumpsys(['package', package]) 26 | self.report["apps"][package] = dict() 27 | self.report["apps"][package]["firstInstallTime"] = self.adb_instance.get_package_first_install_time(package) 28 | self.report["apps"][package]["lastUpdateTime"] = self.adb_instance.get_package_last_update_time(package) 29 | self.report["apps"][package]["grantedPermissions"] = self.adb_instance.get_req_perms_dumpsys_package( 30 | dumpsys_package) 31 | 32 | if package in self.adb_instance.dumpsys(["device_policy"]): 33 | self.report["apps"][package]["deviceAdmin"] = True 34 | else: 35 | self.report["apps"][package]["deviceAdmin"] = False 36 | 37 | if self.backup and "ALLOW_BACKUP" in re.search(r"flags=(.*)", dumpsys_package).group(1): 38 | # Application allow backup 39 | # TODO: backup password 40 | output = self.out_dir + "/" + package + ".ab" 41 | self.__backup__(package, output) 42 | self.report["apps"][package]["backup"] = package + ".ab" 43 | 44 | # Dump apk 45 | try: 46 | self.adb_instance.dump_apk_from_device(package, self.out_dir + "/" + package + ".apk") 47 | self.report["apps"][package]["apk"] = package + ".apk" 48 | except Exception as e: 49 | # cannot dump APK file 50 | continue 51 | 52 | return self.report["apps"] 53 | 54 | def snapshot_settings(self): 55 | self.report["settings"] = dict() 56 | global_settings = self.adb_instance.get_all_settings_section("global") 57 | self.report["settings"]["global"] = dict(x.split("=", 1) for x in global_settings.split("\n") if x.strip()) 58 | 59 | secure_settings = self.adb_instance.get_all_settings_section("secure") 60 | self.report["settings"]["secure"] = dict(x.split("=", 1) for x in secure_settings.split("\n") if x.strip()) 61 | 62 | system_settings = self.adb_instance.get_all_settings_section("system") 63 | self.report["settings"]["system"] = dict(x.split("=", 1) for x in system_settings.split("\n") if x.strip()) 64 | 65 | def snapshot_sms(self): 66 | sms_ids = self.adb_instance.get_content_sms_projection("_id", "1=1") 67 | self.report["sms"] = dict() 68 | if not sms_ids or "No result found." in sms_ids: 69 | return self.report["sms"] 70 | 71 | for sms_id in sms_ids.split("\n"): 72 | if not sms_id: 73 | break 74 | sms_id = self.__remove_row_projection__(sms_id) 75 | 76 | self.report["sms"][sms_id] = dict() 77 | 78 | address = self.__remove_row_projection__(self.adb_instance.get_content_sms_projection( 79 | "address", "'_id=" + sms_id + "'")) 80 | date = self.__remove_row_projection__(self.adb_instance.get_content_sms_projection( 81 | "date", "'_id=" + sms_id + "'")) 82 | date_sent = self.__remove_row_projection__(self.adb_instance.get_content_sms_projection( 83 | "date_sent", "'_id=" + sms_id + "'")) 84 | body = self.__remove_row_projection__(self.adb_instance.get_content_sms_projection( 85 | "body", "'_id=" + sms_id + "'")) 86 | seen = self.__remove_row_projection__(self.adb_instance.get_content_sms_projection( 87 | "seen", "'_id=" + sms_id + "'")) 88 | 89 | self.report["sms"][sms_id] = {"address": address, "date": date, "date_sent": date_sent, "body": body, 90 | "seen": seen} 91 | 92 | return self.report["sms"] 93 | 94 | def snapshot_contacts(self): 95 | contacts_result = self.adb_instance.get_content_contacts() 96 | self.report["contacts"] = dict() 97 | 98 | if not contacts_result or "No result found." in contacts_result: 99 | return self.report["contacts"] 100 | 101 | id_contact = 1 102 | for contact in re.split("Row: [0-9]* ", contacts_result): 103 | self.report["contacts"][str(id_contact)] = \ 104 | dict(map(str.strip, sub.split('=', 1)) for sub in contact.strip().split(', ') if '=' in sub) 105 | id_contact += 1 106 | 107 | return self.report["contacts"] 108 | 109 | def get_report(self): 110 | self.report = dict() 111 | if self.backup: 112 | self.snapshot_packages() 113 | self.snapshot_settings() 114 | self.snapshot_sms() 115 | self.snapshot_contacts() 116 | else: 117 | self.snapshot_compare() 118 | 119 | return self.report 120 | 121 | def __backup__(self, package, output): 122 | thread_backup = Thread(target=self.adb_instance.backup, args=(package, output)) 123 | thread_backup.start() 124 | # password field 125 | self.adb_instance.send_keyevent(61) 126 | # DO NOT BACKUP 127 | self.adb_instance.send_keyevent(61) 128 | # BACKUP 129 | self.adb_instance.send_keyevent(61) 130 | # Confirm 131 | self.adb_instance.send_keyevent(66) 132 | thread_backup.join() 133 | 134 | def __remove_row_projection__(self, string): 135 | return re.split("Row: [0-9]* ", string)[1].strip().split("=")[1] 136 | 137 | def snapshot_compare(self): 138 | return {"apps": self.cmp_snapshot_apps(), "settings": self.cmp_snapshot_settings()} 139 | 140 | def cmp_snapshot_apps(self): 141 | 142 | with open(self.snapshot_file) as json_file: 143 | snap_apps = json.load(json_file)["apps"] 144 | 145 | current_apps = self.snapshot_packages() 146 | 147 | apps_exist_in_snap = dict() 148 | new_installed_apps = dict() 149 | uninstalled_apps = dict() 150 | 151 | for installed_app in current_apps.keys(): 152 | if installed_app in snap_apps: 153 | apps_exist_in_snap.update({installed_app: current_apps[installed_app]}) 154 | else: 155 | new_installed_apps.update({installed_app: current_apps[installed_app]}) 156 | 157 | if len(snap_apps) > len(current_apps): 158 | uninstalled_apps.update({app: snap_apps[app] for app in set(snap_apps) - set(current_apps)}) 159 | else: 160 | uninstalled_apps.update({app: current_apps[app] for app in set(current_apps) - set(snap_apps)}) 161 | 162 | report = dict() 163 | report["new_installed_apps"] = new_installed_apps 164 | report["apps_exist_in_snap"] = apps_exist_in_snap 165 | report["uninstalled_apps"] = uninstalled_apps 166 | return report 167 | 168 | def cmp_snapshot_settings(self): 169 | changed_keys = dict() 170 | 171 | with open(self.snapshot_file) as json_file: 172 | snap_settings = json.load(json_file)["settings"] 173 | 174 | current_global_settings = dict(x.split("=", 1) for x in 175 | self.adb_instance.get_all_settings_section("global").split("\n") if x.strip()) 176 | current_secure_settings = dict(x.split("=", 1) for x in 177 | self.adb_instance.get_all_settings_section("secure").split("\n") if x.strip()) 178 | current_system_settings = dict(x.split("=", 1) for x in 179 | self.adb_instance.get_all_settings_section("system").split("\n") if x.strip()) 180 | 181 | # Global settings 182 | changed_keys["global"] = [] 183 | 184 | for key in snap_settings["global"].keys(): 185 | if key in current_global_settings: 186 | current_value = current_global_settings[key] 187 | 188 | if current_value != snap_settings["global"][key]: 189 | changed_keys["global"].append(key) 190 | 191 | # Secure settings 192 | changed_keys["secure"] = [] 193 | for key in snap_settings["secure"]: 194 | if key in current_secure_settings: 195 | current_value = current_secure_settings[key] 196 | 197 | if current_value != snap_settings["secure"][key]: 198 | changed_keys["secure"].append(key) 199 | 200 | # System settings 201 | changed_keys["system"] = [] 202 | for key in snap_settings["system"]: 203 | if key in current_system_settings: 204 | current_value = current_system_settings[key] 205 | 206 | if current_value != snap_settings["system"][key]: 207 | changed_keys["system"].append(key) 208 | 209 | return changed_keys 210 | 211 | def snapshot_restore(self): 212 | 213 | with open(self.snapshot_file) as json_report: 214 | snap_apps = json.load(json_report)["apps"] 215 | 216 | with open(self.snapshot_file) as json_report: 217 | snap_settings = json.load(json_report)["settings"] 218 | 219 | snapshot_path = Path(self.snapshot_file).parent 220 | 221 | self.restore_report["apps"] = dict() 222 | self.restore_apps(snapshot_path, snap_apps) 223 | 224 | self.restore_report["settings"] = dict() 225 | self.restore_settings(snap_settings) 226 | 227 | return self.restore_report 228 | 229 | def __restore__(self, backup): 230 | thread_restore = Thread(target=self.adb_instance.restore, args=(backup,)) 231 | thread_restore.start() 232 | # password field 233 | self.adb_instance.send_keyevent(61) 234 | # DO NOT RESTORE 235 | self.adb_instance.send_keyevent(61) 236 | # RESTORE MY DATA 237 | self.adb_instance.send_keyevent(61) 238 | # Confirm 239 | self.adb_instance.send_keyevent(66) 240 | thread_restore.join() 241 | 242 | def restore_apps(self, snapshot_path, dict_apps): 243 | for app in dict_apps: 244 | self.restore_report["apps"][app] = dict() 245 | if "apk" in dict_apps[app].keys(): 246 | try: 247 | self.adb_instance.install_app(str(snapshot_path) + "/" + dict_apps[app]['apk']) 248 | self.restore_report["apps"][app]["install"] = "success" 249 | except Exception as e: 250 | self.restore_report["apps"][app]["install"] = "Failed: " + str(e) 251 | 252 | if "backup" in dict_apps[app].keys(): 253 | try: 254 | self.__restore__(str(snapshot_path) + "/" + dict_apps[app]['backup']) 255 | self.restore_report["apps"][app]["backup"] = "restored" 256 | except Exception as e: 257 | self.restore_report["apps"][app]["backup"] = "Failed :" + str(e) 258 | else: 259 | self.restore_report["apps"][app]["backup"] = "NOT FOUND" 260 | 261 | return self.restore_report 262 | 263 | def restore_contacts(self, contacts): 264 | return 265 | 266 | 267 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 | 4 | 5 | 6 |

7 | 8 |
9 | 10 |
11 | 12 | # AMDH 13 | Android Mobile Device Hardening written with python3. 14 | > Android version, PObY-A (Privacy Owned by You - Android), with malware and settings scans is available on the Play 15 | > Store and the source code can be found [HERE](https://github.com/ICTrust/PObY-A) 16 | 17 | 18 |
19 | 20 |
21 | 22 | ## Motivations 23 | AMDH was created to help automate scanning installed applications on Android devices, detect some known malware 24 | and also to protect privacy. 25 | 26 | ## Features 27 | - [x] Check and harden system's settings based on some CIS (Center of Internet Security) benchmark checks for Android 28 | devices and Android master's branch settings documentation 29 | ([Global settings](https://developer.android.com/reference/kotlin/android/provider/Settings.Global) and 30 | [Secure settings](https://developer.android.com/reference/kotlin/android/provider/Settings.Secure)) 31 | - [x] List current users processes and kill selected ones 32 | - [x] Analyze current installed applications on the device: 33 | - [x] list [dangerous permissions](https://developer.android.com/guide/topics/permissions/overview#dangerous_permissions) 34 | and revokes them 35 | - [x] compare with permissions used by malware 36 | - [x] generate report in JSON format 37 | - [x] List applications: 38 | - [x] uninstall/disable App 39 | - [x] revoke admins receivers 40 | - [x] Dumps APKs of installed applications 41 | - [x] Check if the system has pending updates 42 | - [x] Extract packed APKs if exists 43 | - [x] Static analysis for malware detection. Current detected malware: 44 | - [x] ActionSpy 45 | - [x] WolfRat 46 | - [x] Anubis 47 | - [x] Snapshot the current phone state to a JSON file: 48 | - [x] Applications: 49 | - [x] APK 50 | - [x] first install time 51 | - [x] last update time 52 | - [x] current permissions 53 | - [x] is the app device admin 54 | - [x] SMS: current SMS messages 55 | - [x] Contacts: current list of contacts 56 | - [x] Backup applications that has backup enabled 57 | - [x] Snapshots comparison with the current phone state 58 | - [x] Applications 59 | - [x] Settings 60 | - [ ] Restore Snapshot 61 | - [x] Applications 62 | - [ ] Contacts 63 | - [x] Manage multiple device at once (snapshot comparison and restore are not supported yet) 64 | - For each device a new thread is created 65 | - [ ] HTML report 66 | 67 | ## Requirement 68 | - Python3 69 | - Android Debug Bridge (ADB) installed 70 | - androguard 71 | - pwntools 72 | 73 | ## Installation 74 | ``` 75 | $ git clone https://github.com/SecTheTech/AMDH.git; cd AMDH 76 | $ python3 -m venv amdh 77 | $ source amdh/bin/activate 78 | (amdh) $ pip install -r requirement.txt 79 | ``` 80 | 81 | # Usage 82 | > Note: For Windows you have to specify the ADB path or edit the variable "adb_windows_path" in "config/main.py". 83 | 84 | > Warning: when using -l argument with enabled application '-t e', system apps will be listed. Uninstalling system Apps 85 | > can break your Android system. The use of 'disable' instead of 'uninstall' is recommended for system Apps. 86 | ``` 87 | $ python amdh.py -h 88 | usage: amdh.py [-h] [-d DEVICES] [-sS] [-sA] [-H] [-a ADB_PATH] [-t {e,d,3,s}] [-D APKS_DUMP_FOLDER] 89 | [-rar] [-R] [-l] [-P] [-S SNAPSHOT_DIR] [-cS SNAPSHOT_REPORT] [-rS SNAPSHOT_TO_RESTORE] [-o OUTPUT_DIR] 90 | 91 | Android Mobile Device Hardening 92 | 93 | optional arguments: 94 | -h, --help show this help message and exit 95 | -d DEVICES, --devices DEVICES 96 | list of devices separated by comma or "ALL" for all connected devices 97 | -sS Scan the system settings 98 | -sA Scan the installed applications 99 | -H Harden system settings /!\ Developer Options and ADB will be disabled /!\ 100 | -a ADB_PATH, --adb-path ADB_PATH 101 | Path to ADB binary 102 | -t {e,d,3,s} Type of applications: 103 | e: enabled Apps 104 | d: disabled Apps 105 | 3: Third party Apps 106 | s: System Apps 107 | -D APKS_DUMP_FOLDER, --dump-apks APKS_DUMP_FOLDER 108 | Dump APKs from device to APKS_DUMP_FOLDER directory 109 | -rar Remove admin receivers: Remove all admin receivers if the app is not a system App 110 | Scan application option "-sA" is required 111 | -R For each app revoke all dangerous permissions 112 | Scan application option "-sA" is required 113 | -l List numbered applications to disable, uninstall or analyze 114 | -P List current users processes 115 | -S SNAPSHOT_DIR, --snapshot SNAPSHOT_DIR 116 | Snapshot the current state of the phone to a json file and backup applications into SNAPSHOT_DIR 117 | -cS SNAPSHOT_REPORT, --cmp-snapshot SNAPSHOT_REPORT 118 | Compare SNAPSHOT_REPORT with the current phone state 119 | -rS SNAPSHOT_TO_RESTORE, --restore-snapshot SNAPSHOT_TO_RESTORE 120 | Restore SNAPSHOT_TO_RESTORE 121 | -o OUTPUT_DIR, --output-dir OUTPUT_DIR 122 | Output directory for reports and logs. Default: out 123 | ``` 124 | 125 | # Documentation & Help 126 | ## Tests & CIS version 127 | - Tested on Android 7.1.1, 8, 9 and 10 128 | - CIS version: 1.3.0 129 | 130 | ## Malware detection 131 | Compare the granted permissions with the permissions described in the file 132 | malware_perms.json. 133 | The file contains three nodes: 134 | - malware_only: permissions used by malware only 135 | - all: permissions used by malware and legitimate apps 136 | - combinations: permissions combinations used mostly by malware 137 | 138 | ### malware only permissions 139 | malware only permissions are those used only by malware. The malware analyzed are the ones from the repositories: 140 | - https://github.com/ashishb/android-malware 141 | - https://github.com/sk3ptre/AndroidMalware_2018 142 | - https://github.com/sk3ptre/AndroidMalware_2019 143 | - https://github.com/sk3ptre/AndroidMalware_2020 144 | - https://github.com/MalwareSamples/Android-Malware-Samples 145 | 146 | The command "aapt" was used to dump the permissions. The second part was to dump permissions of legitimate Apps 147 | (around 400 Apps). 148 | malware only permissions are the permissions that are used by malware and never appear in legitimate applications 149 | analyzed. 150 | 151 | ### All permissions 152 | All permissions are used by both malware and legitimate applications. The values are percentage of how much 153 | malware used these permissions comparing to legitimate Apps. 154 | 155 | ## Static Analysis 156 | - Find, dump and list dangerous permissions of packed APKs using androguard 157 | - Dump libraries and scan for known malware native functions using pwntools 158 | 159 | ## Snapshot 160 | Snapshot can help to monitor the system state and backup the phone data: 161 | - applications and their permissions 162 | - system settings 163 | - Contacts 164 | - SMS 165 | 166 | ## Known Issues 167 | - The command "pm revoke" return exit success code but does not revoke permissions for some malware. 168 | - Backup SMS may fail on some devices as the ADB shell does not have permission to access SMS database. 169 | In case is encountered, please create an issue. 170 | 171 | # Examples 172 | **Scan** 173 | - Scan applications 174 | ``` 175 | (amdh)$ python amdh.py -d SERIAL1,SERIAL2,SERIAL3 -sA -o reports 176 | ``` 177 | 178 | Two files are generated for each device in the folder "reports": 179 | - SERIAL.log 180 | - SERIAL_report_apps.json: JSON file that contains for each app its granted permissions, and those that are considered as dangerous. 181 | Each entry is as follows: 182 | ``` 183 | { 184 | "com.package.name": { 185 | "malware": true, 186 | "permissions": { 187 | "all_permissions": [ 188 | "com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE", 189 | "com.google.android.c2dm.permission.RECEIVE", 190 | "com.google.android.providers.gsf.permission.READ_GSERVICES", 191 | "android.permission.WRITE_SYNC_SETTINGS", 192 | "android.permission.RECEIVE_BOOT_COMPLETED", 193 | "android.permission.AUTHENTICATE_ACCOUNTS" 194 | ], 195 | "dangerous_perms": { 196 | "android.permission.ACCESS_FINE_LOCATION": "This app can get your location based on GPS or network location sources such as cell towers and Wi-Fi networks. These location services must be turned on and available on your phone for the app to be able to use them. This may increase battery consumption.", 197 | "android.permission.READ_EXTERNAL_STORAGE": "Allows the app to read the contents of your SD card.", 198 | "android.permission.ACCESS_COARSE_LOCATION": "This app can get your location based on network sources such as cell towers and Wi-Fi networks. These location services must be turned on and available on your phone for the app to be able to use them.", 199 | "android.permission.CAMERA": "This app can take pictures and record videos using the camera at any time.", 200 | "android.permission.WRITE_EXTERNAL_STORAGE": "Allows the app to write to the SD card." 201 | }, 202 | "is_device_admin": false, 203 | } 204 | } 205 | } 206 | ``` 207 | - Scan settings 208 | ``` 209 | (amdh)$ python amdh.py -sS 210 | ``` 211 | A report is generated with the name "SERIAL_report_settings.json" in the folder "out" (default output folder). 212 | 213 | 214 | **Harden** 215 | - applications hardening 216 | ``` 217 | (amdh)$ python amdh.py -sA -R -rar 218 | ``` 219 | Same report as scan Apps with addition of these two keys: 220 | ``` 221 | "is_device_admin_revoked": true, 222 | "revoked_dangerous_pemissions": "succeeded" 223 | ``` 224 | > The key `is_device_admin_revoked` will not be in the result if the app is not device admin 225 | 226 | - settings hardening 227 | ``` 228 | (amdh)$ python amdh.py -sS -H -o reports 229 | ``` 230 | A report and log file are generated in "reports" directory. 231 | 232 | **Static Analysis and multiple Apps uninstall/disable (interactive)** 233 | ``` 234 | (amdh)$ python amdh.py -l 235 | ``` 236 | 237 | **List current running user processes** 238 | ``` 239 | (amdh)$ python amdh.py -P -d SERIAL1,SERIAL2 240 | ``` 241 | 242 | **Snapshot** 243 | ``` 244 | (amdh)$ python amdh.py -S out 245 | [-] INFO: Start ... 246 | Unlock device SERIAL and press ENTER key to continue 247 | [-] INFO: Finished 248 | ``` 249 | The folder "out" will contains a subfolder "SERIAL_DATE-TIME". Where DATE-TIME is in the format "YYYY-MM-DD-hh:mm:ss". 250 | 251 | **Snapshot Comparison** 252 | ``` 253 | (amdh)$ python amdh.py -cS out/report.json 254 | [-] INFO: Start ... 255 | 256 | [-] INFO: Installed Apps after snapshot was taken 257 | {} 258 | [-] INFO: Apps exists in snapshot 259 | { 260 | "com.package.name1": { 261 | "firstInstallTime": "2020-07-06 18:53:07", 262 | "lastUpdateTime": "2020-07-06 18:53:07", 263 | "grantedPermissions": [ 264 | "com.google.android.c2dm.permission.RECEIVE", 265 | "android.permission.USE_CREDENTIALS", 266 | "android.permission.MODIFY_AUDIO_SETTINGS", 267 | "com.google.android.providers.gsf.permission.READ_GSERVICES", 268 | "android.permission.MANAGE_ACCOUNTS", 269 | "android.permission.NFC" 270 | ], 271 | "deviceAdmin": false, 272 | "apk": "com.package.name1.apk" 273 | }, 274 | "com.package.name2": { 275 | "firstInstallTime": "2020-07-10 23:57:53", 276 | "lastUpdateTime": "2020-07-10 23:57:53", 277 | "grantedPermissions": [ 278 | "android.permission.DOWNLOAD_WITHOUT_NOTIFICATION", 279 | "com.google.android.c2dm.permission.RECEIVE", 280 | "android.permission.USE_CREDENTIALS", 281 | "android.permission.MODIFY_AUDIO_SETTINGS", 282 | "org.thoughtcrime.securesms.ACCESS_SECRETS", 283 | "android.permission.ACCESS_NOTIFICATION_POLICY", 284 | "android.permission.CHANGE_NETWORK_STATE", 285 | "android.permission.FOREGROUND_SERVICE", 286 | "android.permission.WRITE_SYNC_SETTINGS" 287 | ], 288 | "deviceAdmin": false, 289 | "backup": "com.package.name2.ab", 290 | "apk": "com.package.name2.apk" 291 | } 292 | } 293 | [-] INFO: Uninstalled after snapshot was taken 294 | { 295 | "com.package.name3": { 296 | "firstInstallTime": "2020-07-18 07:56:44", 297 | "lastUpdateTime": "2020-07-18 07:56:44", 298 | "grantedPermissions": [ 299 | "android.permission.INTERNET", 300 | "android.permission.ACCESS_NETWORK_STATE" 301 | ], 302 | "deviceAdmin": false, 303 | "backup": "com.package.name3.ab", 304 | "apk": "com.package.name3.apk" 305 | } 306 | } 307 | [-] INFO: Changed settings after snapshot was taken 308 | { 309 | "global": [ 310 | "stay_on_while_plugged_in" 311 | ], 312 | "secure": [], 313 | "system": [] 314 | } 315 | ``` 316 | 317 | **Snapshot Restore : Apps** 318 | ``` 319 | (amdh)$ python amdh.py -d SERIAL -rS out/report.json 320 | [-] INFO: Start ... 321 | Unlock device SERIAL and press ENTER key to continue 322 | [-] INFO: Starting restore 323 | [-] INFO: Restore finished 324 | [-] INFO: Restore report 325 | { 326 | "apps": { 327 | { 328 | "com.package.name1": { 329 | "install": "success", 330 | "backup": "restored" 331 | }, 332 | "com.package.name2": { 333 | "install": "success", 334 | "backup": "NOT FOUND" 335 | }, 336 | "com.package.name3": { 337 | "install": "success", 338 | "backup": "restored" 339 | } 340 | } 341 | } 342 | } 343 | ``` 344 | 345 | ## Building the binary 346 | ``` 347 | (amdh) $ pip install pyinstaller 348 | (amdh) $ pyinstaller --clean amdh.spec 349 | ``` 350 | **Output binary:** `dist/amdh`. 351 | 352 | ## Participation and Ideas 353 | Thank you for the interesting of this project! If you have any ideas on how to improve this tool, please create new issue or send a pull request. 354 | -------------------------------------------------------------------------------- /amdh.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env -S python 2 | # -*- coding: utf-8 -*- 3 | 4 | import json 5 | from concurrent.futures import ThreadPoolExecutor, as_completed 6 | from datetime import datetime 7 | 8 | from core.settings import Settings 9 | from core.snapshot import Snapshot 10 | from core.app import App 11 | from utils.main_settings import * 12 | 13 | main_settings = MainSettings() 14 | 15 | 16 | def process_settings(adb_instance, device_id=""): 17 | if main_settings.harden: 18 | settings_check = Settings(SETTINGS_FILE, adb_instance, True, out=main_settings.out[device_id]) 19 | else: 20 | settings_check = Settings(SETTINGS_FILE, adb_instance, out=main_settings.out[device_id]) 21 | 22 | if main_settings.scan_settings: 23 | with open(f"{main_settings.output_dir}/{device_id}_report_settings.json", 'w') as fp: 24 | json.dump(settings_check.check(), fp, indent=4) 25 | 26 | main_settings.out["std"].print_info("Report generated: %s_report_settings.json" % device_id) 27 | 28 | 29 | def process_applications(adb_instance, device_id=""): 30 | packages = [] 31 | report_apps = {} 32 | 33 | if main_settings.app_type: 34 | packages = adb_instance.list_installed_packages(main_settings.app_type.value) 35 | try: 36 | for package in packages: 37 | if not main_settings.list_apps: 38 | main_settings.out[device_id].print_info(package) 39 | 40 | report_apps[package] = dict() 41 | app = App(adb_instance, package, main_settings.scan_applications, main_settings.dump_apks, 42 | main_settings.apks_dump_folder + "/" + device_id) 43 | 44 | perms, dangerous_perms, is_device_admin, known_malware = app.check_app() 45 | 46 | if known_malware: 47 | main_settings.out[device_id].print_error(f"{package} is known as malware") 48 | report_apps[package]["malware"] = True 49 | 50 | if main_settings.scan_applications: 51 | if len(dangerous_perms) and dangerous_perms.items(): 52 | main_settings.out[device_id].print_warning_header( 53 | "Package {} has some dangerous permissions: ".format(package)) 54 | 55 | for perm, desc in dangerous_perms.items(): 56 | main_settings.out[device_id].print_warning("\t " + perm + ": ") 57 | main_settings.out[device_id].print_warning("\t\t" + desc) 58 | 59 | report_apps[package]["permissions"] = dict() 60 | report_apps[package]["permissions"] = {"all_permissions": list(perms.keys()), 61 | "dangerous_perms": dangerous_perms} 62 | report_apps[package]["is_device_admin"] = is_device_admin 63 | 64 | else: 65 | main_settings.out[device_id].print_info("Package {} has no dangerous permissions".format(package)) 66 | 67 | if is_device_admin: 68 | message = f"/!\ \t {package} is device admin \t /!\ " 69 | padding = len(message) 70 | main_settings.out[device_id].print_warning("-" * padding) 71 | main_settings.out[device_id].print_warning(message) 72 | main_settings.out[device_id].print_warning("-" * padding) 73 | 74 | report_apps[package] = {"is_device_admin": is_device_admin} 75 | 76 | if main_settings.rm_admin_recv: 77 | removed, dpm = app.remove_device_admin_for_app() 78 | if removed: 79 | main_settings.out[device_id][package] = {"device_admin_revoked": True} 80 | main_settings.out[device_id].print_info( 81 | "Device admin receivers for {} removed\n".format(app.package_name)) 82 | else: 83 | main_settings.out[device_id].print_error( 84 | "An error occured while removing the device admin " + dpm + " .") 85 | 86 | # Revoke all Dangerous permissions 87 | if main_settings.revoke and app.dangerous_perms: 88 | succeeded = app.revoke_dangerous_perms() 89 | 90 | if succeeded: 91 | report_apps[package]["revoked_dangerous_pemissions"] = "succeeded" 92 | main_settings.out[device_id].print_info("Dangerous permissions revoked\n") 93 | else: 94 | main_settings.out[device_id].print_error(f"An error occured while revoking" 95 | "permission {perm} to package {app.package_name}") 96 | 97 | elif main_settings.revoke and not app.dangerous_perms: 98 | main_settings.out[device_id].print_info("No dangerous permissions granted for this package\n") 99 | 100 | main_settings.out[device_id].print_info( 101 | "----------------------------MALWARE SCAN--------------------------------") 102 | if app.score > 0: 103 | main_settings.out[device_id].print_high_warning( 104 | f'The application uses some permissions used also by malware. Percentage : {app.score}%') 105 | if app.malware_combination > 0: 106 | main_settings.out[device_id].print_high_warning(f'{str(app.malware_combination)} permissions ' 107 | f'combinations used also by malware') 108 | if app.malware_only_perms > 0: 109 | main_settings.out[device_id].print_high_warning(f'{str(app.malware_only_perms)} permissions ' 110 | f' used by malware only.') 111 | main_settings.out[device_id].print_info( 112 | "-----------------------------------------------------------------------------\n") 113 | except Exception as e: 114 | print(e) 115 | 116 | if main_settings.scan_applications: 117 | with open(f"{main_settings.output_dir}/{device_id}_report_apps.json", 'w') as fp: 118 | json.dump(report_apps, fp, indent=4) 119 | main_settings.out["std"].print_info("Report generated: %s_report_apps.json" % device_id) 120 | 121 | return report_apps 122 | 123 | 124 | def process_snapshot(adb_instance, device_id): 125 | main_settings.lock.acquire() 126 | input("Unlock the device %s and press ENTER key to continue" % device_id) 127 | # TODO: Check if device is unlocked 128 | # set stay_awake to 1 129 | adb_instance.content_insert_settings("global", "stay_on_while_plugged_in", "1", "i") 130 | 131 | main_settings.out["std"].print_info(f"Starting snapshot on {device_id}") 132 | 133 | if not os.path.isdir(main_settings.snapshot_dir): 134 | os.makedirs(main_settings.snapshot_dir) 135 | 136 | snapshot_path = main_settings.snapshot_dir + "/" + device_id + "_" + datetime.now().strftime('%Y-%m-%d-%H:%M:%S') 137 | 138 | if not os.path.isdir(snapshot_path): 139 | os.makedirs(snapshot_path) 140 | 141 | if main_settings.app_type: 142 | snapshot = Snapshot(adb_instance, main_settings.app_type.value, out_dir=snapshot_path) 143 | else: 144 | snapshot = Snapshot(adb_instance, out_dir=snapshot_path) 145 | report = snapshot.get_report() 146 | 147 | with open(snapshot_path + "/snapshot.json", 'w') as fp: 148 | json.dump(report, fp, indent=4) 149 | 150 | adb_instance.content_insert_settings("global", "stay_on_while_plugged_in", "0", "i") 151 | main_settings.out["std"].print_info(f"Snapshot {device_id} finished") 152 | main_settings.lock.release() 153 | 154 | 155 | def process_snapshot_cmp(adb_instance): 156 | cmp_report = Snapshot(adb_instance, snapshot_file=main_settings.snapshot_report, 157 | backup=main_settings.backup).snapshot_compare() 158 | 159 | main_settings.out["std"].print_info("Installed Apps after snapshot was taken") 160 | main_settings.out["std"].print(json.dumps(cmp_report["apps"]["new_installed_apps"], indent=4)) 161 | main_settings.out["std"].print_info("Apps exists in snapshot") 162 | print(json.dumps(cmp_report["apps"]["apps_exist_in_snap"], indent=4)) 163 | main_settings.out["std"].print_info("Uninstalled after snapshot was taken") 164 | print(json.dumps(cmp_report["apps"]["uninstalled_apps"], indent=4)) 165 | 166 | main_settings.out["std"].print_info("Changed settings after snapshot was taken") 167 | print(json.dumps(cmp_report["settings"], indent=4)) 168 | 169 | 170 | def process_snapshot_restore(adb_instance): 171 | input("Unlock your phone and press ENTER key to continue") 172 | 173 | adb_instance.content_insert_settings("global", "stay_on_while_plugged_in", "1", "i") 174 | main_settings.out["std"].print_info("Starting restore") 175 | restore_report = Snapshot(adb_instance, snapshot_file=main_settings.snap_to_restore, 176 | backup=False).snapshot_restore() 177 | 178 | adb_instance.content_insert_settings("global", "stay_on_while_plugged_in", "0", "i") 179 | main_settings.out["std"].print_info("Restore finished") 180 | 181 | main_settings.out["std"].print_info("Restore report") 182 | print(json.dumps(restore_report, indent=4)) 183 | 184 | 185 | def interactive_list_processes(adb_instance, device_id): 186 | main_settings.lock.acquire() 187 | process_choice_list = [] 188 | current_processes = adb_instance.list_backgroud_apps().split("\n") 189 | print("Current running user processes on the device %s" % device_id) 190 | 191 | for i in range(0, len(current_processes) - 1): 192 | print(" {}- {}".format(i + 1, current_processes[i])) 193 | 194 | print("") 195 | choice = input("Select id(s) of process(es) to kill (separated by comma ','): ") 196 | chosen_processes = choice.replace(" ", "").split(",") 197 | for c in chosen_processes: 198 | if c.isdigit() and (0 < int(c) < len(current_processes) + 1): 199 | process_choice_list = process_choice_list + [c] 200 | main_settings.lock.release() 201 | else: 202 | print("[X] ERROR: process does not exist") 203 | print("Exiting device %s" % device_id) 204 | main_settings.lock.release() 205 | return 206 | 207 | for proc in process_choice_list: 208 | adb_instance.force_stop_app(current_processes[int(proc) - 1]) 209 | 210 | 211 | def interactive_list_apps(adb_instance, device_id): 212 | main_settings.lock.acquire() 213 | if main_settings.app_type: 214 | packages = adb_instance.list_installed_packages(main_settings.app_type.value) 215 | if main_settings.app_type.value == 'e': 216 | print("Uninstalling or disabling system Apps can break your system") 217 | 218 | print("List of installed packages on device %s: " % device_id) 219 | nbr_listed_apps = 0 220 | apps_choice_list = [] 221 | for package in packages: 222 | if nbr_listed_apps < LIST_APPS_MAX_PRINT and \ 223 | packages.index(package) < (len(packages) - 1): 224 | print("\t[" + str(packages.index(package) + 1) + "] " + package) 225 | nbr_listed_apps = nbr_listed_apps + 1 226 | else: 227 | if packages.index(package) == (len(packages) - 1): 228 | print("\t[" + str(packages.index(package) + 1) + "] " + package) 229 | while True: 230 | choice = input("Select application(s) (separated by comma ','), 'c' to continue" 231 | " listing apps and 'A' for actions menu: ") 232 | if choice == 'c': 233 | nbr_listed_apps = 1 234 | break 235 | 236 | if choice == 'A': 237 | break 238 | 239 | else: 240 | chosen_apps = choice.replace(" ", "").split(",") 241 | for c in chosen_apps: 242 | if c.isdigit() and (0 < int(c) < len(packages) + 1): 243 | apps_choice_list = apps_choice_list + [c] 244 | 245 | else: 246 | print(f"option {c} does not exist") 247 | 248 | if choice == 'A': 249 | break 250 | 251 | if not len(apps_choice_list): 252 | print("No application selected") 253 | main_settings.lock.release() 254 | return 255 | 256 | while True: 257 | print("choose an action") 258 | print("\td: disable selected apps") 259 | print("\tu: uninstall selected apps") 260 | print("\ts: static analysis") 261 | print("\te: exit") 262 | print("") 263 | 264 | action = input("Action: ") 265 | action = action.replace(" ", "") 266 | 267 | if action == 'd' or action == 'u' or action == 'e': 268 | break 269 | elif action == 's': 270 | break 271 | else: 272 | print("ERROR: Invalid action") 273 | continue 274 | 275 | for id_app in apps_choice_list: 276 | if action == 'd': 277 | try: 278 | adb_instance.disable_app(packages[int(id_app) - 1]) 279 | main_settings.out["std"].print_success(packages[int(id_app) - 1] + " disabled") 280 | 281 | except Exception as e: 282 | main_settings.out["std"].print_error("An Error occurred while disabling " + packages[int(id_app) - 1]) 283 | 284 | elif action == 'u': 285 | try: 286 | adb_instance.uninstall_app(packages[int(id_app) - 1]) 287 | main_settings.out["std"].print_success(packages[int(id_app) - 1] + " uninstalled") 288 | 289 | except Exception as e: 290 | main_settings.out["std"].print_error( 291 | "An Error occurred while uninstalling " + packages[int(id_app) - 1]) 292 | 293 | elif action == 's': 294 | # TO-DO: Do analysis in other thread and log in file/DB 295 | app = App(adb_instance, packages[int(id_app) - 1], dump_apk=True, out_dir=main_settings.apks_dump_folder) 296 | main_settings.out["std"].print_info(f"Package {packages[int(id_app) - 1]}") 297 | package_info = app.static_analysis() 298 | print(package_info) 299 | main_settings.out["std"].print_info("\tMalware identification") 300 | 301 | for key, value in package_info["detected_malware"].items(): 302 | if value > 0: 303 | main_settings.out["std"].print_error("\t\t " + key + ": " + str(value) + " positives tests") 304 | else: 305 | main_settings.out["std"].print_info("\t\t " + key + ": " + str(value) + " positive test") 306 | 307 | if package_info and package_info["packed_file"] and \ 308 | package_info["packed_file"][packages[int(id_app) - 1]].keys(): 309 | 310 | main_settings.out["std"].print_info("\tPacked files") 311 | main_settings.out["std"].print_error( 312 | f"The package {packages[int(id_app) - 1]} has another Application (APK) inside") 313 | 314 | for file in package_info["packed_file"][packages[int(id_app) - 1]]: 315 | for perm in package_info["packed_file"][packages[int(id_app) - 1]][file]: 316 | main_settings.out["std"].print_error("\tDangerous Permission: " + perm) 317 | elif action == 'e': 318 | break 319 | 320 | main_settings.lock.release() 321 | 322 | 323 | def process(device_id): 324 | global main_settings 325 | 326 | result = {device_id: {}} 327 | 328 | adb_instance = ADB(main_settings.adb_path, device_id) 329 | 330 | main_settings.lock.acquire() 331 | main_settings.out[device_id] = Out(filename=f"{main_settings.output_dir}/{device_id}.log") 332 | main_settings.lock.release() 333 | 334 | if adb_instance.check_pending_update(): 335 | main_settings.out["std"].print_warning("%s: The system has a pending updates!" % device_id) 336 | main_settings.out[device_id].print_warning("%s: The system has a pending updates!" % device_id) 337 | 338 | if main_settings.scan_applications or main_settings.dump_apks or main_settings.list_apps: 339 | result[device_id]['apps'] = process_applications(adb_instance, device_id) 340 | 341 | if main_settings.scan_settings: 342 | process_settings(adb_instance, device_id) 343 | 344 | if main_settings.list_apps: 345 | interactive_list_apps(adb_instance, device_id) 346 | 347 | if main_settings.list_processes: 348 | interactive_list_processes(adb_instance, device_id) 349 | 350 | if main_settings.snapshot: 351 | process_snapshot(adb_instance, device_id) 352 | 353 | if main_settings.restore_snap: 354 | main_settings.set_output_std() 355 | process_snapshot_restore(adb_instance) 356 | 357 | if main_settings.cmp_snap: 358 | main_settings.set_output_std() 359 | process_snapshot_cmp(adb_instance) 360 | 361 | return result 362 | 363 | 364 | def check_device_up(devices): 365 | global main_settings 366 | connected_devices = ADB(main_settings.adb_path).list_devices() 367 | for device in devices: 368 | if device not in connected_devices.keys(): 369 | main_settings.out["std"].print_error(f"{device} not found") 370 | sys.exit(1) 371 | 372 | device_status = connected_devices[device] 373 | if "offline" in device_status or "unauthorized" in device_status \ 374 | or "no permissions" in device_status: 375 | main_settings.out["std"].print_error( 376 | f"The device {device} cannot be used. Reason: {connected_devices[device]}") 377 | sys.exit(1) 378 | 379 | 380 | def initializer(args): 381 | global main_settings 382 | main_settings.arguments = args 383 | main_settings.init_vars() 384 | 385 | 386 | def amdh(): 387 | global main_settings 388 | main_settings.args_parse() 389 | main_settings.init_vars() 390 | 391 | connected_devices = ADB(ADB_BINARY).list_devices() 392 | 393 | if len(main_settings.devices) == 0 or not main_settings.devices: 394 | if len(connected_devices) == 0: 395 | main_settings.out["std"].print_error("No device found") 396 | sys.exit(1) 397 | elif len(connected_devices) > 1: 398 | main_settings.out["std"].print_error("Please use -d to specify the devices to use") 399 | main_settings.out["std"].print_info("Current connected devices") 400 | for device in connected_devices: 401 | print(device) 402 | sys.exit(1) 403 | else: 404 | main_settings.devices.append(list(connected_devices.keys())[0]) 405 | 406 | check_device_up(main_settings.devices) 407 | 408 | main_settings.out["std"].print_info("Start ...") 409 | 410 | workers(main_settings) 411 | 412 | main_settings.set_output_std() 413 | main_settings.out["std"].print_info("Finished") 414 | 415 | 416 | def workers(settings): 417 | with ThreadPoolExecutor(max_workers=len(settings.devices)) as executor: 418 | results = {device: executor.submit(process, device) for device in settings.devices} 419 | 420 | return as_completed(results) 421 | 422 | 423 | if __name__ == "__main__": 424 | amdh() 425 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /config/malware_perms.json: -------------------------------------------------------------------------------- 1 | { 2 | "malware_only": 3 | { 4 | "GLOBAL_SEARCH_CONTROL": 100, 5 | "BROADCAST_SMS": 100, 6 | "USES_POLICY_FORCE_LOCK": 100, 7 | "CLEAR_APP_USER_DATA": 100, 8 | "STOP_APP_SWITCHES": 100, 9 | "DELETE_PACKAGES ": 100, 10 | "CAPTURE_VOICE_CALL": 100, 11 | "PERSISTENT_NAME": 100, 12 | "BROADCAST_PACKAGE_REMOVED": 100, 13 | "DELETE_CACHE_FILES": 100, 14 | "HARDWARE_TEST": 100, 15 | "ACCESS_COARSE_UPDATES": 100, 16 | "REAL_GET_TASKS ": 100, 17 | "ACCESS_CACHE_FILESYSTEM": 100, 18 | "ADD_SYSTEM_SERVICE": 100, 19 | "RIDE_EXTERNAL_STORAGE": 100, 20 | "CAN_REQUEST_TOUCH_EXPLORATION_MODE": 100, 21 | "BOOT_COMPLETED": 100, 22 | "GOOGLE_AUTH": 100, 23 | "FACTORY_TEST": 100, 24 | "PROCESS_INCOMING_CALLS": 100, 25 | "ACCESS_BACKGROUND_SERVICE": 100, 26 | "CAN_REQUEST_ENHANCED_WEB_ACCESSIBILITY": 100, 27 | "BIND_WALLPAPER": 100, 28 | "JPUSH_MESSAGE": 100, 29 | "STATUS_BAR_SERVICE": 100, 30 | "SET_ALWAYS_FINISH": 100, 31 | "CONTROL_LOCATION_UPDATES": 100, 32 | "FORCE_BACK": 100, 33 | "SET_ORIENTATION": 100, 34 | "MASTER_CLEAR": 100, 35 | "BRICK": 100, 36 | "SET_DEBUG_APP": 100, 37 | "REAL_GET_TASKS": 100, 38 | "READ_SECURE_SETTINGS": 100, 39 | "MOUNT_FORMAT_FILESYSTEMS": 100, 40 | "TEMPORARY_ENABLE_ACCESSIBILITY": 100, 41 | "SIGNAL_PERSISTENT_PROCESSES": 100, 42 | "ACCESS_LOCATION": 100, 43 | "READ_GSETTINGS": 100, 44 | "AUDIO_FILE_ACCESS": 100, 45 | "ACCESS_DRM": 100, 46 | "DIAGNOSTIC": 100, 47 | "RESTRICTED": 100, 48 | "MANAGE_APP_TOKENS": 100, 49 | "INSTALL_LOCATION_PROVIDER": 100, 50 | "SET_ANIMATION_SCALE": 100, 51 | "WRITE_GMAIL": 100, 52 | "RECEIVE_LAUNCH_BROADCASTS": 100, 53 | "ACTION_PACKAGE_INSTALL": 100, 54 | "SET_TIME": 100, 55 | "WRITE_GSETTINGS": 100, 56 | "OTHER_SERVICES": 100, 57 | "INTENT_VENDING_ONLY": 100, 58 | "READ_DATA": 100, 59 | "READ_ATTACHMENT_PREVIEW": 100, 60 | "ACTION_VIEW": 100, 61 | "FULL_SCREEN": 100, 62 | "ACCESS_COURSE_LOCATION": 100, 63 | "ACCESS_CHECKIN_PROPERTIES": 100, 64 | "ACCESS_MTK_MMHW": 100, 65 | "AUTO_SEND": 100, 66 | "CONTACT": 100, 67 | "BIND_INPUT_METHOD": 100, 68 | "SET_ACTIVITY_WATCHER": 100, 69 | "READ_INPUT_STATE": 100, 70 | "REQUEST_COMPANION_RUN_IN_BACKGROUND": 100, 71 | "mail": 100, 72 | "ACCESS_GPS": 100, 73 | "RECEIVE_FIRST_LOAD_BROADCAST": 100 74 | }, 75 | "all": { 76 | "INTERNET": { 77 | "malware": 103.8, 78 | "benign": 99.2 79 | }, 80 | "ACCESS_NETWORK_STATE": { 81 | "malware": 85.96, 82 | "benign": 98.67 83 | }, 84 | "WRITE_EXTERNAL_STORAGE": { 85 | "malware": 79.89, 86 | "benign": 78.25 87 | }, 88 | "READ_PHONE_STATE": { 89 | "malware": 73.62, 90 | "benign": 30.77 91 | }, 92 | "RECEIVE_BOOT_COMPLETED": { 93 | "malware": 57.5, 94 | "benign": 47.75 95 | }, 96 | "WRITE_SETTINGS": { 97 | "malware": 51.23, 98 | "benign": 43.24 99 | }, 100 | "WAKE_LOCK": { 101 | "malware": 50.85, 102 | "benign": 85.68 103 | }, 104 | "ACCESS_WIFI_STATE": { 105 | "malware": 48.39, 106 | "benign": 55.17 107 | }, 108 | "READ_CONTACTS": { 109 | "malware": 42.5, 110 | "benign": 24.4 111 | }, 112 | "SEND_SMS": { 113 | "malware": 40.61, 114 | "benign": 5.57 115 | }, 116 | "READ_SMS": { 117 | "malware": 39.09, 118 | "benign": 4.24 119 | }, 120 | "RECEIVE_SMS": { 121 | "malware": 38.14, 122 | "benign": 5.57 123 | }, 124 | "READ_EXTERNAL_STORAGE": { 125 | "malware": 37.57, 126 | "benign": 61.54 127 | }, 128 | "READ_SETTINGS": { 129 | "malware": 37.38, 130 | "benign": 69.5 131 | }, 132 | "VIBRATE": { 133 | "malware": 36.43, 134 | "benign": 51.99 135 | }, 136 | "GET_TASKS": { 137 | "malware": 30.36, 138 | "benign": 11.67 139 | }, 140 | "CALL_PHONE": { 141 | "malware": 30.17, 142 | "benign": 15.12 143 | }, 144 | "ACCESS_FINE_LOCATION": { 145 | "malware": 29.41, 146 | "benign": 38.2 147 | }, 148 | "WRITE_SMS": { 149 | "malware": 28.46, 150 | "benign": 3.18 151 | }, 152 | "CHANGE_WIFI_STATE": { 153 | "malware": 25.43, 154 | "benign": 11.94 155 | }, 156 | "ACCESS_COARSE_LOCATION": { 157 | "malware": 25.05, 158 | "benign": 35.01 159 | }, 160 | "SYSTEM_ALERT_WINDOW": { 161 | "malware": 24.86, 162 | "benign": 16.98 163 | }, 164 | "CAMERA": { 165 | "malware": 24.29, 166 | "benign": 38.99 167 | }, 168 | "RECORD_AUDIO": { 169 | "malware": 17.84, 170 | "benign": 27.06 171 | }, 172 | "PROCESS_OUTGOING_CALLS": { 173 | "malware": 16.51, 174 | "benign": 2.39 175 | }, 176 | "GET_ACCOUNTS": { 177 | "malware": 15.94, 178 | "benign": 27.59 179 | }, 180 | "INSTALL_SHORTCUT": { 181 | "malware": 15.75, 182 | "benign": 16.18 183 | }, 184 | "SET_WALLPAPER": { 185 | "malware": 14.99, 186 | "benign": 7.16 187 | }, 188 | "RECEIVE": { 189 | "malware": 14.99, 190 | "benign": 74.27 191 | }, 192 | "READ_CALL_LOG": { 193 | "malware": 12.33, 194 | "benign": 6.1 195 | }, 196 | "CHANGE_NETWORK_STATE": { 197 | "malware": 11.95, 198 | "benign": 8.49 199 | }, 200 | "RECEIVE_WAP_PUSH": { 201 | "malware": 11.57, 202 | "benign": 0.8 203 | }, 204 | "WRITE_APN_SETTINGS": { 205 | "malware": 11.57, 206 | "benign": 0.8 207 | }, 208 | "READ_HISTORY_BOOKMARKS": { 209 | "malware": 11.57, 210 | "benign": 3.45 211 | }, 212 | "MOUNT_UNMOUNT_FILESYSTEMS": { 213 | "malware": 10.63, 214 | "benign": 3.98 215 | }, 216 | "RECEIVE_MMS": { 217 | "malware": 10.44, 218 | "benign": 1.86 219 | }, 220 | "WRITE_CONTACTS": { 221 | "malware": 9.87, 222 | "benign": 11.94 223 | }, 224 | "EXPAND_STATUS_BAR": { 225 | "malware": 9.49, 226 | "benign": 2.65 227 | }, 228 | "KILL_BACKGROUND_PROCESSES": { 229 | "malware": 8.54, 230 | "benign": 2.12 231 | }, 232 | "REQUEST_IGNORE_BATTERY_OPTIMIZATIONS": { 233 | "malware": 8.54, 234 | "benign": 3.98 235 | }, 236 | "MODIFY_AUDIO_SETTINGS": { 237 | "malware": 8.54, 238 | "benign": 20.42 239 | }, 240 | "BIND_GET_INSTALL_REFERRER_SERVICE": { 241 | "malware": 8.35, 242 | "benign": 58.62 243 | }, 244 | "C2D_MESSAGE": { 245 | "malware": 8.35, 246 | "benign": 25.73 247 | }, 248 | "SET_WALLPAPER_HINTS": { 249 | "malware": 8.16, 250 | "benign": 2.92 251 | }, 252 | "DISABLE_KEYGUARD": { 253 | "malware": 8.16, 254 | "benign": 5.57 255 | }, 256 | "RESTART_PACKAGES": { 257 | "malware": 7.21, 258 | "benign": 1.86 259 | }, 260 | "BLUETOOTH": { 261 | "malware": 7.02, 262 | "benign": 19.36 263 | }, 264 | "READ_LOGS": { 265 | "malware": 7.02, 266 | "benign": 2.65 267 | }, 268 | "INSTALL_PACKAGES": { 269 | "malware": 7.02, 270 | "benign": 0.27 271 | }, 272 | "UNINSTALL_SHORTCUT": { 273 | "malware": 6.83, 274 | "benign": 6.1 275 | }, 276 | "GLOBAL_SEARCH_CONTROL": { 277 | "malware": 6.64, 278 | "benign": 0 279 | }, 280 | "MODIFY_PHONE_STATE": { 281 | "malware": 6.07, 282 | "benign": 1.06 283 | }, 284 | "REQUEST_INSTALL_PACKAGES": { 285 | "malware": 6.07, 286 | "benign": 13.79 287 | }, 288 | "PACKAGE_USAGE_STATS": { 289 | "malware": 5.5, 290 | "benign": 1.86 291 | }, 292 | "READ_CALENDAR": { 293 | "malware": 5.31, 294 | "benign": 3.98 295 | }, 296 | "FLASHLIGHT": { 297 | "malware": 4.74, 298 | "benign": 3.45 299 | }, 300 | "WRITE_CALL_LOG": { 301 | "malware": 4.55, 302 | "benign": 0.53 303 | }, 304 | "BLUETOOTH_ADMIN": { 305 | "malware": 4.17, 306 | "benign": 8.22 307 | }, 308 | "WRITE_HISTORY_BOOKMARKS": { 309 | "malware": 4.17, 310 | "benign": 1.33 311 | }, 312 | "DELETE_PACKAGES": { 313 | "malware": 4.17, 314 | "benign": 0.27 315 | }, 316 | "WRITE_SYNC_SETTINGS": { 317 | "malware": 3.98, 318 | "benign": 11.94 319 | }, 320 | "BILLING": { 321 | "malware": 3.98, 322 | "benign": 37.4 323 | }, 324 | "BIND_ACCESSIBILITY_SERVICE": { 325 | "malware": 3.8, 326 | "benign": 0.53 327 | }, 328 | "FOREGROUND_SERVICE": { 329 | "malware": 3.8, 330 | "benign": 34.48 331 | }, 332 | "AUTHENTICATE_ACCOUNTS": { 333 | "malware": 3.61, 334 | "benign": 13.0 335 | }, 336 | "READ_SYNC_SETTINGS": { 337 | "malware": 3.42, 338 | "benign": 11.94 339 | }, 340 | "USE_CREDENTIALS": { 341 | "malware": 3.23, 342 | "benign": 17.51 343 | }, 344 | "ACCESS_LOCATION_EXTRA_COMMANDS": { 345 | "malware": 3.04, 346 | "benign": 1.33 347 | }, 348 | "WRITE_SECURE_SETTINGS": { 349 | "malware": 2.85, 350 | "benign": 1.06 351 | }, 352 | "REBOOT": { 353 | "malware": 2.85, 354 | "benign": 0.53 355 | }, 356 | "BATTERY_STATS": { 357 | "malware": 2.85, 358 | "benign": 1.33 359 | }, 360 | "GET_PACKAGE_SIZE": { 361 | "malware": 2.85, 362 | "benign": 4.24 363 | }, 364 | "READ_GSERVICES": { 365 | "malware": 2.85, 366 | "benign": 19.36 367 | }, 368 | "SYSTEM_OVERLAY_WINDOW": { 369 | "malware": 2.85, 370 | "benign": 0.53 371 | }, 372 | "DEVICE_POWER": { 373 | "malware": 2.66, 374 | "benign": 0.8 375 | }, 376 | "MANAGE_ACCOUNTS": { 377 | "malware": 2.66, 378 | "benign": 15.12 379 | }, 380 | "READ_PROFILE": { 381 | "malware": 2.66, 382 | "benign": 8.49 383 | }, 384 | "CHANGE_BADGE": { 385 | "malware": 2.66, 386 | "benign": 14.32 387 | }, 388 | "READ": { 389 | "malware": 2.47, 390 | "benign": 18.04 391 | }, 392 | "WRITE": { 393 | "malware": 2.47, 394 | "benign": 16.45 395 | }, 396 | "BROADCAST_BADGE": { 397 | "malware": 2.47, 398 | "benign": 15.65 399 | }, 400 | "BROADCAST_STICKY": { 401 | "malware": 2.09, 402 | "benign": 6.9 403 | }, 404 | "CLEAR_APP_CACHE": { 405 | "malware": 2.09, 406 | "benign": 0.53 407 | }, 408 | "READ_FRAME_BUFFER": { 409 | "malware": 1.9, 410 | "benign": 0.27 411 | }, 412 | "STORAGE": { 413 | "malware": 1.9, 414 | "benign": 0.8 415 | }, 416 | "READ_APP_BADGE": { 417 | "malware": 1.9, 418 | "benign": 12.47 419 | }, 420 | "BADGE_COUNT_READ": { 421 | "malware": 1.9, 422 | "benign": 11.14 423 | }, 424 | "BADGE_COUNT_WRITE": { 425 | "malware": 1.9, 426 | "benign": 11.14 427 | }, 428 | "BROADCAST_SMS": { 429 | "malware": 1.9, 430 | "benign": 0 431 | }, 432 | "CHANGE_CONFIGURATION": { 433 | "malware": 1.71, 434 | "benign": 0.53 435 | }, 436 | "ACTIVITY_RECOGNITION": { 437 | "malware": 1.71, 438 | "benign": 3.45 439 | }, 440 | "UPDATE_SHORTCUT": { 441 | "malware": 1.71, 442 | "benign": 15.65 443 | }, 444 | "PROVIDER_INSERT_BADGE": { 445 | "malware": 1.71, 446 | "benign": 13.79 447 | }, 448 | "UPDATE_COUNT": { 449 | "malware": 1.71, 450 | "benign": 13.79 451 | }, 452 | "UPDATE_BADGE": { 453 | "malware": 1.71, 454 | "benign": 13.79 455 | }, 456 | "USES_POLICY_FORCE_LOCK": { 457 | "malware": 1.71, 458 | "benign": 0 459 | }, 460 | "ACCESS_NOTIFICATION_POLICY": { 461 | "malware": 1.52, 462 | "benign": 2.92 463 | }, 464 | "QUICKBOOT_POWERON": { 465 | "malware": 1.52, 466 | "benign": 1.33 467 | }, 468 | "WRITE_OWNER_DATA": { 469 | "malware": 1.33, 470 | "benign": 0.53 471 | }, 472 | "CAPTURE_AUDIO_OUTPUT": { 473 | "malware": 1.33, 474 | "benign": 0.27 475 | }, 476 | "STOP_APP_SWITCHES": { 477 | "malware": 1.33, 478 | "benign": 0 479 | }, 480 | "REORDER_TASKS": { 481 | "malware": 1.33, 482 | "benign": 2.65 483 | }, 484 | "CLEAR_APP_USER_DATA": { 485 | "malware": 1.33, 486 | "benign": 0 487 | }, 488 | "DELETE_PACKAGES ": { 489 | "malware": 1.14, 490 | "benign": 0 491 | }, 492 | "CAPTURE_VOICE_CALL": { 493 | "malware": 1.14, 494 | "benign": 0 495 | }, 496 | "DUMP": { 497 | "malware": 1.14, 498 | "benign": 0.53 499 | }, 500 | "SET_ALARM": { 501 | "malware": 1.14, 502 | "benign": 2.39 503 | }, 504 | "HARDWARE_TEST": { 505 | "malware": 0.95, 506 | "benign": 0 507 | }, 508 | "DELETE_CACHE_FILES": { 509 | "malware": 0.95, 510 | "benign": 0 511 | }, 512 | "READ_OWNER_DATA": { 513 | "malware": 0.95, 514 | "benign": 1.06 515 | }, 516 | "PERSISTENT_NAME": { 517 | "malware": 0.95, 518 | "benign": 0 519 | }, 520 | "ACCESS_MOCK_LOCATION": { 521 | "malware": 0.95, 522 | "benign": 0.53 523 | }, 524 | "BROADCAST_PACKAGE_REMOVED": { 525 | "malware": 0.95, 526 | "benign": 0 527 | }, 528 | "INJECT_EVENTS": { 529 | "malware": 0.95, 530 | "benign": 0.53 531 | }, 532 | "BIND_DEVICE_ADMIN": { 533 | "malware": 0.95, 534 | "benign": 0.27 535 | }, 536 | "WRITE_USE_APP_FEATURE_SURVEY": { 537 | "malware": 0.95, 538 | "benign": 3.71 539 | }, 540 | "CHECK_LICENSE": { 541 | "malware": 0.95, 542 | "benign": 3.18 543 | }, 544 | "STATUS_BAR": { 545 | "malware": 0.95, 546 | "benign": 0.27 547 | }, 548 | "RECEIVE_USER_PRESENT": { 549 | "malware": 0.95, 550 | "benign": 2.39 551 | }, 552 | "READ_SYNC_STATS": { 553 | "malware": 0.95, 554 | "benign": 5.84 555 | }, 556 | "ACTION_MANAGE_OVERLAY_PERMISSION": { 557 | "malware": 0.76, 558 | "benign": 0.53 559 | }, 560 | "BIND_APPWIDGET": { 561 | "malware": 0.76, 562 | "benign": 0.27 563 | }, 564 | "SET_PREFERRED_APPLICATIONS": { 565 | "malware": 0.76, 566 | "benign": 0.27 567 | }, 568 | "ACCESS_DOWNLOAD_MANAGER": { 569 | "malware": 0.76, 570 | "benign": 1.06 571 | }, 572 | "WRITE_CALENDAR": { 573 | "malware": 0.76, 574 | "benign": 2.65 575 | }, 576 | "CAPTURE_VIDEO_OUTPUT": { 577 | "malware": 0.76, 578 | "benign": 0.27 579 | }, 580 | "ACCESS_SURFACE_FLINGER": { 581 | "malware": 0.76, 582 | "benign": 0.27 583 | }, 584 | "CHANGE_WIFI_MULTICAST_STATE": { 585 | "malware": 0.76, 586 | "benign": 2.12 587 | }, 588 | "INTERNAL_SYSTEM_WINDOW": { 589 | "malware": 0.76, 590 | "benign": 0.27 591 | }, 592 | "CHANGE_COMPONENT_ENABLED_STATE": { 593 | "malware": 0.76, 594 | "benign": 0.27 595 | }, 596 | "ACCESS_COARSE_UPDATES": { 597 | "malware": 0.76, 598 | "benign": 0 599 | }, 600 | "ACCESS_CACHE_FILESYSTEM": { 601 | "malware": 0.57, 602 | "benign": 0 603 | }, 604 | "READ_SOCIAL_STREAM": { 605 | "malware": 0.57, 606 | "benign": 0.53 607 | }, 608 | "CAN_REQUEST_TOUCH_EXPLORATION_MODE": { 609 | "malware": 0.57, 610 | "benign": 0 611 | }, 612 | "CAN_REQUEST_ENHANCED_WEB_ACCESSIBILITY": { 613 | "malware": 0.57, 614 | "benign": 0 615 | }, 616 | "RIDE_EXTERNAL_STORAGE": { 617 | "malware": 0.57, 618 | "benign": 0 619 | }, 620 | "USE_FINGERPRINT": { 621 | "malware": 0.57, 622 | "benign": 12.47 623 | }, 624 | "BIND_NOTIFICATION_LISTENER_SERVICE": { 625 | "malware": 0.57, 626 | "benign": 0.53 627 | }, 628 | "SEND_DOWNLOAD_COMPLETED_INTENTS": { 629 | "malware": 0.57, 630 | "benign": 0.53 631 | }, 632 | "FACTORY_TEST": { 633 | "malware": 0.57, 634 | "benign": 0 635 | }, 636 | "BOOT_COMPLETED": { 637 | "malware": 0.57, 638 | "benign": 0 639 | }, 640 | "ACCESS_BACKGROUND_SERVICE": { 641 | "malware": 0.57, 642 | "benign": 0 643 | }, 644 | "PROCESS_INCOMING_CALLS": { 645 | "malware": 0.57, 646 | "benign": 0 647 | }, 648 | "BIND_WALLPAPER": { 649 | "malware": 0.57, 650 | "benign": 0 651 | }, 652 | "PERSISTENT_ACTIVITY": { 653 | "malware": 0.57, 654 | "benign": 1.06 655 | }, 656 | "SUBSCRIBED_FEEDS_READ": { 657 | "malware": 0.57, 658 | "benign": 0.8 659 | }, 660 | "SUBSCRIBED_FEEDS_WRITE": { 661 | "malware": 0.57, 662 | "benign": 0.8 663 | }, 664 | "REAL_GET_TASKS ": { 665 | "malware": 0.57, 666 | "benign": 0 667 | }, 668 | "GOOGLE_AUTH": { 669 | "malware": 0.57, 670 | "benign": 0 671 | }, 672 | "ADD_SYSTEM_SERVICE": { 673 | "malware": 0.57, 674 | "benign": 0 675 | }, 676 | "ACCESS_SUPERUSER": { 677 | "malware": 0.57, 678 | "benign": 1.33 679 | }, 680 | "READ_SECURE_SETTINGS": { 681 | "malware": 0.38, 682 | "benign": 0 683 | }, 684 | "MAPS_RECEIVE": { 685 | "malware": 0.38, 686 | "benign": 2.39 687 | }, 688 | "TEMPORARY_ENABLE_ACCESSIBILITY": { 689 | "malware": 0.38, 690 | "benign": 0 691 | }, 692 | "ACCESS_DOWNLOAD_MANAGER_ADVANCED": { 693 | "malware": 0.38, 694 | "benign": 0.53 695 | }, 696 | "REAL_GET_TASKS": { 697 | "malware": 0.38, 698 | "benign": 0 699 | }, 700 | "STATUS_BAR_SERVICE": { 701 | "malware": 0.38, 702 | "benign": 0 703 | }, 704 | "DOWNLOAD_WITHOUT_NOTIFICATION": { 705 | "malware": 0.38, 706 | "benign": 6.63 707 | }, 708 | "WRITE_PROFILE": { 709 | "malware": 0.38, 710 | "benign": 0.8 711 | }, 712 | "BROADCAST_WAP_PUSH": { 713 | "malware": 0.38, 714 | "benign": 0.27 715 | }, 716 | "CONTROL_LOCATION_UPDATES": { 717 | "malware": 0.38, 718 | "benign": 0 719 | }, 720 | "SET_TIME_ZONE": { 721 | "malware": 0.38, 722 | "benign": 0.27 723 | }, 724 | "MOUNT_FORMAT_FILESYSTEMS": { 725 | "malware": 0.38, 726 | "benign": 0 727 | }, 728 | "SIGNAL_PERSISTENT_PROCESSES": { 729 | "malware": 0.38, 730 | "benign": 0 731 | }, 732 | "MASTER_CLEAR": { 733 | "malware": 0.38, 734 | "benign": 0 735 | }, 736 | "BRICK": { 737 | "malware": 0.38, 738 | "benign": 0 739 | }, 740 | "ACCOUNT_MANAGER": { 741 | "malware": 0.38, 742 | "benign": 0.27 743 | }, 744 | "SET_ALWAYS_FINISH": { 745 | "malware": 0.38, 746 | "benign": 0 747 | }, 748 | "CALL_PRIVILEGED": { 749 | "malware": 0.38, 750 | "benign": 0.8 751 | }, 752 | "WRITE_GSERVICES": { 753 | "malware": 0.38, 754 | "benign": 0.53 755 | }, 756 | "FORCE_BACK": { 757 | "malware": 0.38, 758 | "benign": 0 759 | }, 760 | "SET_ORIENTATION": { 761 | "malware": 0.38, 762 | "benign": 0 763 | }, 764 | "SET_DEBUG_APP": { 765 | "malware": 0.38, 766 | "benign": 0 767 | }, 768 | "WRITE_INTERNAL_STORAGE": { 769 | "malware": 0.38, 770 | "benign": 0.27 771 | }, 772 | "WRITE_SOCIAL_STREAM": { 773 | "malware": 0.38, 774 | "benign": 0.53 775 | }, 776 | "MIPUSH_RECEIVE": { 777 | "malware": 0.38, 778 | "benign": 0.53 779 | }, 780 | "ACCESS_LAUNCHER_DATA": { 781 | "malware": 0.38, 782 | "benign": 0.27 783 | }, 784 | "JPUSH_MESSAGE": { 785 | "malware": 0.38, 786 | "benign": 0 787 | }, 788 | "RECEIVE_LAUNCH_BROADCASTS": { 789 | "malware": 0.19, 790 | "benign": 0 791 | }, 792 | "RECEIVE_FIRST_LOAD_BROADCAST": { 793 | "malware": 0.19, 794 | "benign": 0 795 | }, 796 | "camera": { 797 | "malware": 0.19, 798 | "benign": 0.27 799 | }, 800 | "MANAGE_OWN_CALLS": { 801 | "malware": 0.19, 802 | "benign": 4.51 803 | }, 804 | "BIND_JOB_SERVICE": { 805 | "malware": 0.19, 806 | "benign": 0.27 807 | }, 808 | "ACCESS_DRM": { 809 | "malware": 0.19, 810 | "benign": 0 811 | }, 812 | "INSTALL_DRM": { 813 | "malware": 0.19, 814 | "benign": 0.8 815 | }, 816 | "ACCESS_GPS": { 817 | "malware": 0.19, 818 | "benign": 0 819 | }, 820 | "ACCESS_LOCATION": { 821 | "malware": 0.19, 822 | "benign": 0 823 | }, 824 | "WRITE_EXTERNAL_STORAGE' maxSdkVersion='18": { 825 | "malware": 0.19, 826 | "benign": 0.27 827 | }, 828 | "USE_FULL_SCREEN_INTENT": { 829 | "malware": 0.19, 830 | "benign": 5.04 831 | }, 832 | "MANAGE_USERS": { 833 | "malware": 0.19, 834 | "benign": 0.53 835 | }, 836 | "REQUEST_COMPANION_RUN_IN_BACKGROUND": { 837 | "malware": 0.19, 838 | "benign": 0 839 | }, 840 | "ACCESS_COURSE_LOCATION": { 841 | "malware": 0.19, 842 | "benign": 0 843 | }, 844 | "REQUEST_DELETE_PACKAGES": { 845 | "malware": 0.19, 846 | "benign": 0.27 847 | }, 848 | "ACCESS_WIMAX_STATE": { 849 | "malware": 0.19, 850 | "benign": 0.27 851 | }, 852 | "READ_CELL_BROADCASTS": { 853 | "malware": 0.19, 854 | "benign": 0.27 855 | }, 856 | "READ_USER_DICTIONARY": { 857 | "malware": 0.19, 858 | "benign": 0.53 859 | }, 860 | "WRITE_USER_DICTIONARY": { 861 | "malware": 0.19, 862 | "benign": 0.8 863 | }, 864 | "WRITE_MEDIA_STORAGE": { 865 | "malware": 0.19, 866 | "benign": 0.8 867 | }, 868 | "PERMISSION": { 869 | "malware": 0.19, 870 | "benign": 0.53 871 | }, 872 | "BIND_INPUT_METHOD": { 873 | "malware": 0.19, 874 | "benign": 0 875 | }, 876 | "ACCESS_CHECKIN_PROPERTIES": { 877 | "malware": 0.19, 878 | "benign": 0 879 | }, 880 | "READ_INPUT_STATE": { 881 | "malware": 0.19, 882 | "benign": 0 883 | }, 884 | "DIAGNOSTIC": { 885 | "malware": 0.19, 886 | "benign": 0 887 | }, 888 | "GLOBAL_SEARCH": { 889 | "malware": 0.19, 890 | "benign": 0.27 891 | }, 892 | "MANAGE_APP_TOKENS": { 893 | "malware": 0.19, 894 | "benign": 0 895 | }, 896 | "SET_ACTIVITY_WATCHER": { 897 | "malware": 0.19, 898 | "benign": 0 899 | }, 900 | "INSTALL_LOCATION_PROVIDER": { 901 | "malware": 0.19, 902 | "benign": 0 903 | }, 904 | "UPDATE_DEVICE_STATS": { 905 | "malware": 0.19, 906 | "benign": 0.27 907 | }, 908 | "SET_ANIMATION_SCALE": { 909 | "malware": 0.19, 910 | "benign": 0 911 | }, 912 | "SET_PROCESS_LIMIT": { 913 | "malware": 0.19, 914 | "benign": 0.27 915 | }, 916 | "NFC": { 917 | "malware": 0.19, 918 | "benign": 6.1 919 | }, 920 | "INTENT_VENDING_ONLY": { 921 | "malware": 0.19, 922 | "benign": 0 923 | }, 924 | "READ_DATABASE": { 925 | "malware": 0.19, 926 | "benign": 0.53 927 | }, 928 | "WRITE_DATABASE": { 929 | "malware": 0.19, 930 | "benign": 0.53 931 | }, 932 | "READ_ATTACHMENT_PREVIEW": { 933 | "malware": 0.19, 934 | "benign": 0 935 | }, 936 | "READ_GMAIL": { 937 | "malware": 0.19, 938 | "benign": 0.53 939 | }, 940 | "WRITE_GMAIL": { 941 | "malware": 0.19, 942 | "benign": 0 943 | }, 944 | "mail": { 945 | "malware": 0.19, 946 | "benign": 0 947 | }, 948 | "AUTO_SEND": { 949 | "malware": 0.19, 950 | "benign": 0 951 | }, 952 | "AUDIO_FILE_ACCESS": { 953 | "malware": 0.19, 954 | "benign": 0 955 | }, 956 | "GET_TASKS' maxSdkVersion='23": { 957 | "malware": 0.19, 958 | "benign": 0 959 | }, 960 | "INTERACT_ACROSS_USERS": { 961 | "malware": 0.19, 962 | "benign": 0.27 963 | }, 964 | "CONTACT": { 965 | "malware": 0.19, 966 | "benign": 0 967 | }, 968 | "MANAGE_DOCUMENTS": { 969 | "malware": 0.19, 970 | "benign": 1.06 971 | }, 972 | "GET_ACCOUNTS_PRIVILEGED": { 973 | "malware": 0.19, 974 | "benign": 0.27 975 | }, 976 | "CAPTURE_SECURE_VIDEO_OUTPUT": { 977 | "malware": 0.19, 978 | "benign": 0.27 979 | }, 980 | "BODY_SENSORS": { 981 | "malware": 0.19, 982 | "benign": 0.27 983 | }, 984 | "ACCESS_BLUETOOTH_SHARE": { 985 | "malware": 0.19, 986 | "benign": 0.27 987 | }, 988 | "SET_TIME": { 989 | "malware": 0.19, 990 | "benign": 0 991 | }, 992 | "USE_SIP": { 993 | "malware": 0.19, 994 | "benign": 0.27 995 | }, 996 | "AD_ID_NOTIFICATION": { 997 | "malware": 0.19, 998 | "benign": 0.27 999 | }, 1000 | "READ_ONLY": { 1001 | "malware": 0.19, 1002 | "benign": 0.27 1003 | }, 1004 | "WRITE_ONLY": { 1005 | "malware": 0.19, 1006 | "benign": 0.27 1007 | }, 1008 | "ACCESS_MTK_MMHW": { 1009 | "malware": 0.19, 1010 | "benign": 0 1011 | }, 1012 | "RAISED_THREAD_PRIORITY": { 1013 | "malware": 0.19, 1014 | "benign": 1.06 1015 | }, 1016 | "READ_GSETTINGS": { 1017 | "malware": 0.19, 1018 | "benign": 0 1019 | }, 1020 | "WRITE_GSETTINGS": { 1021 | "malware": 0.19, 1022 | "benign": 0 1023 | }, 1024 | "ACTION_PACKAGE_INSTALL": { 1025 | "malware": 0.19, 1026 | "benign": 0 1027 | }, 1028 | "OTHER_SERVICES": { 1029 | "malware": 0.19, 1030 | "benign": 0 1031 | }, 1032 | "RESTRICTED": { 1033 | "malware": 0.19, 1034 | "benign": 0 1035 | }, 1036 | "READ_DATA": { 1037 | "malware": 0.19, 1038 | "benign": 0 1039 | }, 1040 | "FORCE_STOP_PACKAGES": { 1041 | "malware": 0.19, 1042 | "benign": 0.27 1043 | }, 1044 | "ACTION_VIEW": { 1045 | "malware": 0.19, 1046 | "benign": 0 1047 | }, 1048 | "FULL_SCREEN": { 1049 | "malware": 0.19, 1050 | "benign": 0 1051 | } 1052 | }, 1053 | "combinations": 1054 | { 1055 | "2": [ 1056 | { 1057 | "permissions": [ 1058 | "INTERNET", 1059 | "READ_SMS" 1060 | ] 1061 | }, 1062 | { 1063 | "permissions": [ 1064 | "READ_PHONE_STATE", 1065 | "INTERNET" 1066 | ] 1067 | }, 1068 | { 1069 | "permissions": [ 1070 | "READ_PHONE_STATE", 1071 | "ACCESS_WIFI_STATE" 1072 | ] 1073 | } 1074 | ], 1075 | "3": [ 1076 | { 1077 | "permissions": [ 1078 | "ACCESS_NETWORK_STATE", 1079 | "INTERNET", 1080 | "READ_SMS" 1081 | ] 1082 | }, 1083 | { 1084 | "permissions": [ 1085 | "ACCESS_WIFI_STATE", 1086 | "READ_PHONE_STATE", 1087 | "INTERNET" 1088 | ] 1089 | }, 1090 | { 1091 | "permissions": [ 1092 | "READ_PHONE_STATE", 1093 | "READ_SMS", 1094 | "INTERNET" 1095 | ] 1096 | }, 1097 | { 1098 | "permissions": [ 1099 | "ACCESS_NETWORK_STATE", 1100 | "READ_SMS", 1101 | "INTERNET" 1102 | ] 1103 | }, 1104 | { 1105 | "permissions": [ 1106 | "READ_PHONE_STATE", 1107 | "ACCESS_NETWORK_STATE", 1108 | "INTERNET" 1109 | ] 1110 | }, 1111 | { 1112 | "permissions": [ 1113 | "READ_PHONE_STATE", 1114 | "ACCESS_NETWORK_STATE", 1115 | "READ_SMS" 1116 | ] 1117 | } 1118 | ], 1119 | "4": [ 1120 | { 1121 | "permissions": [ 1122 | "ACCESS_NETWORK_STATE", 1123 | "INTERNET", 1124 | "ACCESS_WIFI_STATE", 1125 | "READ_PHONE_STATE" 1126 | ] 1127 | }, 1128 | { 1129 | "permissions": [ 1130 | "ACCESS_NETWORK_STATE", 1131 | "INTERNET", 1132 | "READ_SMS", 1133 | "READ_PHONE_STATE" 1134 | ] 1135 | }, 1136 | { 1137 | "permissions": [ 1138 | "READ_PHONE_STATE", 1139 | "INTERNET", 1140 | "WRITE_SMS", 1141 | "READ_SMS" 1142 | ] 1143 | }, 1144 | { 1145 | "permissions": [ 1146 | "ACCESS_NETWORK_STATE", 1147 | "INTERNET", 1148 | "WRITE_SMS", 1149 | "READ_SMS" 1150 | ] 1151 | }, 1152 | { 1153 | "permissions": [ 1154 | "ACCESS_NETWORK_STATE", 1155 | "INTERNET", 1156 | "ACCESS_WIFI_STATE", 1157 | "READ_PHONE_STATE" 1158 | ] 1159 | } 1160 | ], 1161 | "5": [ 1162 | { 1163 | "permissions": [ 1164 | "ACCESS_NETWORK_STATE", 1165 | "INTERNET", 1166 | "READ_PHONE_STATE", 1167 | "READ_SMS", 1168 | "WRITE_SMS" 1169 | ] 1170 | }, 1171 | { 1172 | "permissions": [ 1173 | "ACCESS_NETWORK_STATE", 1174 | "ACCESS_WIFI_STATE", 1175 | "INTERNET", 1176 | "READ_PHONE_STATE", 1177 | "WRITE EXTERNAL STORAGE" 1178 | ] 1179 | }, 1180 | { 1181 | "permissions": [ 1182 | "ACCESS_NETWORK_STATE", 1183 | "ACCESS_WIFI_STATE", 1184 | "INTERNET", 1185 | "READ_PHONE_STATE", 1186 | "RECEIVE_BOOT_COMPLETED" 1187 | ] 1188 | }, 1189 | { 1190 | "permissions": [ 1191 | "ACCESS_NETWORK_STATE", 1192 | "ACCESS_WIFI_STATE", 1193 | "INTERNET", 1194 | "READ_PHONE_STATE", 1195 | "READ_SMS" 1196 | ] 1197 | }, 1198 | { 1199 | "permissions": [ 1200 | "ACCESS_NETWORK_STATE", 1201 | "ACCESS_WIFI_STATE", 1202 | "INTERNET", 1203 | "WRITE_SMS", 1204 | "READ_SMS" 1205 | ] 1206 | } 1207 | ], 1208 | "6": 1209 | [ 1210 | { 1211 | "permissions": [ 1212 | "ACCESS_NETWORK_STATE", 1213 | "ACCESS_WIFI_STATE", 1214 | "INTERNET", 1215 | "READ_PHONE_STATE", 1216 | "READ_SMS", 1217 | "WRITE_SMS" 1218 | ] 1219 | }, 1220 | { 1221 | "permissions": [ 1222 | "ACCESS_NETWORK_STATE", 1223 | "ACCESS_WIFI_STATE", 1224 | "WRITE_SMS", 1225 | "INTERNET", 1226 | "READ_PHONE_STATE", 1227 | "WRITE_EXTERNAL_STORAGE" 1228 | ] 1229 | }, 1230 | { 1231 | "permissions": [ 1232 | "ACCESS_NETWORK_STATE", 1233 | "READ_SMS", 1234 | "WRITE_SMS", 1235 | "INTERNET", 1236 | "READ_PHONE_STATE", 1237 | "VIBRATE" 1238 | ] 1239 | }, 1240 | { 1241 | "permissions": [ 1242 | "ACCESS_NETWORK_STATE", 1243 | "READ_SMS", 1244 | "WRITE_SMS", 1245 | "SEND_SMS" , 1246 | "INTERNET", 1247 | "READ_PHONE_STATE"] 1248 | }, 1249 | { 1250 | "permissions": [ 1251 | "ACCESS_NETWORK_STATE", 1252 | "READ_PHONE_STATE", 1253 | "INTERNET", 1254 | "RECEIVE_SMS", 1255 | "SEND_SMS", 1256 | "READ_SMS" 1257 | ] 1258 | } 1259 | ] 1260 | } 1261 | } --------------------------------------------------------------------------------