├── Apache_License_2.0.txt ├── DB_and_virustotal_submission ├── MalwareAnalysisDBProject │ ├── .classpath │ ├── .project │ ├── .settings │ │ ├── org.eclipse.jdt.core.prefs │ │ └── org.eclipse.ltk.core.refactoring.prefs │ ├── ResultsComparisonAntimalware_bf.html │ ├── ResultsComparisonAntimalware_bf_flows.html │ ├── ResultsComparisonAntimalware_wf.html │ ├── ResultsComparisonAntimalware_wf_flows.html │ ├── ResultsComparisonFamily_bf.html │ ├── ResultsComparisonMalware_bf.html │ ├── ResultsComparisonMalware_flows_bf.html │ ├── ResultsMalwarePre.html │ ├── bin │ │ ├── .classpath │ │ ├── .project │ │ ├── .settings │ │ │ ├── org.eclipse.jdt.core.prefs │ │ │ └── org.eclipse.ltk.core.refactoring.prefs │ │ ├── ResultsComparisonAntimalware_bf.html │ │ ├── ResultsComparisonAntimalware_bf_flows.html │ │ ├── ResultsComparisonAntimalware_wf.html │ │ ├── ResultsComparisonAntimalware_wf_flows.html │ │ ├── ResultsComparisonFamily_bf.html │ │ ├── ResultsComparisonMalware_bf.html │ │ ├── ResultsComparisonMalware_flows_bf.html │ │ ├── com │ │ │ └── progetto_sicurezza │ │ │ │ ├── dao │ │ │ │ ├── AntiMalwareDao.class │ │ │ │ ├── MalwareDao.class │ │ │ │ ├── MalwareFamilyDao.class │ │ │ │ ├── ScanPostTransDao.class │ │ │ │ ├── ScanPreTransDao.class │ │ │ │ └── test │ │ │ │ │ └── TestDao.class │ │ │ │ ├── dbconfig │ │ │ │ └── DBConfiguration.class │ │ │ │ ├── model │ │ │ │ ├── AntiMalware.class │ │ │ │ ├── Malware.class │ │ │ │ ├── MalwareFamily.class │ │ │ │ ├── ScanPostTrans.class │ │ │ │ └── ScanPreTrans.class │ │ │ │ ├── parser │ │ │ │ └── malware │ │ │ │ │ └── Parser.class │ │ │ │ ├── ui │ │ │ │ ├── HtmlReporterComparison.class │ │ │ │ ├── HtmlReporterPre.class │ │ │ │ ├── HtmlSearcher.class │ │ │ │ ├── InterfaceUI$1MyActionListener.class │ │ │ │ └── InterfaceUI.class │ │ │ │ └── virusTotal │ │ │ │ ├── AddComment.class │ │ │ │ ├── ApiDetails.class │ │ │ │ ├── GetDomainReport.class │ │ │ │ ├── GetFileScanReport.class │ │ │ │ ├── GetIPAddressReport.class │ │ │ │ ├── GetUrlReport.class │ │ │ │ ├── ScanFile.class │ │ │ │ ├── ScanUrls.class │ │ │ │ └── VirusScan.class │ │ └── lib │ │ │ ├── gson-2.2.4.jar │ │ │ ├── httpcore-4.2.3.jar │ │ │ ├── httpcore-osgi-4.3-beta2.jar │ │ │ ├── httpmime-4.3.jar │ │ │ ├── junit-4.7.jar │ │ │ ├── mockito-1.8.0.jar │ │ │ ├── mysql-connector-java-5.1.32-bin.jar │ │ │ └── vt.jar │ ├── lib │ │ ├── gson-2.2.4.jar │ │ ├── httpcore-4.2.3.jar │ │ ├── httpcore-osgi-4.3-beta2.jar │ │ ├── httpmime-4.3.jar │ │ ├── junit-4.7.jar │ │ ├── mockito-1.8.0.jar │ │ ├── mysql-connector-java-5.1.32-bin.jar │ │ └── vt.jar │ └── src │ │ └── com │ │ └── progetto_sicurezza │ │ ├── dao │ │ ├── AntiMalwareDao.java │ │ ├── MalwareDao.java │ │ ├── MalwareFamilyDao.java │ │ ├── ScanPostTransDao.java │ │ ├── ScanPreTransDao.java │ │ └── test │ │ │ └── TestDao.java │ │ ├── dbconfig │ │ └── DBConfiguration.java │ │ ├── model │ │ ├── AntiMalware.java │ │ ├── Malware.java │ │ ├── MalwareFamily.java │ │ ├── ScanPostTrans.java │ │ └── ScanPreTrans.java │ │ ├── parser │ │ └── malware │ │ │ └── Parser.java │ │ ├── ui │ │ ├── HtmlReporterComparison.java │ │ ├── HtmlReporterPre.java │ │ ├── HtmlSearcher.java │ │ └── InterfaceUI.java │ │ └── virusTotal │ │ ├── AddComment.java │ │ ├── ApiDetails.java │ │ ├── GetDomainReport.java │ │ ├── GetFileScanReport.java │ │ ├── GetIPAddressReport.java │ │ ├── GetUrlReport.java │ │ ├── ScanFile.java │ │ ├── ScanUrls.java │ │ └── VirusScan.java ├── README.txt └── malware_data_collection.sql ├── README.md ├── framework sources ├── Alan │ ├── .classpath │ ├── .project │ ├── apktool │ │ ├── AndroidManifest.xml │ │ ├── aapt.exe │ │ ├── apktool.bat │ │ └── apktool.jar │ ├── bin │ │ ├── GestoreCheckBoxPackageName.class │ │ ├── GestoreFrame.class │ │ ├── GestorePackageName.class │ │ ├── GestorePulsanteAddApk.class │ │ ├── GestorePulsanteStart.class │ │ ├── InterfaceEngine.class │ │ ├── Main.class │ │ └── ThreadPulsanteStart.class │ ├── callIndirection.bat │ ├── callIndirection │ │ └── callIndirection.jar │ ├── changingPackage.bat │ ├── changingPackage │ │ └── changingPackage.jar │ ├── codeReordering.bat │ ├── codeReordering │ │ └── codeReorder.jar │ ├── dalvikobfuscator │ │ ├── .gitignore │ │ ├── README.md │ │ ├── baksmali-modifier.py │ │ ├── nopToJunk1.jar │ │ ├── nopToJunk2.jar │ │ ├── obfuscate.sh │ │ ├── readme1.txt │ │ └── readme2.txt │ ├── dataEncoding.bat │ ├── dataEncoding │ │ ├── Decrypter.smali │ │ └── encrypter.jar │ ├── disass.bat │ ├── icon.png │ ├── identifierRenaming.bat │ ├── identifierRenaming │ │ └── identifierRenaming.jar │ ├── insjunk.bat │ ├── lib │ │ ├── LICENSE.txt │ │ ├── NOTICE.txt │ │ ├── RELEASE-NOTES.txt │ │ ├── commons-io-2.4-javadoc.jar │ │ ├── commons-io-2.4-sources.jar │ │ ├── commons-io-2.4-test-sources.jar │ │ ├── commons-io-2.4-tests.jar │ │ ├── commons-io-2.4.jar │ │ └── docs │ │ │ ├── allclasses-frame.html │ │ │ ├── allclasses-noframe.html │ │ │ ├── constant-values.html │ │ │ ├── deprecated-list.html │ │ │ ├── help-doc.html │ │ │ ├── index-all.html │ │ │ ├── index.html │ │ │ ├── org │ │ │ └── apache │ │ │ │ └── commons │ │ │ │ └── io │ │ │ │ ├── ByteOrderMark.html │ │ │ │ ├── Charsets.html │ │ │ │ ├── CopyUtils.html │ │ │ │ ├── DirectoryWalker.CancelException.html │ │ │ │ ├── DirectoryWalker.html │ │ │ │ ├── EndianUtils.html │ │ │ │ ├── FileCleaner.html │ │ │ │ ├── FileCleaningTracker.html │ │ │ │ ├── FileDeleteStrategy.html │ │ │ │ ├── FileExistsException.html │ │ │ │ ├── FileSystemUtils.html │ │ │ │ ├── FileUtils.html │ │ │ │ ├── FilenameUtils.html │ │ │ │ ├── HexDump.html │ │ │ │ ├── IOCase.html │ │ │ │ ├── IOExceptionWithCause.html │ │ │ │ ├── IOUtils.html │ │ │ │ ├── LineIterator.html │ │ │ │ ├── TaggedIOException.html │ │ │ │ ├── class-use │ │ │ │ ├── ByteOrderMark.html │ │ │ │ ├── Charsets.html │ │ │ │ ├── CopyUtils.html │ │ │ │ ├── DirectoryWalker.CancelException.html │ │ │ │ ├── DirectoryWalker.html │ │ │ │ ├── EndianUtils.html │ │ │ │ ├── FileCleaner.html │ │ │ │ ├── FileCleaningTracker.html │ │ │ │ ├── FileDeleteStrategy.html │ │ │ │ ├── FileExistsException.html │ │ │ │ ├── FileSystemUtils.html │ │ │ │ ├── FileUtils.html │ │ │ │ ├── FilenameUtils.html │ │ │ │ ├── HexDump.html │ │ │ │ ├── IOCase.html │ │ │ │ ├── IOExceptionWithCause.html │ │ │ │ ├── IOUtils.html │ │ │ │ ├── LineIterator.html │ │ │ │ └── TaggedIOException.html │ │ │ │ ├── comparator │ │ │ │ ├── CompositeFileComparator.html │ │ │ │ ├── DefaultFileComparator.html │ │ │ │ ├── DirectoryFileComparator.html │ │ │ │ ├── ExtensionFileComparator.html │ │ │ │ ├── LastModifiedFileComparator.html │ │ │ │ ├── NameFileComparator.html │ │ │ │ ├── PathFileComparator.html │ │ │ │ ├── SizeFileComparator.html │ │ │ │ ├── class-use │ │ │ │ │ ├── CompositeFileComparator.html │ │ │ │ │ ├── DefaultFileComparator.html │ │ │ │ │ ├── DirectoryFileComparator.html │ │ │ │ │ ├── ExtensionFileComparator.html │ │ │ │ │ ├── LastModifiedFileComparator.html │ │ │ │ │ ├── NameFileComparator.html │ │ │ │ │ ├── PathFileComparator.html │ │ │ │ │ └── SizeFileComparator.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ │ ├── filefilter │ │ │ │ ├── AbstractFileFilter.html │ │ │ │ ├── AgeFileFilter.html │ │ │ │ ├── AndFileFilter.html │ │ │ │ ├── CanReadFileFilter.html │ │ │ │ ├── CanWriteFileFilter.html │ │ │ │ ├── ConditionalFileFilter.html │ │ │ │ ├── DelegateFileFilter.html │ │ │ │ ├── DirectoryFileFilter.html │ │ │ │ ├── EmptyFileFilter.html │ │ │ │ ├── FalseFileFilter.html │ │ │ │ ├── FileFileFilter.html │ │ │ │ ├── FileFilterUtils.html │ │ │ │ ├── HiddenFileFilter.html │ │ │ │ ├── IOFileFilter.html │ │ │ │ ├── MagicNumberFileFilter.html │ │ │ │ ├── NameFileFilter.html │ │ │ │ ├── NotFileFilter.html │ │ │ │ ├── OrFileFilter.html │ │ │ │ ├── PrefixFileFilter.html │ │ │ │ ├── RegexFileFilter.html │ │ │ │ ├── SizeFileFilter.html │ │ │ │ ├── SuffixFileFilter.html │ │ │ │ ├── TrueFileFilter.html │ │ │ │ ├── WildcardFileFilter.html │ │ │ │ ├── WildcardFilter.html │ │ │ │ ├── class-use │ │ │ │ │ ├── AbstractFileFilter.html │ │ │ │ │ ├── AgeFileFilter.html │ │ │ │ │ ├── AndFileFilter.html │ │ │ │ │ ├── CanReadFileFilter.html │ │ │ │ │ ├── CanWriteFileFilter.html │ │ │ │ │ ├── ConditionalFileFilter.html │ │ │ │ │ ├── DelegateFileFilter.html │ │ │ │ │ ├── DirectoryFileFilter.html │ │ │ │ │ ├── EmptyFileFilter.html │ │ │ │ │ ├── FalseFileFilter.html │ │ │ │ │ ├── FileFileFilter.html │ │ │ │ │ ├── FileFilterUtils.html │ │ │ │ │ ├── HiddenFileFilter.html │ │ │ │ │ ├── IOFileFilter.html │ │ │ │ │ ├── MagicNumberFileFilter.html │ │ │ │ │ ├── NameFileFilter.html │ │ │ │ │ ├── NotFileFilter.html │ │ │ │ │ ├── OrFileFilter.html │ │ │ │ │ ├── PrefixFileFilter.html │ │ │ │ │ ├── RegexFileFilter.html │ │ │ │ │ ├── SizeFileFilter.html │ │ │ │ │ ├── SuffixFileFilter.html │ │ │ │ │ ├── TrueFileFilter.html │ │ │ │ │ ├── WildcardFileFilter.html │ │ │ │ │ └── WildcardFilter.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ │ ├── input │ │ │ │ ├── AutoCloseInputStream.html │ │ │ │ ├── BOMInputStream.html │ │ │ │ ├── BoundedInputStream.html │ │ │ │ ├── BrokenInputStream.html │ │ │ │ ├── CharSequenceInputStream.html │ │ │ │ ├── CharSequenceReader.html │ │ │ │ ├── ClassLoaderObjectInputStream.html │ │ │ │ ├── CloseShieldInputStream.html │ │ │ │ ├── ClosedInputStream.html │ │ │ │ ├── CountingInputStream.html │ │ │ │ ├── DemuxInputStream.html │ │ │ │ ├── NullInputStream.html │ │ │ │ ├── NullReader.html │ │ │ │ ├── ProxyInputStream.html │ │ │ │ ├── ProxyReader.html │ │ │ │ ├── ReaderInputStream.html │ │ │ │ ├── ReversedLinesFileReader.html │ │ │ │ ├── SwappedDataInputStream.html │ │ │ │ ├── TaggedInputStream.html │ │ │ │ ├── Tailer.html │ │ │ │ ├── TailerListener.html │ │ │ │ ├── TailerListenerAdapter.html │ │ │ │ ├── TeeInputStream.html │ │ │ │ ├── XmlStreamReader.html │ │ │ │ ├── XmlStreamReaderException.html │ │ │ │ ├── class-use │ │ │ │ │ ├── AutoCloseInputStream.html │ │ │ │ │ ├── BOMInputStream.html │ │ │ │ │ ├── BoundedInputStream.html │ │ │ │ │ ├── BrokenInputStream.html │ │ │ │ │ ├── CharSequenceInputStream.html │ │ │ │ │ ├── CharSequenceReader.html │ │ │ │ │ ├── ClassLoaderObjectInputStream.html │ │ │ │ │ ├── CloseShieldInputStream.html │ │ │ │ │ ├── ClosedInputStream.html │ │ │ │ │ ├── CountingInputStream.html │ │ │ │ │ ├── DemuxInputStream.html │ │ │ │ │ ├── NullInputStream.html │ │ │ │ │ ├── NullReader.html │ │ │ │ │ ├── ProxyInputStream.html │ │ │ │ │ ├── ProxyReader.html │ │ │ │ │ ├── ReaderInputStream.html │ │ │ │ │ ├── ReversedLinesFileReader.html │ │ │ │ │ ├── SwappedDataInputStream.html │ │ │ │ │ ├── TaggedInputStream.html │ │ │ │ │ ├── Tailer.html │ │ │ │ │ ├── TailerListener.html │ │ │ │ │ ├── TailerListenerAdapter.html │ │ │ │ │ ├── TeeInputStream.html │ │ │ │ │ ├── XmlStreamReader.html │ │ │ │ │ └── XmlStreamReaderException.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ │ ├── monitor │ │ │ │ ├── FileAlterationListener.html │ │ │ │ ├── FileAlterationListenerAdaptor.html │ │ │ │ ├── FileAlterationMonitor.html │ │ │ │ ├── FileAlterationObserver.html │ │ │ │ ├── FileEntry.html │ │ │ │ ├── class-use │ │ │ │ │ ├── FileAlterationListener.html │ │ │ │ │ ├── FileAlterationListenerAdaptor.html │ │ │ │ │ ├── FileAlterationMonitor.html │ │ │ │ │ ├── FileAlterationObserver.html │ │ │ │ │ └── FileEntry.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ │ ├── output │ │ │ │ ├── BrokenOutputStream.html │ │ │ │ ├── ByteArrayOutputStream.html │ │ │ │ ├── CloseShieldOutputStream.html │ │ │ │ ├── ClosedOutputStream.html │ │ │ │ ├── CountingOutputStream.html │ │ │ │ ├── DeferredFileOutputStream.html │ │ │ │ ├── DemuxOutputStream.html │ │ │ │ ├── FileWriterWithEncoding.html │ │ │ │ ├── LockableFileWriter.html │ │ │ │ ├── NullOutputStream.html │ │ │ │ ├── NullWriter.html │ │ │ │ ├── ProxyOutputStream.html │ │ │ │ ├── ProxyWriter.html │ │ │ │ ├── StringBuilderWriter.html │ │ │ │ ├── TaggedOutputStream.html │ │ │ │ ├── TeeOutputStream.html │ │ │ │ ├── ThresholdingOutputStream.html │ │ │ │ ├── WriterOutputStream.html │ │ │ │ ├── XmlStreamWriter.html │ │ │ │ ├── class-use │ │ │ │ │ ├── BrokenOutputStream.html │ │ │ │ │ ├── ByteArrayOutputStream.html │ │ │ │ │ ├── CloseShieldOutputStream.html │ │ │ │ │ ├── ClosedOutputStream.html │ │ │ │ │ ├── CountingOutputStream.html │ │ │ │ │ ├── DeferredFileOutputStream.html │ │ │ │ │ ├── DemuxOutputStream.html │ │ │ │ │ ├── FileWriterWithEncoding.html │ │ │ │ │ ├── LockableFileWriter.html │ │ │ │ │ ├── NullOutputStream.html │ │ │ │ │ ├── NullWriter.html │ │ │ │ │ ├── ProxyOutputStream.html │ │ │ │ │ ├── ProxyWriter.html │ │ │ │ │ ├── StringBuilderWriter.html │ │ │ │ │ ├── TaggedOutputStream.html │ │ │ │ │ ├── TeeOutputStream.html │ │ │ │ │ ├── ThresholdingOutputStream.html │ │ │ │ │ ├── WriterOutputStream.html │ │ │ │ │ └── XmlStreamWriter.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ │ ├── package-frame.html │ │ │ │ ├── package-summary.html │ │ │ │ ├── package-tree.html │ │ │ │ └── package-use.html │ │ │ ├── overview-frame.html │ │ │ ├── overview-summary.html │ │ │ ├── overview-tree.html │ │ │ ├── package-list │ │ │ ├── resources │ │ │ └── inherit.gif │ │ │ ├── serialized-form.html │ │ │ └── stylesheet.css │ ├── reass.bat │ ├── repack.bat │ ├── signapk │ │ ├── certificate.pem │ │ ├── key.pk8 │ │ └── signapk.jar │ ├── src │ │ ├── GestoreCheckBoxPackageName.java │ │ ├── GestoreFrame.java │ │ ├── GestorePackageName.java │ │ ├── GestorePulsanteAddApk.java │ │ ├── GestorePulsanteStart.java │ │ ├── InterfaceEngine.java │ │ ├── Main.java │ │ └── ThreadPulsanteStart.java │ └── transEngine.bat ├── README.txt └── demo_Alan.avi └── transformations sources ├── CallIndirection ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── bin │ └── CallIndirection.class ├── lib │ ├── LICENSE.txt │ ├── NOTICE.txt │ ├── RELEASE-NOTES.txt │ ├── commons-io-2.4-javadoc.jar │ ├── commons-io-2.4-sources.jar │ ├── commons-io-2.4-test-sources.jar │ ├── commons-io-2.4-tests.jar │ ├── commons-io-2.4.jar │ └── docs │ │ ├── allclasses-frame.html │ │ ├── allclasses-noframe.html │ │ ├── constant-values.html │ │ ├── deprecated-list.html │ │ ├── help-doc.html │ │ ├── index-all.html │ │ ├── index.html │ │ ├── org │ │ └── apache │ │ │ └── commons │ │ │ └── io │ │ │ ├── ByteOrderMark.html │ │ │ ├── Charsets.html │ │ │ ├── CopyUtils.html │ │ │ ├── DirectoryWalker.CancelException.html │ │ │ ├── DirectoryWalker.html │ │ │ ├── EndianUtils.html │ │ │ ├── FileCleaner.html │ │ │ ├── FileCleaningTracker.html │ │ │ ├── FileDeleteStrategy.html │ │ │ ├── FileExistsException.html │ │ │ ├── FileSystemUtils.html │ │ │ ├── FileUtils.html │ │ │ ├── FilenameUtils.html │ │ │ ├── HexDump.html │ │ │ ├── IOCase.html │ │ │ ├── IOExceptionWithCause.html │ │ │ ├── IOUtils.html │ │ │ ├── LineIterator.html │ │ │ ├── TaggedIOException.html │ │ │ ├── class-use │ │ │ ├── ByteOrderMark.html │ │ │ ├── Charsets.html │ │ │ ├── CopyUtils.html │ │ │ ├── DirectoryWalker.CancelException.html │ │ │ ├── DirectoryWalker.html │ │ │ ├── EndianUtils.html │ │ │ ├── FileCleaner.html │ │ │ ├── FileCleaningTracker.html │ │ │ ├── FileDeleteStrategy.html │ │ │ ├── FileExistsException.html │ │ │ ├── FileSystemUtils.html │ │ │ ├── FileUtils.html │ │ │ ├── FilenameUtils.html │ │ │ ├── HexDump.html │ │ │ ├── IOCase.html │ │ │ ├── IOExceptionWithCause.html │ │ │ ├── IOUtils.html │ │ │ ├── LineIterator.html │ │ │ └── TaggedIOException.html │ │ │ ├── comparator │ │ │ ├── CompositeFileComparator.html │ │ │ ├── DefaultFileComparator.html │ │ │ ├── DirectoryFileComparator.html │ │ │ ├── ExtensionFileComparator.html │ │ │ ├── LastModifiedFileComparator.html │ │ │ ├── NameFileComparator.html │ │ │ ├── PathFileComparator.html │ │ │ ├── SizeFileComparator.html │ │ │ ├── class-use │ │ │ │ ├── CompositeFileComparator.html │ │ │ │ ├── DefaultFileComparator.html │ │ │ │ ├── DirectoryFileComparator.html │ │ │ │ ├── ExtensionFileComparator.html │ │ │ │ ├── LastModifiedFileComparator.html │ │ │ │ ├── NameFileComparator.html │ │ │ │ ├── PathFileComparator.html │ │ │ │ └── SizeFileComparator.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ │ ├── filefilter │ │ │ ├── AbstractFileFilter.html │ │ │ ├── AgeFileFilter.html │ │ │ ├── AndFileFilter.html │ │ │ ├── CanReadFileFilter.html │ │ │ ├── CanWriteFileFilter.html │ │ │ ├── ConditionalFileFilter.html │ │ │ ├── DelegateFileFilter.html │ │ │ ├── DirectoryFileFilter.html │ │ │ ├── EmptyFileFilter.html │ │ │ ├── FalseFileFilter.html │ │ │ ├── FileFileFilter.html │ │ │ ├── FileFilterUtils.html │ │ │ ├── HiddenFileFilter.html │ │ │ ├── IOFileFilter.html │ │ │ ├── MagicNumberFileFilter.html │ │ │ ├── NameFileFilter.html │ │ │ ├── NotFileFilter.html │ │ │ ├── OrFileFilter.html │ │ │ ├── PrefixFileFilter.html │ │ │ ├── RegexFileFilter.html │ │ │ ├── SizeFileFilter.html │ │ │ ├── SuffixFileFilter.html │ │ │ ├── TrueFileFilter.html │ │ │ ├── WildcardFileFilter.html │ │ │ ├── WildcardFilter.html │ │ │ ├── class-use │ │ │ │ ├── AbstractFileFilter.html │ │ │ │ ├── AgeFileFilter.html │ │ │ │ ├── AndFileFilter.html │ │ │ │ ├── CanReadFileFilter.html │ │ │ │ ├── CanWriteFileFilter.html │ │ │ │ ├── ConditionalFileFilter.html │ │ │ │ ├── DelegateFileFilter.html │ │ │ │ ├── DirectoryFileFilter.html │ │ │ │ ├── EmptyFileFilter.html │ │ │ │ ├── FalseFileFilter.html │ │ │ │ ├── FileFileFilter.html │ │ │ │ ├── FileFilterUtils.html │ │ │ │ ├── HiddenFileFilter.html │ │ │ │ ├── IOFileFilter.html │ │ │ │ ├── MagicNumberFileFilter.html │ │ │ │ ├── NameFileFilter.html │ │ │ │ ├── NotFileFilter.html │ │ │ │ ├── OrFileFilter.html │ │ │ │ ├── PrefixFileFilter.html │ │ │ │ ├── RegexFileFilter.html │ │ │ │ ├── SizeFileFilter.html │ │ │ │ ├── SuffixFileFilter.html │ │ │ │ ├── TrueFileFilter.html │ │ │ │ ├── WildcardFileFilter.html │ │ │ │ └── WildcardFilter.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ │ ├── input │ │ │ ├── AutoCloseInputStream.html │ │ │ ├── BOMInputStream.html │ │ │ ├── BoundedInputStream.html │ │ │ ├── BrokenInputStream.html │ │ │ ├── CharSequenceInputStream.html │ │ │ ├── CharSequenceReader.html │ │ │ ├── ClassLoaderObjectInputStream.html │ │ │ ├── CloseShieldInputStream.html │ │ │ ├── ClosedInputStream.html │ │ │ ├── CountingInputStream.html │ │ │ ├── DemuxInputStream.html │ │ │ ├── NullInputStream.html │ │ │ ├── NullReader.html │ │ │ ├── ProxyInputStream.html │ │ │ ├── ProxyReader.html │ │ │ ├── ReaderInputStream.html │ │ │ ├── ReversedLinesFileReader.html │ │ │ ├── SwappedDataInputStream.html │ │ │ ├── TaggedInputStream.html │ │ │ ├── Tailer.html │ │ │ ├── TailerListener.html │ │ │ ├── TailerListenerAdapter.html │ │ │ ├── TeeInputStream.html │ │ │ ├── XmlStreamReader.html │ │ │ ├── XmlStreamReaderException.html │ │ │ ├── class-use │ │ │ │ ├── AutoCloseInputStream.html │ │ │ │ ├── BOMInputStream.html │ │ │ │ ├── BoundedInputStream.html │ │ │ │ ├── BrokenInputStream.html │ │ │ │ ├── CharSequenceInputStream.html │ │ │ │ ├── CharSequenceReader.html │ │ │ │ ├── ClassLoaderObjectInputStream.html │ │ │ │ ├── CloseShieldInputStream.html │ │ │ │ ├── ClosedInputStream.html │ │ │ │ ├── CountingInputStream.html │ │ │ │ ├── DemuxInputStream.html │ │ │ │ ├── NullInputStream.html │ │ │ │ ├── NullReader.html │ │ │ │ ├── ProxyInputStream.html │ │ │ │ ├── ProxyReader.html │ │ │ │ ├── ReaderInputStream.html │ │ │ │ ├── ReversedLinesFileReader.html │ │ │ │ ├── SwappedDataInputStream.html │ │ │ │ ├── TaggedInputStream.html │ │ │ │ ├── Tailer.html │ │ │ │ ├── TailerListener.html │ │ │ │ ├── TailerListenerAdapter.html │ │ │ │ ├── TeeInputStream.html │ │ │ │ ├── XmlStreamReader.html │ │ │ │ └── XmlStreamReaderException.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ │ ├── monitor │ │ │ ├── FileAlterationListener.html │ │ │ ├── FileAlterationListenerAdaptor.html │ │ │ ├── FileAlterationMonitor.html │ │ │ ├── FileAlterationObserver.html │ │ │ ├── FileEntry.html │ │ │ ├── class-use │ │ │ │ ├── FileAlterationListener.html │ │ │ │ ├── FileAlterationListenerAdaptor.html │ │ │ │ ├── FileAlterationMonitor.html │ │ │ │ ├── FileAlterationObserver.html │ │ │ │ └── FileEntry.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ │ ├── output │ │ │ ├── BrokenOutputStream.html │ │ │ ├── ByteArrayOutputStream.html │ │ │ ├── CloseShieldOutputStream.html │ │ │ ├── ClosedOutputStream.html │ │ │ ├── CountingOutputStream.html │ │ │ ├── DeferredFileOutputStream.html │ │ │ ├── DemuxOutputStream.html │ │ │ ├── FileWriterWithEncoding.html │ │ │ ├── LockableFileWriter.html │ │ │ ├── NullOutputStream.html │ │ │ ├── NullWriter.html │ │ │ ├── ProxyOutputStream.html │ │ │ ├── ProxyWriter.html │ │ │ ├── StringBuilderWriter.html │ │ │ ├── TaggedOutputStream.html │ │ │ ├── TeeOutputStream.html │ │ │ ├── ThresholdingOutputStream.html │ │ │ ├── WriterOutputStream.html │ │ │ ├── XmlStreamWriter.html │ │ │ ├── class-use │ │ │ │ ├── BrokenOutputStream.html │ │ │ │ ├── ByteArrayOutputStream.html │ │ │ │ ├── CloseShieldOutputStream.html │ │ │ │ ├── ClosedOutputStream.html │ │ │ │ ├── CountingOutputStream.html │ │ │ │ ├── DeferredFileOutputStream.html │ │ │ │ ├── DemuxOutputStream.html │ │ │ │ ├── FileWriterWithEncoding.html │ │ │ │ ├── LockableFileWriter.html │ │ │ │ ├── NullOutputStream.html │ │ │ │ ├── NullWriter.html │ │ │ │ ├── ProxyOutputStream.html │ │ │ │ ├── ProxyWriter.html │ │ │ │ ├── StringBuilderWriter.html │ │ │ │ ├── TaggedOutputStream.html │ │ │ │ ├── TeeOutputStream.html │ │ │ │ ├── ThresholdingOutputStream.html │ │ │ │ ├── WriterOutputStream.html │ │ │ │ └── XmlStreamWriter.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ │ ├── package-frame.html │ │ │ ├── package-summary.html │ │ │ ├── package-tree.html │ │ │ └── package-use.html │ │ ├── overview-frame.html │ │ ├── overview-summary.html │ │ ├── overview-tree.html │ │ ├── package-list │ │ ├── resources │ │ └── inherit.gif │ │ ├── serialized-form.html │ │ └── stylesheet.css └── src │ └── CallIndirection.java ├── ChangingPackage ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── AndroidManifest.xml ├── aa ├── bin │ ├── Changing.class │ └── commons-lang3-3.3.2.jar ├── src │ ├── Changing.java │ └── commons-lang3-3.3.2.jar └── x ├── CodeReordering ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── bin │ └── ReoderCode.class └── src │ └── ReoderCode.java ├── DatEncoding ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── bin │ └── Encrypter.class └── src │ └── Encrypter.java ├── IdentifierRenaming ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── bin │ └── IdentifierRenaming.class ├── commons-lang3-3.3.2.jar └── src │ └── IdentifierRenaming.java ├── JunkInsertion ├── JunkInsertion │ ├── .classpath │ ├── .project │ ├── .settings │ │ └── org.eclipse.jdt.core.prefs │ ├── bin │ │ └── com │ │ │ └── example │ │ │ ├── pack │ │ │ ├── Insertion.class │ │ │ └── Tester.class │ │ │ └── textresource │ │ │ └── junkInstructions │ ├── files │ │ └── com │ │ │ └── example │ │ │ └── textresource │ │ │ └── junkInstructions │ └── src │ │ └── com │ │ └── example │ │ └── pack │ │ ├── Insertion.java │ │ └── Tester.java └── NopToJunk │ ├── .classpath │ ├── .project │ ├── .settings │ └── org.eclipse.jdt.core.prefs │ ├── bin │ └── com │ │ └── example │ │ ├── RecursiveFileDisplay.class │ │ └── textresource │ │ └── junkInstructions │ ├── files │ └── com │ │ └── example │ │ └── textresource │ │ └── junkInstructions │ └── src │ └── com │ └── example │ └── RecursiveFileDisplay.java └── README.txt /DB_and_virustotal_submission/MalwareAnalysisDBProject/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | MalwareAnalysisDBProject 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | #Mon Jan 19 18:02:57 CET 2015 2 | eclipse.preferences.version=1 3 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 4 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 5 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 6 | org.eclipse.jdt.core.compiler.compliance=1.6 7 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 8 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 9 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 10 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 11 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 12 | org.eclipse.jdt.core.compiler.source=1.6 13 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/.settings/org.eclipse.ltk.core.refactoring.prefs: -------------------------------------------------------------------------------- 1 | #Fri Jan 30 16:47:20 CET 2015 2 | eclipse.preferences.version=1 3 | org.eclipse.ltk.core.refactoring.enable.project.refactoring.history=false 4 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | MalwareAnalysisDBProject 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | #Mon Jan 19 18:02:57 CET 2015 2 | eclipse.preferences.version=1 3 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 4 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 5 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 6 | org.eclipse.jdt.core.compiler.compliance=1.6 7 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 8 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 9 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 10 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 11 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 12 | org.eclipse.jdt.core.compiler.source=1.6 13 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/.settings/org.eclipse.ltk.core.refactoring.prefs: -------------------------------------------------------------------------------- 1 | #Fri Jan 30 16:47:20 CET 2015 2 | eclipse.preferences.version=1 3 | org.eclipse.ltk.core.refactoring.enable.project.refactoring.history=false 4 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/AntiMalwareDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/AntiMalwareDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/MalwareDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/MalwareDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/MalwareFamilyDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/MalwareFamilyDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/ScanPostTransDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/ScanPostTransDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/ScanPreTransDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/ScanPreTransDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/test/TestDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dao/test/TestDao.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dbconfig/DBConfiguration.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/dbconfig/DBConfiguration.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/AntiMalware.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/AntiMalware.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/Malware.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/Malware.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/MalwareFamily.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/MalwareFamily.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/ScanPostTrans.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/ScanPostTrans.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/ScanPreTrans.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/model/ScanPreTrans.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/parser/malware/Parser.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/parser/malware/Parser.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlReporterComparison.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlReporterComparison.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlReporterPre.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlReporterPre.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlSearcher.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/HtmlSearcher.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/InterfaceUI$1MyActionListener.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/InterfaceUI$1MyActionListener.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/InterfaceUI.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/ui/InterfaceUI.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/AddComment.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/AddComment.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ApiDetails.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ApiDetails.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetDomainReport.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetDomainReport.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetFileScanReport.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetFileScanReport.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetIPAddressReport.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetIPAddressReport.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetUrlReport.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/GetUrlReport.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ScanFile.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ScanFile.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ScanUrls.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/ScanUrls.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/VirusScan.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/com/progetto_sicurezza/virusTotal/VirusScan.class -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/gson-2.2.4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/gson-2.2.4.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpcore-4.2.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpcore-4.2.3.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpcore-osgi-4.3-beta2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpcore-osgi-4.3-beta2.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpmime-4.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/httpmime-4.3.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/junit-4.7.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/junit-4.7.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/mockito-1.8.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/mockito-1.8.0.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/mysql-connector-java-5.1.32-bin.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/mysql-connector-java-5.1.32-bin.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/vt.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/bin/lib/vt.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/gson-2.2.4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/gson-2.2.4.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpcore-4.2.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpcore-4.2.3.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpcore-osgi-4.3-beta2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpcore-osgi-4.3-beta2.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpmime-4.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/httpmime-4.3.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/junit-4.7.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/junit-4.7.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/mockito-1.8.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/mockito-1.8.0.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/mysql-connector-java-5.1.32-bin.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/mysql-connector-java-5.1.32-bin.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/vt.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/DB_and_virustotal_submission/MalwareAnalysisDBProject/lib/vt.jar -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/AntiMalwareDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao; 2 | 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.ResultSet; 7 | import java.sql.SQLException; 8 | import java.sql.Statement; 9 | 10 | import com.progetto_sicurezza.dbconfig.DBConfiguration; 11 | import com.progetto_sicurezza.model.AntiMalware; 12 | 13 | public class AntiMalwareDao 14 | { 15 | /* 16 | * antimalware: tutti i campi di antimalware possono essere null tranne: 17 | * nome 18 | */ 19 | public int insert(AntiMalware antimalware) throws SQLException 20 | { 21 | // controlli: 22 | // riferimento not null 23 | // vincoli sui campi not null 24 | if(antimalware == null || antimalware.getNome() == null) throw new IllegalArgumentException(); 25 | 26 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 27 | PreparedStatement stmt; 28 | 29 | String insert = "INSERT INTO anti_malware(nome,software_house,version) " + 30 | "VALUES (?,?,?);"; 31 | 32 | System.out.println(insert); 33 | 34 | stmt = dbCon.prepareStatement(insert,Statement.RETURN_GENERATED_KEYS); 35 | stmt.setString(1, antimalware.getNome()); 36 | stmt.setString(2, antimalware.getSoftware_house()); 37 | stmt.setString(3, antimalware.getVersion()); 38 | stmt.executeUpdate(); 39 | 40 | ResultSet rs = stmt.getGeneratedKeys(); 41 | if (rs.next() ) 42 | { 43 | int toRet = rs.getInt(1); 44 | dbCon.close(); 45 | return toRet; 46 | } 47 | 48 | // never reached 49 | dbCon.close(); 50 | return -1; 51 | } 52 | 53 | public AntiMalware getAntiMalwareByName(String amName) throws SQLException 54 | { 55 | if(amName == null) throw new IllegalArgumentException(); 56 | 57 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 58 | PreparedStatement stmt; 59 | ResultSet rs; 60 | 61 | String query = "SELECT * " + 62 | "FROM anti_malware " + 63 | "WHERE nome = ? "; 64 | 65 | stmt = dbCon.prepareStatement(query); 66 | stmt.setString(1, amName); 67 | rs = stmt.executeQuery(); 68 | 69 | if(rs.next()) 70 | { 71 | AntiMalware am = new AntiMalware(); 72 | am.setId(rs.getInt(1)); 73 | am.setNome(rs.getString(2)); 74 | // these fields can be null 75 | am.setSoftware_house(rs.getString(3)); 76 | am.setVersion(rs.getString(4)); 77 | 78 | dbCon.close(); 79 | return am; 80 | } 81 | 82 | dbCon.close(); 83 | return null; 84 | } 85 | 86 | public AntiMalware getAntiMalwareById(int id) throws SQLException 87 | { 88 | if(id <= 0) throw new IllegalArgumentException(); 89 | 90 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 91 | Statement stmt; 92 | ResultSet rs; 93 | 94 | String query = "SELECT * " + 95 | "From anti_malware " + 96 | "WHERE id = " + id; 97 | 98 | stmt = dbCon.createStatement(); 99 | rs = stmt.executeQuery(query); 100 | 101 | if(rs.next()) 102 | { 103 | AntiMalware am = new AntiMalware(); 104 | am.setId(rs.getInt(1)); 105 | am.setNome(rs.getString(2)); 106 | // these fields can be null 107 | am.setSoftware_house(rs.getString(3)); 108 | am.setVersion(rs.getString(4)); 109 | 110 | dbCon.close(); 111 | return am; 112 | } 113 | 114 | dbCon.close(); 115 | return null; 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/MalwareDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao; 2 | 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.ResultSet; 7 | import java.sql.SQLException; 8 | import java.sql.Statement; 9 | 10 | 11 | import com.progetto_sicurezza.dbconfig.DBConfiguration; 12 | import com.progetto_sicurezza.model.Malware; 13 | 14 | 15 | public class MalwareDao 16 | { 17 | /* 18 | * malware: tutti i campi di malware possono essere null tranne: 19 | * malwareStrId 20 | */ 21 | public int insert(Malware malware) throws SQLException 22 | { 23 | // controlli: 24 | // riferimento not null 25 | // vincoli sui campi not null 26 | if(malware == null || malware.getMalwareStrId() == null) throw new IllegalArgumentException(); 27 | 28 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 29 | PreparedStatement stmt; 30 | 31 | String insert = "INSERT INTO malware (malware_str_id , dimension_kb , id_family , description ) " + 32 | "VALUES (?," + 33 | malware.getKbDim() + "," + 34 | malware.getIdFamily() + "," +"?);"; 35 | 36 | System.out.println(insert); 37 | 38 | stmt = dbCon.prepareStatement(insert,Statement.RETURN_GENERATED_KEYS); 39 | stmt.setString(1,malware.getMalwareStrId()); 40 | stmt.setString(2, malware.getDescr()); 41 | stmt.executeUpdate(); 42 | 43 | ResultSet rs = stmt.getGeneratedKeys(); 44 | if (rs.next() ) 45 | { 46 | int toRet = rs.getInt(1); 47 | dbCon.close(); 48 | return toRet; 49 | } 50 | 51 | // never reached 52 | dbCon.close(); 53 | return -1; 54 | } 55 | 56 | public Malware getMalwareByStrIdentifier(String strId) throws SQLException 57 | { 58 | if(strId == null) throw new IllegalArgumentException(); 59 | 60 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 61 | PreparedStatement stmt; 62 | ResultSet rs; 63 | 64 | String query = "SELECT *" + 65 | "FROM malware " + 66 | "WHERE malware_str_id = ?"; 67 | 68 | stmt = dbCon.prepareStatement(query); 69 | stmt.setString(1, strId); 70 | rs = stmt.executeQuery(); 71 | 72 | if(rs.next()) 73 | { 74 | Malware m = new Malware(); 75 | m.setId(rs.getInt(1)); 76 | m.setMalwareStrId(rs.getString(2)); 77 | 78 | // these fields can be null 79 | rs.getFloat(3); 80 | if(!rs.wasNull()) 81 | m.setKbDim(rs.getFloat(3)); 82 | rs.getInt(4); 83 | if(!rs.wasNull()) 84 | m.setIdFamily(rs.getInt(4)); 85 | m.setDescr(rs.getString(5)); 86 | 87 | dbCon.close(); 88 | return m; 89 | } 90 | 91 | dbCon.close(); 92 | return null; 93 | } 94 | 95 | public Malware getMalwareById(int id) throws SQLException 96 | { 97 | if(id <= 0) throw new IllegalArgumentException(); 98 | 99 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 100 | Statement stmt; 101 | ResultSet rs; 102 | 103 | String query = "SELECT * " + 104 | "FROM malware " + 105 | "WHERE id = " + id; 106 | 107 | stmt = dbCon.createStatement(); 108 | rs = stmt.executeQuery(query); 109 | 110 | if(rs.next()) 111 | { 112 | Malware m = new Malware(); 113 | m.setId(rs.getInt(1)); 114 | m.setMalwareStrId(rs.getString(2)); 115 | 116 | // these fields can be null 117 | rs.getFloat(3); 118 | if(!rs.wasNull()) 119 | m.setKbDim(rs.getFloat(3)); 120 | rs.getInt(4); 121 | if(!rs.wasNull()) 122 | m.setIdFamily(rs.getInt(4)); 123 | m.setDescr(rs.getString(5)); 124 | 125 | dbCon.close(); 126 | return m; 127 | } 128 | 129 | dbCon.close(); 130 | return null; 131 | } 132 | } 133 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/MalwareFamilyDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao; 2 | 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.ResultSet; 7 | import java.sql.SQLException; 8 | import java.sql.Statement; 9 | 10 | import com.progetto_sicurezza.dbconfig.DBConfiguration; 11 | import com.progetto_sicurezza.model.MalwareFamily; 12 | 13 | 14 | public class MalwareFamilyDao 15 | { 16 | /* 17 | * malwareF: tutti i campi di malwareF possono essere null tranne: 18 | * familyName 19 | */ 20 | public int insert(MalwareFamily malwareF) throws SQLException 21 | { 22 | // controlli: 23 | // riferimento not null 24 | // vincoli sui campi not null 25 | if(malwareF == null || malwareF.getFamilyName() == null) throw new IllegalArgumentException(); 26 | 27 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 28 | PreparedStatement stmt; 29 | 30 | String insert = "INSERT INTO malware_family (family_name,family_description) " + 31 | "VALUES (?,?);"; 32 | 33 | System.out.println(insert); 34 | 35 | stmt = dbCon.prepareStatement(insert,Statement.RETURN_GENERATED_KEYS); 36 | stmt.setString(1,malwareF.getFamilyName()); 37 | stmt.setString(2,malwareF.getFamilyDescription()); 38 | stmt.executeUpdate(); 39 | 40 | ResultSet rs = stmt.getGeneratedKeys(); 41 | if (rs.next() ) 42 | { 43 | int toRet = rs.getInt(1); 44 | dbCon.close(); 45 | return toRet; 46 | } 47 | 48 | // never reached 49 | dbCon.close(); 50 | return -1; 51 | } 52 | 53 | public MalwareFamily getMalwareFamilyByName(String nome) throws SQLException 54 | { 55 | if(nome == null) throw new IllegalArgumentException(); 56 | 57 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 58 | PreparedStatement stmt; 59 | ResultSet rs; 60 | 61 | String query = "SELECT * " + 62 | "From malware_family " + 63 | "WHERE family_name = ? "; 64 | 65 | stmt = dbCon.prepareStatement(query); 66 | stmt.setString(1,nome); 67 | rs = stmt.executeQuery(); 68 | 69 | if(rs.next()) 70 | { 71 | MalwareFamily mf = new MalwareFamily(); 72 | mf.setId(rs.getInt(1)); 73 | mf.setFamily_name(rs.getString(2)); 74 | // 75 | mf.setFamily_description(rs.getString(3)); 76 | 77 | dbCon.close(); 78 | return mf; 79 | } 80 | 81 | dbCon.close(); 82 | return null; 83 | } 84 | 85 | public MalwareFamily getMalwareFamilyById(int id ) throws SQLException 86 | { 87 | if(id <= 0) throw new IllegalArgumentException(); 88 | 89 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 90 | Statement stmt; 91 | ResultSet rs; 92 | 93 | String query = "SELECT * " + 94 | "FROM malware_family " + 95 | "WHERE id = " + id; 96 | 97 | stmt = dbCon.createStatement(); 98 | rs = stmt.executeQuery(query); 99 | 100 | if(rs.next()) 101 | { 102 | MalwareFamily mf = new MalwareFamily(); 103 | mf.setId(rs.getInt(1)); 104 | mf.setFamily_name(rs.getString(2)); 105 | // 106 | mf.setFamily_description(rs.getString(3)); 107 | 108 | dbCon.close(); 109 | return mf; 110 | } 111 | 112 | dbCon.close(); 113 | return null; 114 | } 115 | } 116 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/ScanPostTransDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao; 2 | 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.ResultSet; 7 | import java.sql.SQLException; 8 | import java.sql.Statement; 9 | 10 | import com.progetto_sicurezza.dbconfig.DBConfiguration; 11 | import com.progetto_sicurezza.model.ScanPostTrans; 12 | 13 | public class ScanPostTransDao 14 | { 15 | /* 16 | * scanPost: tutti i campi di scanPost possono essere null tranne: 17 | * idAntiMalware,idMalware,CallIndirection,ChangingClassname, 18 | * ChangingPackage, CodeReorder ,DataEncoding , 19 | * DissAndReass,isJunkNop,JunkNopUncJump, 20 | * JunkRandomGarbage,scan.isRepacking,canResultIsMalicious 21 | * canResultIsMalicious in set {"T","F"} 22 | * 23 | */ 24 | public int insert(ScanPostTrans scanPost) throws SQLException 25 | { 26 | // controlli: 27 | // riferimento not null 28 | // vincolo not null e di insieme valori 29 | if(scanPost == null || scanPost.getIdAntiMalware() == null || scanPost.getIdMalware() == null 30 | || scanPost.isCallIndirection() == null || scanPost.isChangingClassname() == null 31 | || scanPost.isChangingPackage() == null || scanPost.isCodeReorder() == null || scanPost.isDataEncoding() == null 32 | || scanPost.isDissAndReass() == null || scanPost.isJunkNop() == null || scanPost.isJunkNopUncJump() == null 33 | || scanPost.isJunkRandomGarbage() == null|| scanPost.isRepacking() == null 34 | || !isValidScanResult(scanPost.getScanResultIsMalicious()) ) throw new IllegalArgumentException(); 35 | 36 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 37 | PreparedStatement stmt; 38 | 39 | String insert = "INSERT INTO scans_post_transformations (id_malware,id_anti_malware,scan_result_is_malicious," + 40 | "disass_and_reass,repacking,call_indirection,changing_package," + 41 | "changing_classname,code_reorder,data_encoding,junk_nop,junk_nop_unc_jump," + 42 | "junk_random_garbage,signature_update_id)"+ 43 | "VALUES (" + scanPost.getIdMalware() + "," + 44 | scanPost.getIdAntiMalware() +"," + 45 | "?," + 46 | scanPost.isDissAndReass() + "," + 47 | scanPost.isRepacking() + "," + 48 | scanPost.isCallIndirection() + "," + 49 | scanPost.isChangingPackage() + "," + 50 | scanPost.isChangingClassname() + "," + 51 | scanPost.isCodeReorder() + "," + 52 | scanPost.isDataEncoding() + "," + 53 | scanPost.isJunkNop() + "," + 54 | scanPost.isJunkNopUncJump() + "," + 55 | scanPost.isJunkRandomGarbage() + "," + 56 | "?);"; 57 | 58 | System.out.println(insert); 59 | 60 | stmt = dbCon.prepareStatement(insert,Statement.RETURN_GENERATED_KEYS); 61 | stmt.setString(1, scanPost.getScanResultIsMalicious()); 62 | stmt.setString(2, scanPost.getAmSignatureUpdateId()); 63 | stmt.executeUpdate(); 64 | 65 | ResultSet rs = stmt.getGeneratedKeys(); 66 | if (rs.next() ) 67 | { 68 | int toRet = rs.getInt(1); 69 | dbCon.close(); 70 | return toRet; 71 | } 72 | 73 | // never reached 74 | dbCon.close(); 75 | return -1; 76 | } 77 | 78 | public ScanPostTrans getScanById(int id) throws SQLException 79 | { 80 | if(id <= 0) throw new IllegalArgumentException(); 81 | 82 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 83 | Statement stmt; 84 | ResultSet rs; 85 | 86 | String query = "SELECT * " + 87 | "FROM scans_post_transformations " + 88 | "WHERE id = " + id; 89 | 90 | stmt = dbCon.createStatement(); 91 | rs = stmt.executeQuery(query); 92 | 93 | if(rs.next()) 94 | { 95 | ScanPostTrans scan = new ScanPostTrans(); 96 | scan.setId(rs.getInt(4)); 97 | scan.setIdMalware(rs.getInt(1)); 98 | scan.setIdAntiMalware(rs.getInt(2)); 99 | scan.setScanResultIsMalicious(rs.getString(3)); 100 | 101 | scan.setDissAndReass(rs.getBoolean(5)); 102 | scan.setRepacking(rs.getBoolean(6)); 103 | scan.setCallIndirection(rs.getBoolean(7)); 104 | scan.setChangingPackage(rs.getBoolean(8)); 105 | scan.setChangingClassname(rs.getBoolean(9)); 106 | scan.setCodeReorder(rs.getBoolean(10)); 107 | scan.setDataEncoding(rs.getBoolean(11)); 108 | scan.setJunkNop(rs.getBoolean(12)); 109 | scan.setJunkNopUncJump(rs.getBoolean(13)); 110 | scan.setJunkRandomGarbage(rs.getBoolean(14)); 111 | // these fields can be null 112 | scan.setAmSignatureUpdateId(rs.getString(15)); 113 | 114 | dbCon.close(); 115 | return scan; 116 | } 117 | 118 | dbCon.close(); 119 | return null; 120 | } 121 | 122 | private boolean isValidScanResult(String scanResult) 123 | { 124 | if(scanResult != null && (scanResult.equalsIgnoreCase("T") || scanResult.equalsIgnoreCase("F") )) 125 | return true; 126 | 127 | return false; 128 | 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/ScanPreTransDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao; 2 | 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.ResultSet; 7 | import java.sql.SQLException; 8 | import java.sql.Statement; 9 | 10 | import com.progetto_sicurezza.dbconfig.DBConfiguration; 11 | import com.progetto_sicurezza.model.ScanPreTrans; 12 | 13 | public class ScanPreTransDao 14 | { 15 | /* 16 | * scanPre: tutti i campi di scanPre possono essere null tranne: 17 | * idAntiMalware,idMalware 18 | * scanResultIsMalicious in set {"T","F"} 19 | */ 20 | public int insert(ScanPreTrans scanPre) throws SQLException 21 | { 22 | // controlli: 23 | // riferimento not null 24 | // vincolo not null e di insieme valori 25 | if(scanPre == null || scanPre.getIdAntimalware() == null || scanPre.getIdAntimalware() == null 26 | || !isValidScanResult(scanPre.getScanResultIsMalicious()) ) throw new IllegalArgumentException(); 27 | 28 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 29 | PreparedStatement stmt; 30 | 31 | String insert = "INSERT INTO scans_pre_transformations (id_malware,id_anti_malware,scan_result_is_malicious,id_update_signature) "+ 32 | "VALUES (" + scanPre.getIdMalware() + "," + 33 | scanPre.getIdAntimalware() +",?,?);"; 34 | 35 | System.out.println(insert); 36 | 37 | stmt = dbCon.prepareStatement(insert,Statement.RETURN_GENERATED_KEYS); 38 | stmt.setString(1, scanPre.getScanResultIsMalicious()); 39 | stmt.setString(2, scanPre.getUpdateSignaturesId()); 40 | stmt.executeUpdate(); 41 | 42 | ResultSet rs = stmt.getGeneratedKeys(); 43 | if (rs.next() ) 44 | { 45 | int toRet = rs.getInt(1); 46 | dbCon.close(); 47 | return toRet; 48 | } 49 | 50 | // never reached 51 | dbCon.close(); 52 | return -1; 53 | } 54 | 55 | public ScanPreTrans getScanById(int id) throws SQLException 56 | { 57 | if(id <= 0) throw new IllegalArgumentException(); 58 | 59 | Connection dbCon = DriverManager.getConnection(DBConfiguration.DB_URL,DBConfiguration.USERNAME,DBConfiguration.PASSWORD); 60 | Statement stmt; 61 | ResultSet rs; 62 | 63 | String query = "SELECT * " + 64 | "FROM scans_pre_transformations " + 65 | "WHERE id = " + id; 66 | 67 | stmt = dbCon.createStatement(); 68 | rs = stmt.executeQuery(query); 69 | 70 | if(rs.next()) 71 | { 72 | ScanPreTrans scan = new ScanPreTrans(); 73 | scan.setId(rs.getInt(1)); 74 | scan.setIdMalware(rs.getInt(2)); 75 | scan.setIdAntimalware(rs.getInt(3)); 76 | // these fields can be null 77 | scan.setScanResultIsMalicious(rs.getString(4)); 78 | scan.setUpdateSignaturesId(rs.getString(5)); 79 | 80 | dbCon.close(); 81 | return scan; 82 | } 83 | 84 | dbCon.close(); 85 | return null; 86 | } 87 | 88 | private boolean isValidScanResult(String scanResult) 89 | { 90 | if(scanResult != null && (scanResult.equalsIgnoreCase("T") || scanResult.equalsIgnoreCase("F") )) 91 | return true; 92 | 93 | return false; 94 | } 95 | } -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dao/test/TestDao.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dao.test; 2 | 3 | import java.sql.SQLException; 4 | 5 | //import com.dao.AntiMalwareDao; 6 | //import com.dao.MalwareDao; 7 | //import com.dao.MalwareFamilyDao; 8 | //import com.dao.ScanPostTransDao; 9 | //import com.dao.ScanPreTransDao; 10 | //import com.model.AntiMalware; 11 | //import com.model.Malware; 12 | 13 | //import com.dao.AntiMalwareDao; 14 | //import com.dao.MalwareFamilyDao; 15 | //import com.model.MalwareFamily; 16 | 17 | /* 18 | import com.dao.ScanPreTransDao; 19 | import com.model.AntiMalware; 20 | import com.model.Malware; 21 | import com.model.ScanPostTrans; 22 | import com.model.ScanPreTrans; 23 | */ 24 | 25 | public class TestDao 26 | { 27 | public static void main(String[] args) throws ClassNotFoundException, SQLException 28 | { 29 | 30 | //ScanPostTransDao dao = new ScanPostTransDao(); 31 | 32 | //System.out.println(dao.getScanById(120).getIdMalware()); 33 | 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/dbconfig/DBConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.dbconfig; 2 | 3 | public class DBConfiguration 4 | { 5 | public static final String DB_URL = "jdbc:mysql://localhost:3306/malware_data_collection"; 6 | public static final String USERNAME ="root"; 7 | public static final String PASSWORD = ""; 8 | } 9 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/model/AntiMalware.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.model; 2 | 3 | public class AntiMalware 4 | { 5 | private Integer id; 6 | private String nome; 7 | private String softwareHouse; 8 | private String version; 9 | 10 | public Integer getId() { 11 | return id; 12 | } 13 | public void setId(int id) { 14 | this.id = id; 15 | } 16 | public String getNome() { 17 | return nome; 18 | } 19 | public void setNome(String nome) { 20 | this.nome = nome; 21 | } 22 | public String getSoftware_house() { 23 | return softwareHouse; 24 | } 25 | public void setSoftware_house(String software_house) { 26 | this.softwareHouse = software_house; 27 | } 28 | public String getVersion() { 29 | return version; 30 | } 31 | public void setVersion(String version) { 32 | this.version = version; 33 | } 34 | 35 | @Override 36 | public String toString() { 37 | return "AntiMalware [id=" + id + ", nome=" + nome + ", softwareHouse=" 38 | + softwareHouse + ", version=" + version + "]"; 39 | } 40 | 41 | 42 | } 43 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/model/Malware.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.model; 2 | 3 | public class Malware 4 | { 5 | private Integer id; 6 | private String malwareStrId; 7 | private Float kbDim; 8 | private Integer idFamily; 9 | private String descr; 10 | 11 | public Integer getId() { 12 | return id; 13 | } 14 | public void setId(int id) { 15 | this.id = id; 16 | } 17 | public String getMalwareStrId() { 18 | return malwareStrId; 19 | } 20 | public void setMalwareStrId(String malwareStrId) { 21 | this.malwareStrId = malwareStrId; 22 | } 23 | public Float getKbDim() 24 | { 25 | return kbDim; 26 | } 27 | public void setKbDim(float kbDim) { 28 | this.kbDim = kbDim; 29 | } 30 | public Integer getIdFamily() { 31 | return idFamily; 32 | } 33 | public void setIdFamily(int idFamily) { 34 | this.idFamily = idFamily; 35 | } 36 | public String getDescr() { 37 | return descr; 38 | } 39 | public void setDescr(String descr) { 40 | this.descr = descr; 41 | } 42 | 43 | public String toString() 44 | { 45 | return "Malware [id=" + id + ", malwareStrId=" + malwareStrId 46 | + ", kbDim=" + kbDim + ", idFamily=" + idFamily + ", descr=" 47 | + descr + "]"; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/model/MalwareFamily.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.model; 2 | 3 | public class MalwareFamily 4 | { 5 | private Integer id; 6 | private String familyName; 7 | private String familyDescription; 8 | 9 | public Integer getId() { 10 | return id; 11 | } 12 | public void setId(int id) { 13 | this.id = id; 14 | } 15 | public String getFamilyName() { 16 | return familyName; 17 | } 18 | public void setFamily_name(String familyName) { 19 | this.familyName = familyName; 20 | } 21 | public String getFamilyDescription() { 22 | return familyDescription; 23 | } 24 | public void setFamily_description(String familyDescription) { 25 | this.familyDescription = familyDescription; 26 | } 27 | 28 | 29 | } 30 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/model/ScanPostTrans.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.model; 2 | 3 | /* 4 | * 5 | */ 6 | public class ScanPostTrans 7 | { 8 | private Integer id; 9 | private Integer idMalware; 10 | private Integer idAntiMalware; 11 | private String scanResultIsMalicious; 12 | private Boolean dissAndReass; 13 | private Boolean repacking; 14 | private Boolean callIndirection; 15 | private Boolean changingPackage; 16 | private Boolean changingClassname; 17 | private Boolean dataEncoding; 18 | private Boolean junkNop; 19 | private Boolean junkNopUncJump; 20 | private Boolean junkRandomGarbage; 21 | private Boolean signatureRewriting; 22 | private Boolean codeReorder; 23 | private String amSignatureUpdateId; 24 | 25 | 26 | public String getAmSignatureUpdateId() { 27 | return amSignatureUpdateId; 28 | } 29 | public void setAmSignatureUpdateId(String amSignatureUpdateId) { 30 | this.amSignatureUpdateId = amSignatureUpdateId; 31 | } 32 | public Boolean isCodeReorder() { 33 | return codeReorder; 34 | } 35 | public void setCodeReorder(boolean codeReorder) { 36 | this.codeReorder = codeReorder; 37 | } 38 | 39 | public Integer getIdMalware() { 40 | return idMalware; 41 | } 42 | public void setIdMalware(int idMalware) { 43 | this.idMalware = idMalware; 44 | } 45 | public Integer getIdAntiMalware() { 46 | return idAntiMalware; 47 | } 48 | public void setIdAntiMalware(int idAntiMalware) { 49 | this.idAntiMalware = idAntiMalware; 50 | } 51 | public String getScanResultIsMalicious() { 52 | return scanResultIsMalicious; 53 | } 54 | public void setScanResultIsMalicious(String isMaliciousPreTransf) { 55 | this.scanResultIsMalicious = isMaliciousPreTransf; 56 | } 57 | public Integer getId() { 58 | return id; 59 | } 60 | public void setId(int id) { 61 | this.id = id; 62 | } 63 | public Boolean isDissAndReass() { 64 | return dissAndReass; 65 | } 66 | public void setDissAndReass(boolean dissAndReass) { 67 | this.dissAndReass = dissAndReass; 68 | } 69 | public Boolean isRepacking() { 70 | return repacking; 71 | } 72 | public void setRepacking(boolean repacking) { 73 | this.repacking = repacking; 74 | } 75 | public Boolean isCallIndirection() { 76 | return callIndirection; 77 | } 78 | public void setCallIndirection(boolean callIndirection) { 79 | this.callIndirection = callIndirection; 80 | } 81 | public Boolean isChangingPackage() { 82 | return changingPackage; 83 | } 84 | public void setChangingPackage(boolean changingPackage) { 85 | this.changingPackage = changingPackage; 86 | } 87 | public Boolean isChangingClassname() { 88 | return changingClassname; 89 | } 90 | public void setChangingClassname(boolean changingClassname) { 91 | this.changingClassname = changingClassname; 92 | } 93 | public Boolean isDataEncoding() { 94 | return dataEncoding; 95 | } 96 | public void setDataEncoding(boolean dataEncoding) { 97 | this.dataEncoding = dataEncoding; 98 | } 99 | public Boolean isJunkNop() { 100 | return junkNop; 101 | } 102 | public void setJunkNop(boolean junkNop) { 103 | this.junkNop = junkNop; 104 | } 105 | public Boolean isJunkNopUncJump() { 106 | return junkNopUncJump; 107 | } 108 | public void setJunkNopUncJump(boolean junkNopUncJump) { 109 | this.junkNopUncJump = junkNopUncJump; 110 | } 111 | public Boolean isJunkRandomGarbage() { 112 | return junkRandomGarbage; 113 | } 114 | public void setJunkRandomGarbage(boolean junkRandomGarbage) { 115 | this.junkRandomGarbage = junkRandomGarbage; 116 | } 117 | public Boolean isSignatureRewriting() { 118 | return signatureRewriting; 119 | } 120 | public void setSignatureRewriting(boolean updateSignature) { 121 | this.signatureRewriting = updateSignature; 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/model/ScanPreTrans.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.model; 2 | 3 | public class ScanPreTrans 4 | { 5 | private Integer id; 6 | private Integer idMalware; 7 | private Integer idAntimalware; 8 | private String scanResultIsMalicious; 9 | private String UpdateSignaturesId; 10 | 11 | public Integer getId() { 12 | return id; 13 | } 14 | public void setId(int id) { 15 | this.id = id; 16 | } 17 | public Integer getIdMalware() { 18 | return idMalware; 19 | } 20 | public void setIdMalware(int idMalware) { 21 | this.idMalware = idMalware; 22 | } 23 | public Integer getIdAntimalware() { 24 | return idAntimalware; 25 | } 26 | public void setIdAntimalware(int idAntimalware) { 27 | this.idAntimalware = idAntimalware; 28 | } 29 | public String getScanResultIsMalicious() { 30 | return scanResultIsMalicious; 31 | } 32 | public void setScanResultIsMalicious(String scanResult) { 33 | this.scanResultIsMalicious = scanResult; 34 | } 35 | public String getUpdateSignaturesId() { 36 | return UpdateSignaturesId; 37 | } 38 | public void setUpdateSignaturesId(String updateSignaturesId) { 39 | UpdateSignaturesId = updateSignaturesId; 40 | } 41 | 42 | 43 | } 44 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/parser/malware/Parser.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.parser.malware; 2 | import java.io.File; 3 | import java.io.FileNotFoundException; 4 | import java.io.IOException; 5 | import java.io.UnsupportedEncodingException; 6 | import java.sql.SQLException; 7 | import java.util.ArrayList; 8 | import java.util.HashMap; 9 | import java.util.Scanner; 10 | import java.util.StringTokenizer; 11 | 12 | import com.progetto_sicurezza.dao.MalwareDao; 13 | import com.progetto_sicurezza.dao.MalwareFamilyDao; 14 | import com.progetto_sicurezza.model.Malware; 15 | import com.progetto_sicurezza.model.MalwareFamily; 16 | 17 | 18 | public class Parser { 19 | 20 | public static HashMap hm ; 21 | public static ArrayList ar; 22 | public static void main(String args[]) throws ClassNotFoundException, SQLException{ 23 | 24 | 25 | getFamilyNameDB("C:\\Users\\Raffaele Esposito\\Desktop\\sha256_family.csv", 26 | "C:\\Users\\Raffaele Esposito\\Desktop\\drebin-33\\drebin-33"); 27 | // 28 | 29 | } 30 | 31 | 32 | public static HashMap getFamilyName (String arg1){ 33 | 34 | File x = new File(arg1); 35 | Scanner read = null; 36 | try { 37 | read = new Scanner(x); 38 | } catch (FileNotFoundException e) { 39 | e.printStackTrace(); 40 | } 41 | HashMap hm = new HashMap(); 42 | 43 | String string = ""; 44 | StringTokenizer tok; 45 | String temp = ""; 46 | while(read.hasNextLine()) 47 | { 48 | string = read.nextLine(); 49 | tok=new StringTokenizer(string, ","); 50 | temp=tok.nextToken(); 51 | hm.put(temp ,tok.nextToken()); 52 | } 53 | read.close(); 54 | return hm; 55 | } 56 | /* 57 | * Popola le tabelle malwareFamily && malware 58 | */ 59 | public static void getFamilyNameDB (String arg1, String arg2) throws ClassNotFoundException, SQLException{ 60 | 61 | MalwareFamilyDao mfd = new MalwareFamilyDao(); 62 | 63 | 64 | File x = new File(arg1); 65 | Scanner read = null; 66 | try { 67 | read = new Scanner(x); 68 | } catch (FileNotFoundException e) { 69 | e.printStackTrace(); 70 | } 71 | hm = new HashMap(); 72 | ar = new ArrayList(); 73 | String string = ""; 74 | StringTokenizer tok; 75 | String temp = ""; 76 | while(read.hasNextLine()) 77 | { 78 | string = read.nextLine(); 79 | tok=new StringTokenizer(string, ","); 80 | temp=tok.nextToken(); 81 | ar.add(temp); //array con i nomi dei virus 82 | hm.put(temp ,tok.nextToken()); //hash map con nome virus e famiglia 83 | } 84 | 85 | //inserimento malware family 86 | /* for(int i=0; i "; 69 | 70 | sb.append(""); 71 | sb.append(""); 72 | sb.append(cssStyle); 73 | sb.append(""); 74 | sb.append(""); 75 | 76 | sb.append(""); 77 | 78 | sb.append("

Description

"); 79 | sb.append("
"); 80 | 81 | if(obj != null) 82 | sb.append(obj.toString()); 83 | else 84 | sb.append("NOT FOUND"); 85 | 86 | sb.append(""); 87 | sb.append(""); 88 | 89 | //rewrite file 90 | FileOutputStream fos = new FileOutputStream(fileName + ".html"); 91 | OutputStreamWriter out = new OutputStreamWriter(fos, CHAR_ENCODING); 92 | out.append(sb.toString()); 93 | out.close(); 94 | } 95 | } 96 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/AddComment.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.GeneralResponse; 3 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 4 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 5 | import com.kanishka.virustotalv2.VirusTotalConfig; 6 | import com.kanishka.virustotalv2.VirustotalPublicV2; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 8 | 9 | import java.io.UnsupportedEncodingException; 10 | 11 | /** 12 | * Created by kanishka on 12/23/13. 13 | */ 14 | public class AddComment { 15 | public static void main(String[] args) { 16 | 17 | try { 18 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 19 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 20 | 21 | String resource = "44d88612fea8a8f36de82e1278abb02f"; 22 | String comment = "Eicar file! considered a goodware :)"; 23 | GeneralResponse gRespo = virusTotalRef.makeAComment(resource, comment); 24 | 25 | System.out.println("Response Code : " + gRespo.getResponseCode()); 26 | System.out.println("Verbose Message : " + gRespo.getVerboseMessage()); 27 | 28 | } catch (APIKeyNotFoundException ex) { 29 | System.err.println("API Key not found! " + ex.getMessage()); 30 | } catch (UnsupportedEncodingException ex) { 31 | System.err.println("Unsupported Encoding Format!" + ex.getMessage()); 32 | } catch (UnauthorizedAccessException ex) { 33 | System.err.println("Invalid API Key " + ex.getMessage()); 34 | } catch (Exception ex) { 35 | System.err.println("Something Bad Happened! " + ex.getMessage()); 36 | } 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/ApiDetails.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | /** 3 | * Created by kanishka on 12/23/13. 4 | */ 5 | public class ApiDetails 6 | { 7 | public static final String API_KEY = "0636280ba771a4c5ee54eae5246ae959fe961e96bf1dd52002f04bcf6c67bfae"; 8 | //public static final String API_KEY = "87818e967bf845db3dda1f52d90ea69fa086dc189ba0baef025aecc935bf46ac"; 9 | } 10 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/GetDomainReport.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.*; 3 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 4 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 5 | import com.kanishka.virustotalv2.VirusTotalConfig; 6 | import com.kanishka.virustotalv2.VirustotalPublicV2; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 8 | 9 | /** 10 | * Created by kanishka on 12/23/13. 11 | */ 12 | public class GetDomainReport { 13 | public static void main(String[] args) { 14 | try { 15 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 16 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 17 | 18 | DomainReport report = virusTotalRef.getDomainReport("www.ntt62.com"); 19 | System.out.println("___Domain Rport__"); 20 | 21 | Sample[] communicatingSamples = report.getDetectedCommunicatingSamples(); 22 | if (communicatingSamples != null) { 23 | System.out.println("Communicating Samples"); 24 | for (Sample sample : communicatingSamples) { 25 | System.out.println("SHA256 : " + sample.getSha256()); 26 | System.out.println("Date : " + sample.getDate()); 27 | System.out.println("Positives : " + sample.getPositives()); 28 | System.out.println("Total : " + sample.getTotal()); 29 | } 30 | } 31 | 32 | Sample[] detectedDownloadedSamples = report.getDetectedDownloadedSamples(); 33 | if (detectedDownloadedSamples != null) { 34 | System.out.println("Detected Downloaded Samples"); 35 | for (Sample sample : detectedDownloadedSamples) { 36 | System.out.println("SHA256 : " + sample.getSha256()); 37 | System.out.println("Date : " + sample.getDate()); 38 | System.out.println("Positives : " + sample.getPositives()); 39 | System.out.println("Total : " + sample.getTotal()); 40 | } 41 | } 42 | 43 | URL[] urls = report.getDetectedUrls(); 44 | if (urls != null) { 45 | System.out.println("Detected URLs"); 46 | for (URL url : urls) { 47 | System.out.println("URL : " + url.getUrl()); 48 | System.out.println("Positives : " + url.getPositives()); 49 | System.out.println("Total : " + url.getTotal()); 50 | System.out.println("Scan Date" + url.getScanDate()); 51 | } 52 | } 53 | 54 | DomainResolution[] resolutions = report.getResolutions(); 55 | if (resolutions != null) { 56 | System.out.println("Resolutions"); 57 | for (DomainResolution resolution : resolutions) { 58 | System.out.println("IP Address : " + resolution.getIpAddress()); 59 | System.out.println("Last Resolved : " + resolution.getLastResolved()); 60 | } 61 | } 62 | 63 | Sample[] unDetectedDownloadedSamples = report.getUndetectedDownloadedSamples(); 64 | if (unDetectedDownloadedSamples != null) { 65 | System.out.println("Undetected Downloaded Samples"); 66 | for (Sample sample : unDetectedDownloadedSamples) { 67 | System.out.println("SHA256 : " + sample.getSha256()); 68 | System.out.println("Date : " + sample.getDate()); 69 | System.out.println("Positives : " + sample.getPositives()); 70 | System.out.println("Total : " + sample.getTotal()); 71 | } 72 | } 73 | 74 | Sample[] unDetectedCommunicatingSamples = report.getUndetectedCommunicatingSamples(); 75 | if (unDetectedCommunicatingSamples != null) { 76 | System.out.println("Undetected Communicating Samples"); 77 | for (Sample sample : unDetectedCommunicatingSamples) { 78 | System.out.println("SHA256 : " + sample.getSha256()); 79 | System.out.println("Date : " + sample.getDate()); 80 | System.out.println("Positives : " + sample.getPositives()); 81 | System.out.println("Total : " + sample.getTotal()); 82 | } 83 | } 84 | 85 | System.out.println("Response Code : " + report.getResponseCode()); 86 | System.out.println("Verbose Message : " + report.getVerboseMessage()); 87 | 88 | 89 | } catch (APIKeyNotFoundException ex) { 90 | System.err.println("API Key not found! " + ex.getMessage()); 91 | } catch (UnauthorizedAccessException ex) { 92 | System.err.println("Invalid API Key " + ex.getMessage()); 93 | } catch (Exception ex) { 94 | System.err.println("Something Bad Happened! " + ex.getMessage()); 95 | } 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/GetFileScanReport.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.FileScanReport; 3 | import com.kanishka.virustotal.dto.VirusScanInfo; 4 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 5 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 6 | import com.kanishka.virustotalv2.VirusTotalConfig; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2; 8 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 9 | 10 | import java.io.UnsupportedEncodingException; 11 | import java.util.Map; 12 | 13 | /** 14 | * Created by kanishka on 12/23/13. 15 | */ 16 | public class GetFileScanReport { 17 | 18 | public static void main(String[] args) { 19 | try { 20 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 21 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 22 | 23 | String resource="06eb19d137ff0a0ccd778b236e8d45c3b9b078115b2ed69baf06aee0244980c1"; 24 | FileScanReport report = virusTotalRef.getScanReport(resource); 25 | 26 | System.out.println("MD5 :\t" + report.getMd5()); 27 | System.out.println("Perma link :\t" + report.getPermalink()); 28 | System.out.println("Resource :\t" + report.getResource()); 29 | System.out.println("Scan Date :\t" + report.getScanDate()); 30 | System.out.println("Scan Id :\t" + report.getScanId()); 31 | System.out.println("SHA1 :\t" + report.getSha1()); 32 | System.out.println("SHA256 :\t" + report.getSha256()); 33 | System.out.println("Verbose Msg :\t" + report.getVerboseMessage()); 34 | System.out.println("Response Code :\t" + report.getResponseCode()); 35 | System.out.println("Positives :\t" + report.getPositives()); 36 | System.out.println("Total :\t" + report.getTotal()); 37 | Map scans=null; 38 | do{ 39 | scans = report.getScans(); 40 | for (String key : scans.keySet()) { 41 | VirusScanInfo virusInfo = scans.get(key); 42 | System.out.println("Scanner : " + key); 43 | System.out.println("\t\t Resut : " + virusInfo.getResult()); 44 | System.out.println("\t\t Update : " + virusInfo.getUpdate()); 45 | System.out.println("\t\t Version :" + virusInfo.getVersion()); 46 | } 47 | }while(scans==null); 48 | 49 | } catch (APIKeyNotFoundException ex) { 50 | System.err.println("API Key not found! " + ex.getMessage()); 51 | } catch (UnsupportedEncodingException ex) { 52 | System.err.println("Unsupported Encoding Format!" + ex.getMessage()); 53 | } catch (UnauthorizedAccessException ex) { 54 | System.err.println("Invalid API Key " + ex.getMessage()); 55 | } catch (Exception ex) { 56 | System.err.println("Something Bad Happened! " + ex.getMessage()); 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/GetIPAddressReport.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.*; 3 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 4 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 5 | import com.kanishka.virustotalv2.VirusTotalConfig; 6 | import com.kanishka.virustotalv2.VirustotalPublicV2; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 8 | 9 | /** 10 | * Created by kanishka on 12/23/13. 11 | */ 12 | public class GetIPAddressReport { 13 | public static void main(String[] args) { 14 | try { 15 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 16 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 17 | 18 | IPAddressReport report = virusTotalRef.getIPAddresReport("69.195.124.58"); 19 | 20 | System.out.println("___IP Rport__"); 21 | 22 | Sample[] communicatingSamples = report.getDetectedCommunicatingSamples(); 23 | if (communicatingSamples != null) { 24 | System.out.println("Communicating Samples"); 25 | for (Sample sample : communicatingSamples) { 26 | System.out.println("SHA256 : " + sample.getSha256()); 27 | System.out.println("Date : " + sample.getDate()); 28 | System.out.println("Positives : " + sample.getPositives()); 29 | System.out.println("Total : " + sample.getTotal()); 30 | } 31 | } 32 | 33 | Sample[] detectedDownloadedSamples = report.getDetectedDownloadedSamples(); 34 | if (detectedDownloadedSamples != null) { 35 | System.out.println("Detected Downloaded Samples"); 36 | for (Sample sample : detectedDownloadedSamples) { 37 | System.out.println("SHA256 : " + sample.getSha256()); 38 | System.out.println("Date : " + sample.getDate()); 39 | System.out.println("Positives : " + sample.getPositives()); 40 | System.out.println("Total : " + sample.getTotal()); 41 | } 42 | } 43 | 44 | URL[] urls = report.getDetectedUrls(); 45 | if (urls != null) { 46 | System.out.println("Detected URLs"); 47 | for (URL url : urls) { 48 | System.out.println("URL : " + url.getUrl()); 49 | System.out.println("Positives : " + url.getPositives()); 50 | System.out.println("Total : " + url.getTotal()); 51 | System.out.println("Scan Date" + url.getScanDate()); 52 | } 53 | } 54 | 55 | IPAddressResolution[] resolutions = report.getResolutions(); 56 | if (resolutions != null) { 57 | System.out.println("Resolutions"); 58 | for (IPAddressResolution resolution : resolutions) { 59 | System.out.println("Host Name : " + resolution.getHostName()); 60 | System.out.println("Last Resolved : " + resolution.getLastResolved()); 61 | } 62 | } 63 | 64 | Sample[] unDetectedDownloadedSamples = report.getUndetectedDownloadedSamples(); 65 | if (unDetectedDownloadedSamples != null) { 66 | System.out.println("Undetected Downloaded Samples"); 67 | for (Sample sample : unDetectedDownloadedSamples) { 68 | System.out.println("SHA256 : " + sample.getSha256()); 69 | System.out.println("Date : " + sample.getDate()); 70 | System.out.println("Positives : " + sample.getPositives()); 71 | System.out.println("Total : " + sample.getTotal()); 72 | } 73 | } 74 | 75 | Sample[] unDetectedCommunicatingSamples = report.getUndetectedCommunicatingSamples(); 76 | if (unDetectedCommunicatingSamples != null) { 77 | System.out.println("Undetected Communicating Samples"); 78 | for (Sample sample : unDetectedCommunicatingSamples) { 79 | System.out.println("SHA256 : " + sample.getSha256()); 80 | System.out.println("Date : " + sample.getDate()); 81 | System.out.println("Positives : " + sample.getPositives()); 82 | System.out.println("Total : " + sample.getTotal()); 83 | } 84 | } 85 | 86 | System.out.println("Response Code : " + report.getResponseCode()); 87 | System.out.println("Verbose Message : " + report.getVerboseMessage()); 88 | 89 | 90 | } catch (APIKeyNotFoundException ex) { 91 | System.err.println("API Key not found! " + ex.getMessage()); 92 | } catch (UnauthorizedAccessException ex) { 93 | System.err.println("Invalid API Key " + ex.getMessage()); 94 | } catch (Exception ex) { 95 | System.err.println("Something Bad Happened! " + ex.getMessage()); 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/GetUrlReport.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.FileScanReport; 3 | import com.kanishka.virustotal.dto.VirusScanInfo; 4 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 5 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 6 | import com.kanishka.virustotalv2.VirusTotalConfig; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2; 8 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 9 | 10 | import java.io.UnsupportedEncodingException; 11 | import java.util.Map; 12 | 13 | /** 14 | * Created by kanishka on 12/23/13. 15 | */ 16 | public class GetUrlReport { 17 | public static void main(String[] args) { 18 | try { 19 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 20 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 21 | 22 | String urls[] = {"http://www.toll-net.be/ ","www.google.lk"}; 23 | FileScanReport[] reports = virusTotalRef.getUrlScanReport(urls, false); 24 | 25 | for (FileScanReport report : reports) { 26 | if(report.getResponseCode()==0){ 27 | System.out.println("Verbose Msg :\t" + report.getVerboseMessage()); 28 | continue; 29 | } 30 | System.out.println("MD5 :\t" + report.getMd5()); 31 | System.out.println("Perma link :\t" + report.getPermalink()); 32 | System.out.println("Resource :\t" + report.getResource()); 33 | System.out.println("Scan Date :\t" + report.getScanDate()); 34 | System.out.println("Scan Id :\t" + report.getScanId()); 35 | System.out.println("SHA1 :\t" + report.getSha1()); 36 | System.out.println("SHA256 :\t" + report.getSha256()); 37 | System.out.println("Verbose Msg :\t" + report.getVerboseMessage()); 38 | System.out.println("Response Code :\t" + report.getResponseCode()); 39 | System.out.println("Positives :\t" + report.getPositives()); 40 | System.out.println("Total :\t" + report.getTotal()); 41 | 42 | Map scans = report.getScans(); 43 | for (String key : scans.keySet()) { 44 | VirusScanInfo virusInfo = scans.get(key); 45 | System.out.println("Scanner : " + key); 46 | System.out.println("\t\t Result : " + virusInfo.getResult()); 47 | System.out.println("\t\t Update : " + virusInfo.getUpdate()); 48 | System.out.println("\t\t Version :" + virusInfo.getVersion()); 49 | } 50 | } 51 | 52 | } catch (APIKeyNotFoundException ex) { 53 | System.err.println("API Key not found! " + ex.getMessage()); 54 | } catch (UnsupportedEncodingException ex) { 55 | System.err.println("Unsupported Encoding Format!" + ex.getMessage()); 56 | } catch (UnauthorizedAccessException ex) { 57 | System.err.println("Invalid API Key " + ex.getMessage()); 58 | } catch (Exception ex) { 59 | System.err.println("Something Bad Happened! " + ex.getMessage()); 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/ScanFile.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.ScanInfo; 3 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 4 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 5 | import com.kanishka.virustotalv2.VirusTotalConfig; 6 | import com.kanishka.virustotalv2.VirustotalPublicV2; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 8 | 9 | import java.io.File; 10 | import java.io.UnsupportedEncodingException; 11 | 12 | /** 13 | * Created by kanishka on 12/23/13. 14 | */ 15 | public class ScanFile { 16 | public static void main(String[] args) { 17 | try { 18 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 19 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 20 | 21 | ScanInfo scanInformation = virusTotalRef.scanFile(new File("C:\\Users\\Neo\\Desktop\\06eb19d137ff0a0ccd778b236e8d45c3b9b078115b2ed69baf06aee0244980c1.apk")); 22 | 23 | System.out.println("___SCAN INFORMATION___"); 24 | System.out.println("MD5 :\t" + scanInformation.getMd5()); 25 | System.out.println("Perma Link :\t" + scanInformation.getPermalink()); 26 | System.out.println("Resource :\t" + scanInformation.getResource()); 27 | System.out.println("Scan Date :\t" + scanInformation.getScanDate()); 28 | System.out.println("Scan Id :\t" + scanInformation.getScanId()); 29 | System.out.println("SHA1 :\t" + scanInformation.getSha1()); 30 | System.out.println("SHA256 :\t" + scanInformation.getSha256()); 31 | System.out.println("Verbose Msg :\t" + scanInformation.getVerboseMessage()); 32 | System.out.println("Response Code :\t" + scanInformation.getResponseCode()); 33 | System.out.println("done."); 34 | } catch (APIKeyNotFoundException ex) { 35 | System.err.println("API Key not found! " + ex.getMessage()); 36 | } catch (UnsupportedEncodingException ex) { 37 | System.err.println("Unsupported Encoding Format!" + ex.getMessage()); 38 | } catch (UnauthorizedAccessException ex) { 39 | System.err.println("Invalid API Key " + ex.getMessage()); 40 | } catch (Exception ex) { 41 | System.err.println("Something Bad Happened! " + ex.getMessage()); 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/MalwareAnalysisDBProject/src/com/progetto_sicurezza/virusTotal/ScanUrls.java: -------------------------------------------------------------------------------- 1 | package com.progetto_sicurezza.virusTotal; 2 | import com.kanishka.virustotal.dto.ScanInfo; 3 | import com.kanishka.virustotal.exception.APIKeyNotFoundException; 4 | import com.kanishka.virustotal.exception.UnauthorizedAccessException; 5 | import com.kanishka.virustotalv2.VirusTotalConfig; 6 | import com.kanishka.virustotalv2.VirustotalPublicV2; 7 | import com.kanishka.virustotalv2.VirustotalPublicV2Impl; 8 | 9 | import java.io.UnsupportedEncodingException; 10 | 11 | /** 12 | * Created by kanishka on 12/23/13. 13 | */ 14 | public class ScanUrls { 15 | public static void main(String[] args) { 16 | try { 17 | VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey(ApiDetails.API_KEY); 18 | VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl(); 19 | 20 | String urls[] = {"www.google.lk", "www.yahoo.com"}; 21 | ScanInfo[] scanInfoArr = virusTotalRef.scanUrls(urls); 22 | 23 | for (ScanInfo scanInformation : scanInfoArr) { 24 | System.out.println("___SCAN INFORMATION___"); 25 | System.out.println("MD5 :\t" + scanInformation.getMd5()); 26 | System.out.println("Perma Link :\t" + scanInformation.getPermalink()); 27 | System.out.println("Resource :\t" + scanInformation.getResource()); 28 | System.out.println("Scan Date :\t" + scanInformation.getScanDate()); 29 | System.out.println("Scan Id :\t" + scanInformation.getScanId()); 30 | System.out.println("SHA1 :\t" + scanInformation.getSha1()); 31 | System.out.println("SHA256 :\t" + scanInformation.getSha256()); 32 | System.out.println("Verbose Msg :\t" + scanInformation.getVerboseMessage()); 33 | System.out.println("Response Code :\t" + scanInformation.getResponseCode()); 34 | System.out.println("done."); 35 | } 36 | 37 | } catch (APIKeyNotFoundException ex) { 38 | System.err.println("API Key not found! " + ex.getMessage()); 39 | } catch (UnsupportedEncodingException ex) { 40 | System.err.println("Unsupported Encoding Format!" + ex.getMessage()); 41 | } catch (UnauthorizedAccessException ex) { 42 | System.err.println("Invalid API Key " + ex.getMessage()); 43 | } catch (Exception ex) { 44 | System.err.println("Something Bad Happened! " + ex.getMessage()); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/README.txt: -------------------------------------------------------------------------------- 1 | MalwareAnalysisDBProject 2 | contains the java project we used to develope 3 | an easy to use UI to make some useful queries to the DB. 4 | It also contains the classes used to submit apks to VirusTotal analysis. 5 | 6 | - com.progetto_sicurezza.dbconfig 7 | Contains DBConfiguration.java 8 | wich stores configuration info used to connect mysql DBMS. 9 | 10 | - com.progetto_sicurezza.ui.InterfaceUI.java 11 | Contains main method for the DB GUI 12 | Results files are stored in the working directory. 13 | 14 | - com.progetto_sicurezza.dao 15 | - com.progetto_sicurezza.model 16 | DAO e Model for the DB. 17 | 18 | - com.progetto_sicurezza.virusTotal 19 | Contains the code we used to submit malwares to VirusTotal 20 | command line args: 21 | args[0]: directory location of apks to submit. 22 | args[1]: destination directory. 23 | 24 | 25 | ################################################ 26 | 27 | malware_data_collection.sql 28 | cointains the schema of our mysql db. 29 | 30 | ################################################ 31 | 32 | Authors: 33 | Raffaele Esposito 34 | Michele Meninno 35 | Pasquale Battista 36 | Agostino Delucia 37 | -------------------------------------------------------------------------------- /DB_and_virustotal_submission/malware_data_collection.sql: -------------------------------------------------------------------------------- 1 | -- phpMyAdmin SQL Dump 2 | -- version 3.5.2.2 3 | -- http://www.phpmyadmin.net 4 | -- 5 | -- Host: 127.0.0.1 6 | -- Generato il: Feb 24, 2015 alle 16:25 7 | -- Versione del server: 5.5.27 8 | -- Versione PHP: 5.4.7 9 | 10 | SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; 11 | SET time_zone = "+00:00"; 12 | 13 | 14 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; 15 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; 16 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; 17 | /*!40101 SET NAMES utf8 */; 18 | 19 | -- 20 | -- Database: `malware_data_collection` 21 | -- 22 | 23 | -- -------------------------------------------------------- 24 | 25 | -- 26 | -- Struttura della tabella `anti_malware` 27 | -- 28 | 29 | CREATE TABLE IF NOT EXISTS `anti_malware` ( 30 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 31 | `nome` varchar(30) NOT NULL, 32 | `software_house` varchar(30) DEFAULT NULL, 33 | `version` varchar(30) CHARACTER SET latin1 COLLATE latin1_bin DEFAULT NULL, 34 | PRIMARY KEY (`id`), 35 | UNIQUE KEY `nome` (`nome`), 36 | UNIQUE KEY `nome_2` (`nome`) 37 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=58 ; 38 | 39 | -- -------------------------------------------------------- 40 | 41 | -- 42 | -- Struttura della tabella `malware` 43 | -- 44 | 45 | CREATE TABLE IF NOT EXISTS `malware` ( 46 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 47 | `malware_str_id` varchar(70) COLLATE utf8_unicode_ci NOT NULL, 48 | `dimension_kb` float unsigned DEFAULT NULL, 49 | `id_family` int(10) unsigned DEFAULT NULL, 50 | `description` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL, 51 | PRIMARY KEY (`id`), 52 | UNIQUE KEY `malware_str_id` (`malware_str_id`), 53 | KEY `dimension_kb` (`dimension_kb`), 54 | KEY `id_family` (`id_family`) 55 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=5561 ; 56 | 57 | -- -------------------------------------------------------- 58 | 59 | -- 60 | -- Struttura della tabella `malware_family` 61 | -- 62 | 63 | CREATE TABLE IF NOT EXISTS `malware_family` ( 64 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 65 | `family_name` varchar(50) COLLATE utf8_unicode_ci NOT NULL, 66 | `family_description` varchar(100) COLLATE utf8_unicode_ci DEFAULT NULL, 67 | PRIMARY KEY (`id`), 68 | UNIQUE KEY `id` (`id`), 69 | UNIQUE KEY `family_name` (`family_name`) 70 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=179 ; 71 | 72 | -- -------------------------------------------------------- 73 | 74 | -- 75 | -- Struttura della tabella `scans_post_transformations` 76 | -- 77 | 78 | CREATE TABLE IF NOT EXISTS `scans_post_transformations` ( 79 | `id_malware` int(10) unsigned NOT NULL, 80 | `id_anti_malware` int(10) unsigned NOT NULL, 81 | `scan_result_is_malicious` set('T','F') COLLATE utf8_unicode_ci NOT NULL, 82 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 83 | `disass_and_reass` tinyint(1) NOT NULL DEFAULT '1', 84 | `repacking` tinyint(1) NOT NULL DEFAULT '0', 85 | `call_indirection` tinyint(1) NOT NULL DEFAULT '0', 86 | `changing_package` tinyint(1) NOT NULL DEFAULT '0', 87 | `changing_classname` tinyint(1) NOT NULL DEFAULT '0', 88 | `code_reorder` tinyint(1) NOT NULL DEFAULT '0', 89 | `data_encoding` tinyint(1) NOT NULL DEFAULT '0', 90 | `junk_nop` tinyint(1) NOT NULL DEFAULT '0', 91 | `junk_nop_unc_jump` tinyint(1) NOT NULL DEFAULT '0', 92 | `junk_random_garbage` tinyint(1) NOT NULL DEFAULT '0', 93 | `signature_update_id` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL, 94 | PRIMARY KEY (`id`), 95 | UNIQUE KEY `id_malware_2` (`id_malware`,`id_anti_malware`,`disass_and_reass`,`repacking`,`call_indirection`,`changing_package`,`changing_classname`,`code_reorder`,`data_encoding`,`junk_nop`,`junk_nop_unc_jump`,`junk_random_garbage`), 96 | KEY `id_malware` (`id_malware`,`id_anti_malware`), 97 | KEY `id_anti_malware` (`id_anti_malware`) 98 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=592804 ; 99 | 100 | -- -------------------------------------------------------- 101 | 102 | -- 103 | -- Struttura della tabella `scans_pre_transformations` 104 | -- 105 | 106 | CREATE TABLE IF NOT EXISTS `scans_pre_transformations` ( 107 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 108 | `id_malware` int(10) unsigned NOT NULL, 109 | `id_anti_malware` int(10) unsigned NOT NULL, 110 | `scan_result_is_malicious` enum('T','F') COLLATE utf8_unicode_ci NOT NULL, 111 | `id_update_signature` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL, 112 | PRIMARY KEY (`id`), 113 | UNIQUE KEY `id_malware_2` (`id_malware`,`id_anti_malware`), 114 | KEY `id_anti_malware` (`id_anti_malware`), 115 | KEY `id_malware` (`id_malware`) 116 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=325839 ; 117 | 118 | -- 119 | -- Limiti per le tabelle scaricate 120 | -- 121 | 122 | -- 123 | -- Limiti per la tabella `malware` 124 | -- 125 | ALTER TABLE `malware` 126 | ADD CONSTRAINT `malware_ibfk_1` FOREIGN KEY (`id_family`) REFERENCES `malware_family` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION; 127 | 128 | -- 129 | -- Limiti per la tabella `scans_post_transformations` 130 | -- 131 | ALTER TABLE `scans_post_transformations` 132 | ADD CONSTRAINT `scans_post_transformations_ibfk_2` FOREIGN KEY (`id_malware`) REFERENCES `malware` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION, 133 | ADD CONSTRAINT `scans_post_transformations_ibfk_3` FOREIGN KEY (`id_anti_malware`) REFERENCES `anti_malware` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION; 134 | 135 | -- 136 | -- Limiti per la tabella `scans_pre_transformations` 137 | -- 138 | ALTER TABLE `scans_pre_transformations` 139 | ADD CONSTRAINT `scans_pre_transformations_ibfk_1` FOREIGN KEY (`id_malware`) REFERENCES `malware` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION, 140 | ADD CONSTRAINT `scans_pre_transformations_ibfk_2` FOREIGN KEY (`id_anti_malware`) REFERENCES `anti_malware` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION; 141 | 142 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; 143 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; 144 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; 145 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Software and Network Security - A.Y. 2014-2015
2 | Department of Engineering, University of Sannio, Benevento, Italy
3 | 4 | Supervisors:
5 | Prof. Corrado Aaron Visaggio, email: , web: http://www.aaronvisaggio.it/
6 | Francesco Mercaldo, email:
7 | Developers:
8 | Agostino De Lucia, email:
9 | Raffaele Esposito, email:
10 | Michele Meninno, email:
11 | Pasquale Battista, email:
12 | 13 | 14 | # Android Malware Evaluating Tools 15 | In order to accomplish a deep antimalwares' detection algorithms analysis, we developed two different tools, both coded in Java.

16 | 17 | The first tool, named Alan, through a simple UI, provides the application of eight different smali code transformations
18 | (detailed informations about these transformations can be found into the paper attached with the project).
19 | This tool contains other two free tools (signapk, apktool) used to decompile and recompile an android
20 | application, providing almost original resources of the application.
21 | The tool works on smali code, a human readable dalvik bytecode.
22 | The aim of these transformations is hiding a malicious behaviour of an application from static malware scanning techniques. 23 | A transformed application can be submitted on the website VirusTotal where it can be analyzed by 57 well-known (free and paid) anti-malwares.

24 | 25 | In order to work on a large malaware data-set, we developed a second tool, composed basically of code 26 | enabling an automatic upload of the android applications on virus-total, using his specific java API, storing 27 | result analysis on a relational database (we provide the schema in the project).
28 | This tool provides a simple UI to select among several queries, presenting results on html files
29 | Everything is well-documented and ready to be improved for future works.
30 | 31 | If you are interested in the results of the study we've carried out analyzing how 57 antimalwares
32 | from VirusTotal perform against 5600 malwares, before and after the application of
obfuscating transformations, you can contact us.
33 | 34 | 35 | -------------------------------------------------------------------------------- /framework sources/Alan/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /framework sources/Alan/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | TransformationEngine3 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /framework sources/Alan/apktool/AndroidManifest.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/apktool/AndroidManifest.xml -------------------------------------------------------------------------------- /framework sources/Alan/apktool/aapt.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/apktool/aapt.exe -------------------------------------------------------------------------------- /framework sources/Alan/apktool/apktool.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | set PATH=%CD%;%PATH%; 3 | java -jar "%~dp0\apktool.jar" %1 %2 %3 %4 %5 %6 %7 %8 %9 4 | -------------------------------------------------------------------------------- /framework sources/Alan/apktool/apktool.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/apktool/apktool.jar -------------------------------------------------------------------------------- /framework sources/Alan/bin/GestoreCheckBoxPackageName.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/GestoreCheckBoxPackageName.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/GestoreFrame.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/GestoreFrame.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/GestorePackageName.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/GestorePackageName.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/GestorePulsanteAddApk.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/GestorePulsanteAddApk.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/GestorePulsanteStart.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/GestorePulsanteStart.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/InterfaceEngine.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/InterfaceEngine.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/Main.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/Main.class -------------------------------------------------------------------------------- /framework sources/Alan/bin/ThreadPulsanteStart.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/bin/ThreadPulsanteStart.class -------------------------------------------------------------------------------- /framework sources/Alan/callIndirection.bat: -------------------------------------------------------------------------------- 1 | echo START CALL INDIRECTION... 2 | cd callIndirection 3 | call java -jar callIndirection.jar ..\%1\smali 4 | cd.. 5 | echo END CALL INDIRECTION 6 | -------------------------------------------------------------------------------- /framework sources/Alan/callIndirection/callIndirection.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/callIndirection/callIndirection.jar -------------------------------------------------------------------------------- /framework sources/Alan/changingPackage.bat: -------------------------------------------------------------------------------- 1 | echo START CHANGING PACKAGE NAME... 2 | cd changingPackage 3 | call java -jar changingPackage.jar ..\%1\AndroidManifest.xml %2 ..\%1 4 | cd.. 5 | echo END CHANGING PACKAGE NAME 6 | -------------------------------------------------------------------------------- /framework sources/Alan/changingPackage/changingPackage.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/changingPackage/changingPackage.jar -------------------------------------------------------------------------------- /framework sources/Alan/codeReordering.bat: -------------------------------------------------------------------------------- 1 | echo START CODE REORDERING... 2 | cd codeReordering 3 | call java -jar codeReorder.jar ..\%1\smali 4 | cd.. 5 | echo END CODE REORDERING. 6 | -------------------------------------------------------------------------------- /framework sources/Alan/codeReordering/codeReorder.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/codeReordering/codeReorder.jar -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/.gitignore: -------------------------------------------------------------------------------- 1 | *.py[co] 2 | 3 | # Packages 4 | *.egg 5 | *.egg-info 6 | dist 7 | build 8 | eggs 9 | parts 10 | bin 11 | var 12 | sdist 13 | develop-eggs 14 | .installed.cfg 15 | 16 | # Installer logs 17 | pip-log.txt 18 | 19 | # Unit test / coverage reports 20 | .coverage 21 | .tox 22 | 23 | #Translations 24 | *.mo 25 | 26 | #Mr Developer 27 | .mr.developer.cfg 28 | -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/README.md: -------------------------------------------------------------------------------- 1 | dalvik-obfuscator 2 | ================= 3 | 4 | a set of tools/scripts to obfuscate and manipulate dex files 5 | 6 | This toolset has been used to create an Android Proof-of-Concept crackme. 7 | It has also been used to create test APK files in order 8 | to evaluate this obfuscation technique against common 9 | reverse engineering tools for Android. 10 | 11 | Further information about this obfuscation technique can be found under: 12 | http://www.dexlabs.org/blog/bytecode-obfuscation 13 | 14 | WARNING: 15 | Don't apply this technique to your applications. It can break your app. 16 | It is for research only! -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/baksmali-modifier.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Copyright (C) 2012 pleed@dexlabs.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the 'License'); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an 'AS IS' BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | import sys 18 | import os 19 | 20 | from pyparsing import * 21 | 22 | InjectedCode = ["nop\n" for i in range(10)] 23 | MethodToken = Literal(".method") 24 | AccessFlag = Literal("public") | \ 25 | Literal("private") | \ 26 | Literal("protected")| \ 27 | Literal("abstract")| \ 28 | Literal("static")| \ 29 | Literal("constructor")| \ 30 | Literal("final")| \ 31 | Literal("native") | \ 32 | Literal("bridge") | \ 33 | Literal("synthetic") | \ 34 | Literal("native") | \ 35 | Literal("varargs") | \ 36 | Literal("declared-synchronized") 37 | 38 | JavaType = Word(alphas+"[", alphanums +"_$[;/", min=1) 39 | MethodName = Word(alphas+"$_<", alphanums+"_>$", min=1) 40 | ArgList = JavaType 41 | MethodProtoType = MethodName + Suppress("(") + Optional(ArgList) + Suppress(")") + JavaType 42 | MethodDecl = Suppress(MethodToken) + ZeroOrMore(AccessFlag) + Suppress(MethodProtoType) 43 | 44 | def injectnops(filename): 45 | with open(filename, "r") as smalifile: 46 | lines = smalifile.readlines() 47 | modified = [] 48 | for index, line in enumerate(lines): 49 | modified.append(line) 50 | if line.startswith(".method"): 51 | try: 52 | flags = list(MethodDecl.parseString(line.strip("\n"),parseAll=True)) 53 | except Exception as e: 54 | print line 55 | raise e 56 | if "abstract" not in flags and "native" not in flags: 57 | modified += InjectedCode 58 | 59 | with open(filename, "w") as smalifile: 60 | smalifile.writelines(modified) 61 | 62 | def run(directory): 63 | for dirpath, dinames, filenames in os.walk(directory): 64 | for filename in filter(lambda x: x.endswith(".smali"), filenames): 65 | injectnops(os.path.join(dirpath, filename)) 66 | 67 | def usage(): 68 | print "%s %s"%(sys.argv[0], sys.argv[1]) 69 | print "" 70 | print "inject nops into baksmali files" 71 | 72 | if __name__ == "__main__": 73 | if len(sys.argv) != 2: 74 | usage() 75 | else: 76 | run(sys.argv[1]) 77 | 78 | 79 | -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/nopToJunk1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/dalvikobfuscator/nopToJunk1.jar -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/nopToJunk2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/dalvikobfuscator/nopToJunk2.jar -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/obfuscate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2012 thuxnder@dexlabs.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the 'License'); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an 'AS IS' BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | pw=NULL 18 | 19 | echo "unpacking" && 20 | java -jar tools/apktool/apktool.jar d $1 out > /dev/null 2>&1 && 21 | echo "injecting nop sled" && 22 | python baksmali-modifier.py out/smali > /dev/null && 23 | echo "repacking" && 24 | java -jar tools/apktool/apktool.jar b out new.apk > /dev/null 2>&1 && 25 | echo "extract classes.dex" && 26 | unzip new.apk classes.dex > /dev/null && 27 | echo "add obfuscation" && 28 | python injector.py classes.dex > /dev/null && 29 | echo "add classes.dex" && 30 | aapt r new.apk classes.dex > /dev/null && 31 | aapt a new.apk classes.dex > /dev/null && 32 | #echo "signing" && 33 | #echo $pw | jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore keystore new.apk KEYNAME > /dev/null 2>&1 ; 34 | rm classes.dex && 35 | rm -r out && 36 | echo "done" 37 | 38 | 39 | -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/readme1.txt: -------------------------------------------------------------------------------- 1 | -JUNK INSTRUCTION 2 | 3 | -questo script inserisce delle "nop" all'interno di tutti i file .smali della directori indicata in input 4 | 5 | python baksmali-modifier.p "path della directory smali" 6 | 7 | -------------------------------------------------------------------------------- /framework sources/Alan/dalvikobfuscator/readme2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/dalvikobfuscator/readme2.txt -------------------------------------------------------------------------------- /framework sources/Alan/dataEncoding.bat: -------------------------------------------------------------------------------- 1 | echo START DATA ENCODING... 2 | cd dataEncoding 3 | call java -jar encrypter.jar ..\%1\smali 4 | mkdir ..\%1\smali\com12345689 5 | copy Decrypter.smali ..\%1\smali\com12345689 6 | cd.. 7 | echo END DATA ENCODING. 8 | -------------------------------------------------------------------------------- /framework sources/Alan/dataEncoding/Decrypter.smali: -------------------------------------------------------------------------------- 1 | .class public Lcom123456789/Decrypter; 2 | .super Ljava/lang/Object; 3 | .source "Decrypter.java" 4 | 5 | 6 | # direct methods 7 | .method public constructor ()V 8 | .locals 0 9 | 10 | .prologue 11 | .line 6 12 | invoke-direct {p0}, Ljava/lang/Object;->()V 13 | 14 | return-void 15 | .end method 16 | 17 | .method public static applyCaesar(Ljava/lang/String;)Ljava/lang/String; 18 | .locals 8 19 | .param p0, "text" # Ljava/lang/String; 20 | 21 | .prologue 22 | const/16 v7, 0x20 23 | 24 | .line 10 25 | const/4 v3, -0x2 26 | 27 | .line 11 28 | .local v3, "shift":I 29 | invoke-virtual {p0}, Ljava/lang/String;->toCharArray()[C 30 | 31 | move-result-object v1 32 | 33 | .line 12 34 | .local v1, "chars":[C 35 | const/4 v4, 0x0 36 | 37 | .line 13 38 | .local v4, "skip":Z 39 | const/4 v2, 0x0 40 | 41 | .local v2, "i":I 42 | :goto_0 43 | invoke-virtual {p0}, Ljava/lang/String;->length()I 44 | 45 | move-result v6 46 | 47 | if-lt v2, v6, :cond_0 48 | 49 | .line 53 50 | new-instance v6, Ljava/lang/String; 51 | 52 | invoke-direct {v6, v1}, Ljava/lang/String;->([C)V 53 | 54 | return-object v6 55 | 56 | .line 15 57 | :cond_0 58 | aget-char v0, v1, v2 59 | 60 | .line 16 61 | .local v0, "c":C 62 | const/16 v6, 0x5c 63 | 64 | if-ne v0, v6, :cond_2 65 | 66 | .line 18 67 | const/4 v4, 0x1 68 | 69 | .line 13 70 | :cond_1 71 | :goto_1 72 | add-int/lit8 v2, v2, 0x1 73 | 74 | goto :goto_0 75 | 76 | .line 21 77 | :cond_2 78 | const/16 v6, 0x22 79 | 80 | if-eq v0, v6, :cond_1 81 | 82 | .line 23 83 | if-eq v0, v7, :cond_1 84 | 85 | .line 25 86 | const/16 v6, 0xa 87 | 88 | if-eq v0, v6, :cond_1 89 | 90 | .line 27 91 | const/16 v6, 0x9 92 | 93 | if-eq v0, v6, :cond_1 94 | 95 | .line 29 96 | const/16 v6, 0x27 97 | 98 | if-eq v0, v6, :cond_1 99 | 100 | .line 31 101 | const/16 v6, 0x5a 102 | 103 | if-eq v0, v6, :cond_1 104 | 105 | .line 35 106 | if-lt v0, v7, :cond_1 107 | 108 | const/16 v6, 0x7f 109 | 110 | if-gt v0, v6, :cond_1 111 | 112 | .line 38 113 | if-eq v0, v7, :cond_3 114 | 115 | if-nez v4, :cond_1 116 | 117 | .line 43 118 | :cond_3 119 | const/4 v4, 0x0 120 | 121 | .line 46 122 | add-int/lit8 v5, v0, -0x20 123 | 124 | .line 47 125 | .local v5, "x":I 126 | add-int v6, v5, v3 127 | 128 | rem-int/lit8 v5, v6, 0x60 129 | 130 | .line 48 131 | if-gez v5, :cond_4 132 | 133 | .line 49 134 | add-int/lit8 v5, v5, 0x60 135 | 136 | .line 50 137 | :cond_4 138 | add-int/lit8 v6, v5, 0x20 139 | 140 | int-to-char v6, v6 141 | 142 | aput-char v6, v1, v2 143 | 144 | goto :goto_1 145 | .end method 146 | -------------------------------------------------------------------------------- /framework sources/Alan/dataEncoding/encrypter.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/dataEncoding/encrypter.jar -------------------------------------------------------------------------------- /framework sources/Alan/disass.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | echo START DISASSEMBLING... 3 | call apktool\apktool d %1 4 | echo END DISASSEMBLING. 5 | -------------------------------------------------------------------------------- /framework sources/Alan/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/icon.png -------------------------------------------------------------------------------- /framework sources/Alan/identifierRenaming.bat: -------------------------------------------------------------------------------- 1 | echo START IDENTIFIER RENAMING... 2 | cd identifierRenaming 3 | call java -jar identifierRenaming.jar ..\%1\AndroidManifest.xml ..\%1 %2 4 | cd.. 5 | echo END IDENTIFIER RENAMIN 6 | -------------------------------------------------------------------------------- /framework sources/Alan/identifierRenaming/identifierRenaming.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/identifierRenaming/identifierRenaming.jar -------------------------------------------------------------------------------- /framework sources/Alan/insjunk.bat: -------------------------------------------------------------------------------- 1 | cd dalvikobfuscator 2 | if %2==nop ( 3 | echo START INSERT JUNK INSTRUCTIONS NOP... 4 | python baksmali-modifier.py ..\%1\smali 5 | echo END INSERT JUNK INSTRUCTIONS NOP 6 | ) 7 | if %2==branch ( 8 | echo START INSERT JUNK INSTRUCTION BRANCH... 9 | python baksmali-modifier.py ..\%1\smali 10 | call java -jar nopToJunk1.jar ..\%1\smali 11 | echo END INSERT JUNK INSTRUCTION BRANCH 12 | ) 13 | if %2==garbage ( 14 | echo START INSERT JUNK INSTRUCTION GARBAGE... 15 | call java -jar nopToJunk2.jar ..\%1\smali 16 | echo END INSERT JUNK INSTRUCTION GARBAGE 17 | ) 18 | if %2==nop-garbage ( 19 | echo START INSERT JUNK INSTRUCTION NOP-GARBAGE... 20 | python baksmali-modifier.py ..\%1\smali 21 | call java -jar nopToJunk2.jar ..\%1\smali 22 | echo END INSERT JUNK INSTRUCTION NOP-GARBAGE 23 | ) 24 | if %2==branch-garbage ( 25 | echo START INSERT JUNK INSTRUCTION BRANCH-GARBAGE... 26 | python baksmali-modifier.py ..\%1\smali 27 | call java -jar nopToJunk1.jar ..\%1\smali 28 | call java -jar nopToJunk2.jar ..\%1\smali 29 | echo END INSERT JUNK INSTRUCTION BRANCH-GARBAGE 30 | ) 31 | cd.. 32 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/NOTICE.txt: -------------------------------------------------------------------------------- 1 | Apache Commons IO 2 | Copyright 2002-2012 The Apache Software Foundation 3 | 4 | This product includes software developed by 5 | The Apache Software Foundation (http://www.apache.org/). 6 | 7 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/RELEASE-NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/RELEASE-NOTES.txt -------------------------------------------------------------------------------- /framework sources/Alan/lib/commons-io-2.4-javadoc.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/commons-io-2.4-javadoc.jar -------------------------------------------------------------------------------- /framework sources/Alan/lib/commons-io-2.4-sources.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/commons-io-2.4-sources.jar -------------------------------------------------------------------------------- /framework sources/Alan/lib/commons-io-2.4-test-sources.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/commons-io-2.4-test-sources.jar -------------------------------------------------------------------------------- /framework sources/Alan/lib/commons-io-2.4-tests.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/commons-io-2.4-tests.jar -------------------------------------------------------------------------------- /framework sources/Alan/lib/commons-io-2.4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/commons-io-2.4.jar -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Commons IO 2.4 API 9 | 10 | 21 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | <H2> 32 | Frame Alert</H2> 33 | 34 | <P> 35 | This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. 36 | <BR> 37 | Link to<A HREF="overview-summary.html">Non-frame version.</A> 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/comparator/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.comparator (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.comparator 21 | 22 | 23 | 42 | 43 |
24 | Classes  25 | 26 |
27 | CompositeFileComparator 28 |
29 | DefaultFileComparator 30 |
31 | DirectoryFileComparator 32 |
33 | ExtensionFileComparator 34 |
35 | LastModifiedFileComparator 36 |
37 | NameFileComparator 38 |
39 | PathFileComparator 40 |
41 | SizeFileComparator
44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/comparator/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Uses of Package org.apache.commons.io.comparator (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 23 | 25 | 26 | 27 | 28 | 29 |
30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 52 | 55 | 56 | 57 | 58 | 61 | 77 | 78 |
38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 |
Overview  Package  Class   Use  Tree  Deprecated  Index  Help 
51 | 		53 | 54 |
59 |  PREV  60 |  NEXT 62 | FRAMES   63 |  NO FRAMES   64 |   71 | 74 | 75 | 76 |
79 | 80 | 81 | 82 |
83 |
84 |

85 | Uses of Package
org.apache.commons.io.comparator

86 |
87 | No usage of org.apache.commons.io.comparator 88 |

89 |

90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 112 | 115 | 116 | 117 | 118 | 121 | 137 | 138 |
98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 |
Overview  Package  Class   Use  Tree  Deprecated  Index  Help 
111 | 		113 | 114 |
119 |  PREV  120 |  NEXT 122 | FRAMES   123 |  NO FRAMES   124 |   131 | 134 | 135 | 136 |
139 | 140 | 141 | 142 |
143 | Copyright © 2002-2012 The Apache Software Foundation. All Rights Reserved. 144 | 145 | 146 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/filefilter/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.filefilter (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.filefilter 21 | 22 | 23 | 30 | 31 |
24 | Interfaces  25 | 26 |
27 | ConditionalFileFilter 28 |
29 | IOFileFilter
32 | 33 | 34 | 35 | 36 | 85 | 86 |
37 | Classes  38 | 39 |
40 | AbstractFileFilter 41 |
42 | AgeFileFilter 43 |
44 | AndFileFilter 45 |
46 | CanReadFileFilter 47 |
48 | CanWriteFileFilter 49 |
50 | DelegateFileFilter 51 |
52 | DirectoryFileFilter 53 |
54 | EmptyFileFilter 55 |
56 | FalseFileFilter 57 |
58 | FileFileFilter 59 |
60 | FileFilterUtils 61 |
62 | HiddenFileFilter 63 |
64 | MagicNumberFileFilter 65 |
66 | NameFileFilter 67 |
68 | NotFileFilter 69 |
70 | OrFileFilter 71 |
72 | PrefixFileFilter 73 |
74 | RegexFileFilter 75 |
76 | SizeFileFilter 77 |
78 | SuffixFileFilter 79 |
80 | TrueFileFilter 81 |
82 | WildcardFileFilter 83 |
84 | WildcardFilter
87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/input/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.input (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.input 21 | 22 | 23 | 28 | 29 |
24 | Interfaces  25 | 26 |
27 | TailerListener
30 | 31 | 32 | 33 | 34 | 83 | 84 |
35 | Classes  36 | 37 |
38 | AutoCloseInputStream 39 |
40 | BOMInputStream 41 |
42 | BoundedInputStream 43 |
44 | BrokenInputStream 45 |
46 | CharSequenceInputStream 47 |
48 | CharSequenceReader 49 |
50 | ClassLoaderObjectInputStream 51 |
52 | ClosedInputStream 53 |
54 | CloseShieldInputStream 55 |
56 | CountingInputStream 57 |
58 | DemuxInputStream 59 |
60 | NullInputStream 61 |
62 | NullReader 63 |
64 | ProxyInputStream 65 |
66 | ProxyReader 67 |
68 | ReaderInputStream 69 |
70 | ReversedLinesFileReader 71 |
72 | SwappedDataInputStream 73 |
74 | TaggedInputStream 75 |
76 | Tailer 77 |
78 | TailerListenerAdapter 79 |
80 | TeeInputStream 81 |
82 | XmlStreamReader
85 | 86 | 87 | 88 | 89 | 94 | 95 |
90 | Exceptions  91 | 92 |
93 | XmlStreamReaderException
96 | 97 | 98 | 99 | 100 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/monitor/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.monitor (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.monitor 21 | 22 | 23 | 28 | 29 |
24 | Interfaces  25 | 26 |
27 | FileAlterationListener
30 | 31 | 32 | 33 | 34 | 45 | 46 |
35 | Classes  36 | 37 |
38 | FileAlterationListenerAdaptor 39 |
40 | FileAlterationMonitor 41 |
42 | FileAlterationObserver 43 |
44 | FileEntry
47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/output/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.output (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.output 21 | 22 | 23 | 64 | 65 |
24 | Classes  25 | 26 |
27 | BrokenOutputStream 28 |
29 | ByteArrayOutputStream 30 |
31 | ClosedOutputStream 32 |
33 | CloseShieldOutputStream 34 |
35 | CountingOutputStream 36 |
37 | DeferredFileOutputStream 38 |
39 | DemuxOutputStream 40 |
41 | FileWriterWithEncoding 42 |
43 | LockableFileWriter 44 |
45 | NullOutputStream 46 |
47 | NullWriter 48 |
49 | ProxyOutputStream 50 |
51 | ProxyWriter 52 |
53 | StringBuilderWriter 54 |
55 | TaggedOutputStream 56 |
57 | TeeOutputStream 58 |
59 | ThresholdingOutputStream 60 |
61 | WriterOutputStream 62 |
63 | XmlStreamWriter
66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/org/apache/commons/io/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io 21 | 22 | 23 | 56 | 57 |
24 | Classes  25 | 26 |
27 | ByteOrderMark 28 |
29 | Charsets 30 |
31 | CopyUtils 32 |
33 | DirectoryWalker 34 |
35 | EndianUtils 36 |
37 | FileCleaner 38 |
39 | FileCleaningTracker 40 |
41 | FileDeleteStrategy 42 |
43 | FilenameUtils 44 |
45 | FileSystemUtils 46 |
47 | FileUtils 48 |
49 | HexDump 50 |
51 | IOCase 52 |
53 | IOUtils 54 |
55 | LineIterator
58 | 59 | 60 | 61 | 62 | 73 | 74 |
63 | Exceptions  64 | 65 |
66 | DirectoryWalker.CancelException 67 |
68 | FileExistsException 69 |
70 | IOExceptionWithCause 71 |
72 | TaggedIOException
75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/overview-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Overview List (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 24 | 25 |
23 |
26 | 27 | 28 | 29 | 47 | 48 |
All Classes 30 |

31 | 32 | Packages 33 |
34 | org.apache.commons.io 35 |
36 | org.apache.commons.io.comparator 37 |
38 | org.apache.commons.io.filefilter 39 |
40 | org.apache.commons.io.input 41 |
42 | org.apache.commons.io.monitor 43 |
44 | org.apache.commons.io.output 45 |
46 |

49 | 50 |

51 |   52 | 53 | 54 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/package-list: -------------------------------------------------------------------------------- 1 | org.apache.commons.io 2 | org.apache.commons.io.comparator 3 | org.apache.commons.io.filefilter 4 | org.apache.commons.io.input 5 | org.apache.commons.io.monitor 6 | org.apache.commons.io.output 7 | -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/resources/inherit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/lib/docs/resources/inherit.gif -------------------------------------------------------------------------------- /framework sources/Alan/lib/docs/stylesheet.css: -------------------------------------------------------------------------------- 1 | /* Javadoc style sheet */ 2 | 3 | /* Define colors, fonts and other style attributes here to override the defaults */ 4 | 5 | /* Page background color */ 6 | body { background-color: #FFFFFF; color:#000000 } 7 | 8 | /* Headings */ 9 | h1 { font-size: 145% } 10 | 11 | /* Table colors */ 12 | .TableHeadingColor { background: #CCCCFF; color:#000000 } /* Dark mauve */ 13 | .TableSubHeadingColor { background: #EEEEFF; color:#000000 } /* Light mauve */ 14 | .TableRowColor { background: #FFFFFF; color:#000000 } /* White */ 15 | 16 | /* Font used in left-hand frame lists */ 17 | .FrameTitleFont { font-size: 100%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 18 | .FrameHeadingFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 19 | .FrameItemFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 20 | 21 | /* Navigation bar fonts and colors */ 22 | .NavBarCell1 { background-color:#EEEEFF; color:#000000} /* Light mauve */ 23 | .NavBarCell1Rev { background-color:#00008B; color:#FFFFFF} /* Dark Blue */ 24 | .NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;color:#000000;} 25 | .NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;color:#FFFFFF;} 26 | 27 | .NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 28 | .NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 29 | 30 | -------------------------------------------------------------------------------- /framework sources/Alan/reass.bat: -------------------------------------------------------------------------------- 1 | echo START REASSEMBLING... 2 | call apktool\apktool b %1 3 | echo END REASSEMBLING. 4 | -------------------------------------------------------------------------------- /framework sources/Alan/repack.bat: -------------------------------------------------------------------------------- 1 | echo START REPACKING... 2 | cd signapk 3 | call java -jar signapk.jar certificate.pem key.pk8 ..\%1\dist\%2 %3\%2 4 | cd.. 5 | echo END REPACKING. 6 | -------------------------------------------------------------------------------- /framework sources/Alan/signapk/certificate.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICtTCCAh4CCQDm79UqF+Dc5zANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMC 3 | SUQxEzARBgNVBAgTCkphd2EgQmFyYXQxEDAOBgNVBAcTB0JhbmR1bmcxEjAQBgNV 4 | BAoTCUxvbmRhdGlnYTETMBEGA1UECxMKQW5kcm9pZERldjEaMBgGA1UEAxMRTG9y 5 | ZW5zaXVzIFcuIEwuIFQxIzAhBgkqhkiG9w0BCQEWFGxvcmVuekBsb25kYXRpZ2Eu 6 | bmV0MB4XDTEwMDUwNTA5MjEzOFoXDTEzMDEyODA5MjEzOFowgZ4xCzAJBgNVBAYT 7 | AklEMRMwEQYDVQQIEwpKYXdhIEJhcmF0MRAwDgYDVQQHEwdCYW5kdW5nMRIwEAYD 8 | VQQKEwlMb25kYXRpZ2ExEzARBgNVBAsTCkFuZHJvaWREZXYxGjAYBgNVBAMTEUxv 9 | cmVuc2l1cyBXLiBMLiBUMSMwIQYJKoZIhvcNAQkBFhRsb3JlbnpAbG9uZGF0aWdh 10 | Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy2oWtbdVXMHGiS6cA3qi 11 | 3VfZt5Vz9jTlux+TEcGx5h18ZKwclyo+z2B0L/p5bYdnrTdFEiD7IxvX+h3lu0JV 12 | B9rdXZdyrzXNOw5YFrsn2k7hKvB8KEBaga1gZEwodlc6N14H3FbZdZkIA9V716Pu 13 | e5CWBZ2VqU03lUJmKnpH8c8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBpNgXh8dw9 14 | uMjZxzLUXovV5ptHd61jAcZlQlffqPsz6/2QNfIShVdGH9jkm0IudfKkbvvOKive 15 | a77t9c4sDh2Sat2L/rx6BfTuS1+y9wFr1Ee8Rrr7wGHhRkx2qqGrXGVWqXn8aE3E 16 | P6e7BTPF0ibS+tG8cdDPEisqGFxw36nTNQ== 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /framework sources/Alan/signapk/key.pk8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/signapk/key.pk8 -------------------------------------------------------------------------------- /framework sources/Alan/signapk/signapk.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/signapk/signapk.jar -------------------------------------------------------------------------------- /framework sources/Alan/src/GestoreCheckBoxPackageName.java: -------------------------------------------------------------------------------- 1 | import java.awt.event.ActionEvent; 2 | import java.awt.event.ActionListener; 3 | import javax.swing.JButton; 4 | 5 | //questa classe gestisce la corretta formattazione del testo all'interno 6 | //del JTextField "textPackageName" della classe InterfaceEngine 7 | public class GestoreCheckBoxPackageName implements ActionListener 8 | { 9 | private JButton buttonStart; 10 | 11 | //costruttore 12 | public GestoreCheckBoxPackageName(JButton buttonStart) 13 | { 14 | this.buttonStart=buttonStart; 15 | } 16 | 17 | // all'atto di selezione della checkBox viene controllato: 18 | // se sussistono le condizioni di abilitazione del pulsante start 19 | public void actionPerformed(ActionEvent e) 20 | { 21 | if(InterfaceEngine.canStart()) 22 | { 23 | this.buttonStart.setEnabled(true); 24 | } 25 | else 26 | { 27 | this.buttonStart.setEnabled(false); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /framework sources/Alan/src/GestoreFrame.java: -------------------------------------------------------------------------------- 1 | import java.awt.event.WindowEvent; 2 | import java.awt.event.WindowListener; 3 | 4 | import javax.swing.JFrame; 5 | 6 | //Questa classe gestisce l'evento di chiusura del frame principale 7 | public class GestoreFrame implements WindowListener 8 | { 9 | JFrame frame; 10 | 11 | public GestoreFrame(JFrame frame) 12 | { 13 | this.frame=frame; 14 | } 15 | 16 | public void windowOpened(WindowEvent e) { 17 | // TODO Auto-generated method stub 18 | } 19 | 20 | public void windowClosing(WindowEvent e) 21 | { 22 | System.exit(0); 23 | } 24 | 25 | public void windowClosed(WindowEvent e) { 26 | // TODO Auto-generated method stub 27 | } 28 | 29 | public void windowIconified(WindowEvent e) { 30 | // TODO Auto-generated method stub 31 | } 32 | 33 | public void windowActivated(WindowEvent e) { 34 | // TODO Auto-generated method stub 35 | } 36 | 37 | public void windowDeactivated(WindowEvent e) { 38 | // TODO Auto-generated method stub 39 | } 40 | 41 | public void windowDeiconified(WindowEvent e) { 42 | // TODO Auto-generated method stub 43 | } 44 | 45 | } 46 | -------------------------------------------------------------------------------- /framework sources/Alan/src/GestorePackageName.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/src/GestorePackageName.java -------------------------------------------------------------------------------- /framework sources/Alan/src/GestorePulsanteAddApk.java: -------------------------------------------------------------------------------- 1 | import java.awt.event.ActionEvent; 2 | import java.awt.event.ActionListener; 3 | import javax.swing.JButton; 4 | import javax.swing.JFileChooser; 5 | import javax.swing.JFrame; 6 | import javax.swing.JTextField; 7 | 8 | //questa classe gestisce l'evento di click sul pulsante "addApkButton" 9 | //appartenente alla classe InterfaceEngine 10 | public class GestorePulsanteAddApk implements ActionListener 11 | { 12 | private JFileChooser j; // gestore della selezione di file e cartelle 13 | private JFrame f; // frame principale utilizzato per l'apertura del filechooser 14 | private JTextField t; // area di testo relativa al path dell'apk 15 | private JButton b; // pulsante start 16 | 17 | //costruttore 18 | public GestorePulsanteAddApk(JFileChooser j, JFrame f, JTextField t, JButton b) 19 | { 20 | this.j=j; 21 | this.f=f; 22 | this.t=t; 23 | this.b=b; 24 | } 25 | 26 | //1. quando il pulsante addApk viene premuto si visualizza il filechooser 27 | //2. l'area associata al pulsante viene settata con il path dell'apk 28 | //3. se sussistono le condizioni (risultato dell'invocazione del metodo canStart()), viene abilitato il pulsante start 29 | public void actionPerformed(ActionEvent e) 30 | { 31 | 32 | switch(this.j.showOpenDialog(this.f)) 33 | { 34 | case JFileChooser.APPROVE_OPTION: 35 | { 36 | String path=this.j.getSelectedFile().getPath(); 37 | try 38 | { 39 | this.t.setText(path); 40 | 41 | if(InterfaceEngine.canStart()) 42 | { 43 | this.b.setEnabled(true); 44 | } 45 | else 46 | { 47 | this.b.setEnabled(false); 48 | } 49 | } 50 | catch (java.lang.NullPointerException ex) {this.t.setText("...");} 51 | } 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /framework sources/Alan/src/GestorePulsanteStart.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/src/GestorePulsanteStart.java -------------------------------------------------------------------------------- /framework sources/Alan/src/InterfaceEngine.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/src/InterfaceEngine.java -------------------------------------------------------------------------------- /framework sources/Alan/src/Main.java: -------------------------------------------------------------------------------- 1 | //la classe Main lancia l'interfaccia 2 | public class Main 3 | { 4 | public static void main (String args[]) 5 | { 6 | new InterfaceEngine(); 7 | } 8 | } -------------------------------------------------------------------------------- /framework sources/Alan/src/ThreadPulsanteStart.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/Alan/src/ThreadPulsanteStart.java -------------------------------------------------------------------------------- /framework sources/Alan/transEngine.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | echo. 3 | call disass C:\Users\LuxAgo\Desktop\malware\06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641 4 | echo. 5 | call reass 06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641.out 6 | echo. 7 | call repack 06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641.out \06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641 C:\Users\LuxAgo\Desktop\malware\signed 8 | move C:\Users\LuxAgo\Desktop\malware\06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641 C:\Users\LuxAgo\Desktop\malware\evaluated 9 | echo. 10 | call RMDIR /S /Q .\06fd5e281179fdfad8c84a4a12977a6942b989923826f91b0bb2fc0d4c9e9641.out 11 | echo. ------------------------------------------------------------- 12 | echo. 13 | call disass C:\Users\LuxAgo\Desktop\malware\6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070 14 | echo. 15 | call reass 6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070.out 16 | echo. 17 | call repack 6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070.out \6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070 C:\Users\LuxAgo\Desktop\malware\signed 18 | move C:\Users\LuxAgo\Desktop\malware\6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070 C:\Users\LuxAgo\Desktop\malware\evaluated 19 | echo. 20 | call RMDIR /S /Q .\6ea6a44433e321d81fea8fd2c91d5f7d71f57136b979cc85dac90ab5f8f7b070.out 21 | echo. ------------------------------------------------------------- 22 | call exit -------------------------------------------------------------------------------- /framework sources/README.txt: -------------------------------------------------------------------------------- 1 | ABOUT ALAN: 2 | 3 | Alan is a transformation engine written in java and developed for an university project in Software security. 4 | It allows realizing several transformations to an android application. 5 | There is a fixed chain of transformations which can be enabled or disabled by the framework checkboxes. 6 | 7 | 8 | HOW TO...: 9 | 10 | In order to start the engine, You must run the Main.java class, so you can see the engine GUI. 11 | Next, You must add a folder containing the apk files to transform, clicking the "add apk" button. 12 | After selected desired transformations, click the "Start" button to run the engine. 13 | 14 | After you click "Start", the engine will create two folders named "signed" and "evaluated". 15 | In the "signed" folder ther will be the apk transformed, instead, in the "evaluated" folder, you will find the 16 | original apk, which have been processed. 17 | 18 | 19 | 20 | ------------------------------------------------------------------------ 21 | 22 | TRANSFORMATIONS CHAIN: 23 | 24 | 25 | Disassembling 26 | | 27 | V 28 | Changing Package Name 29 | | 30 | V 31 | Data Encoding 32 | | 33 | V 34 | Code Reordering 35 | | 36 | V 37 | Insert Junk Instruction NOP 38 | | 39 | V 40 | Insert Junk Instruction Branch 41 | | 42 | V 43 | Insert Junk Instruction Garbage 44 | | 45 | V 46 | Identifiers Renaming Package 47 | | 48 | V 49 | Identifiers Renaming Class 50 | | 51 | V 52 | Call Indirection 53 | | 54 | V 55 | Reassembling 56 | | 57 | V 58 | Repacking 59 | 60 | 61 | ------------------------------------------------------------------------ 62 | 63 | 64 | ALAN STRUCTURE: 65 | 66 | 67 | ****************** 68 | * user interface * 69 | ****************** 70 | |_______________________The text field handlers check the correct formatting of the 71 | | inside text and the correct folder selection, before the 72 | ********************** engine can be started. 73 | * handlers of * The start button handler provides to start the engine. 74 | * interface elements * 75 | ********************** 76 | |_______________________When you click start, depending to values of checkbox, 77 | | a .bat file will be created (transEngine.bat) by Java 78 | ********************* application. It is the file that will be run. 79 | * .bat file * 80 | * runtime generated * 81 | ********************* 82 | |_______________________Inside, transEngine.bat contains the correct sequence 83 | | of calls to the lower level .bat files, which perform 84 | *********************** each transformation. 85 | * .bat static files * 86 | * for each * 87 | * transformation * 88 | *********************** 89 | |_______________________Each low level .bat file contains the call to the correct 90 | | .jar or .py script which perform the transformation. 91 | ************************* 92 | * folders containing * 93 | * java or python scripts* 94 | ************************* 95 | 96 | 97 | ------------------------------------------------------------------------ 98 | 99 | 100 | DEVELOPERS: 101 | 102 | Agostino De Lucia - agostino.delucia@hotmail.it 103 | Michele Meninno - michele.meninno@gmail.com 104 | Pasquale Battista - pas.battista@gmail.com 105 | Raffaele Esposito - e_raffaele@alice.it 106 | -------------------------------------------------------------------------------- /framework sources/demo_Alan.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/framework sources/demo_Alan.avi -------------------------------------------------------------------------------- /transformations sources/CallIndirection/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | CallIndirection 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 4 | org.eclipse.jdt.core.compiler.compliance=1.7 5 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 6 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 7 | org.eclipse.jdt.core.compiler.source=1.7 8 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/bin/CallIndirection.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/bin/CallIndirection.class -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/NOTICE.txt: -------------------------------------------------------------------------------- 1 | Apache Commons IO 2 | Copyright 2002-2012 The Apache Software Foundation 3 | 4 | This product includes software developed by 5 | The Apache Software Foundation (http://www.apache.org/). 6 | 7 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/RELEASE-NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/RELEASE-NOTES.txt -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/commons-io-2.4-javadoc.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/commons-io-2.4-javadoc.jar -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/commons-io-2.4-sources.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/commons-io-2.4-sources.jar -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/commons-io-2.4-test-sources.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/commons-io-2.4-test-sources.jar -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/commons-io-2.4-tests.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/commons-io-2.4-tests.jar -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/commons-io-2.4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/commons-io-2.4.jar -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Commons IO 2.4 API 9 | 10 | 21 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | <H2> 32 | Frame Alert</H2> 33 | 34 | <P> 35 | This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. 36 | <BR> 37 | Link to<A HREF="overview-summary.html">Non-frame version.</A> 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/comparator/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.comparator (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.comparator 21 | 22 | 23 | 42 | 43 |
24 | Classes  25 | 26 |
27 | CompositeFileComparator 28 |
29 | DefaultFileComparator 30 |
31 | DirectoryFileComparator 32 |
33 | ExtensionFileComparator 34 |
35 | LastModifiedFileComparator 36 |
37 | NameFileComparator 38 |
39 | PathFileComparator 40 |
41 | SizeFileComparator
44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/filefilter/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.filefilter (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.filefilter 21 | 22 | 23 | 30 | 31 |
24 | Interfaces  25 | 26 |
27 | ConditionalFileFilter 28 |
29 | IOFileFilter
32 | 33 | 34 | 35 | 36 | 85 | 86 |
37 | Classes  38 | 39 |
40 | AbstractFileFilter 41 |
42 | AgeFileFilter 43 |
44 | AndFileFilter 45 |
46 | CanReadFileFilter 47 |
48 | CanWriteFileFilter 49 |
50 | DelegateFileFilter 51 |
52 | DirectoryFileFilter 53 |
54 | EmptyFileFilter 55 |
56 | FalseFileFilter 57 |
58 | FileFileFilter 59 |
60 | FileFilterUtils 61 |
62 | HiddenFileFilter 63 |
64 | MagicNumberFileFilter 65 |
66 | NameFileFilter 67 |
68 | NotFileFilter 69 |
70 | OrFileFilter 71 |
72 | PrefixFileFilter 73 |
74 | RegexFileFilter 75 |
76 | SizeFileFilter 77 |
78 | SuffixFileFilter 79 |
80 | TrueFileFilter 81 |
82 | WildcardFileFilter 83 |
84 | WildcardFilter
87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/input/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.input (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.input 21 | 22 | 23 | 28 | 29 |
24 | Interfaces  25 | 26 |
27 | TailerListener
30 | 31 | 32 | 33 | 34 | 83 | 84 |
35 | Classes  36 | 37 |
38 | AutoCloseInputStream 39 |
40 | BOMInputStream 41 |
42 | BoundedInputStream 43 |
44 | BrokenInputStream 45 |
46 | CharSequenceInputStream 47 |
48 | CharSequenceReader 49 |
50 | ClassLoaderObjectInputStream 51 |
52 | ClosedInputStream 53 |
54 | CloseShieldInputStream 55 |
56 | CountingInputStream 57 |
58 | DemuxInputStream 59 |
60 | NullInputStream 61 |
62 | NullReader 63 |
64 | ProxyInputStream 65 |
66 | ProxyReader 67 |
68 | ReaderInputStream 69 |
70 | ReversedLinesFileReader 71 |
72 | SwappedDataInputStream 73 |
74 | TaggedInputStream 75 |
76 | Tailer 77 |
78 | TailerListenerAdapter 79 |
80 | TeeInputStream 81 |
82 | XmlStreamReader
85 | 86 | 87 | 88 | 89 | 94 | 95 |
90 | Exceptions  91 | 92 |
93 | XmlStreamReaderException
96 | 97 | 98 | 99 | 100 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/monitor/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.monitor (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.monitor 21 | 22 | 23 | 28 | 29 |
24 | Interfaces  25 | 26 |
27 | FileAlterationListener
30 | 31 | 32 | 33 | 34 | 45 | 46 |
35 | Classes  36 | 37 |
38 | FileAlterationListenerAdaptor 39 |
40 | FileAlterationMonitor 41 |
42 | FileAlterationObserver 43 |
44 | FileEntry
47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/output/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io.output (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io.output 21 | 22 | 23 | 64 | 65 |
24 | Classes  25 | 26 |
27 | BrokenOutputStream 28 |
29 | ByteArrayOutputStream 30 |
31 | ClosedOutputStream 32 |
33 | CloseShieldOutputStream 34 |
35 | CountingOutputStream 36 |
37 | DeferredFileOutputStream 38 |
39 | DemuxOutputStream 40 |
41 | FileWriterWithEncoding 42 |
43 | LockableFileWriter 44 |
45 | NullOutputStream 46 |
47 | NullWriter 48 |
49 | ProxyOutputStream 50 |
51 | ProxyWriter 52 |
53 | StringBuilderWriter 54 |
55 | TaggedOutputStream 56 |
57 | TeeOutputStream 58 |
59 | ThresholdingOutputStream 60 |
61 | WriterOutputStream 62 |
63 | XmlStreamWriter
66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/org/apache/commons/io/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | org.apache.commons.io (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | org.apache.commons.io 21 | 22 | 23 | 56 | 57 |
24 | Classes  25 | 26 |
27 | ByteOrderMark 28 |
29 | Charsets 30 |
31 | CopyUtils 32 |
33 | DirectoryWalker 34 |
35 | EndianUtils 36 |
37 | FileCleaner 38 |
39 | FileCleaningTracker 40 |
41 | FileDeleteStrategy 42 |
43 | FilenameUtils 44 |
45 | FileSystemUtils 46 |
47 | FileUtils 48 |
49 | HexDump 50 |
51 | IOCase 52 |
53 | IOUtils 54 |
55 | LineIterator
58 | 59 | 60 | 61 | 62 | 73 | 74 |
63 | Exceptions  64 | 65 |
66 | DirectoryWalker.CancelException 67 |
68 | FileExistsException 69 |
70 | IOExceptionWithCause 71 |
72 | TaggedIOException
75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/overview-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Overview List (Commons IO 2.4 API) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 24 | 25 |
23 |
26 | 27 | 28 | 29 | 47 | 48 |
All Classes 30 |

31 | 32 | Packages 33 |
34 | org.apache.commons.io 35 |
36 | org.apache.commons.io.comparator 37 |
38 | org.apache.commons.io.filefilter 39 |
40 | org.apache.commons.io.input 41 |
42 | org.apache.commons.io.monitor 43 |
44 | org.apache.commons.io.output 45 |
46 |

49 | 50 |

51 |   52 | 53 | 54 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/package-list: -------------------------------------------------------------------------------- 1 | org.apache.commons.io 2 | org.apache.commons.io.comparator 3 | org.apache.commons.io.filefilter 4 | org.apache.commons.io.input 5 | org.apache.commons.io.monitor 6 | org.apache.commons.io.output 7 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/resources/inherit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/lib/docs/resources/inherit.gif -------------------------------------------------------------------------------- /transformations sources/CallIndirection/lib/docs/stylesheet.css: -------------------------------------------------------------------------------- 1 | /* Javadoc style sheet */ 2 | 3 | /* Define colors, fonts and other style attributes here to override the defaults */ 4 | 5 | /* Page background color */ 6 | body { background-color: #FFFFFF; color:#000000 } 7 | 8 | /* Headings */ 9 | h1 { font-size: 145% } 10 | 11 | /* Table colors */ 12 | .TableHeadingColor { background: #CCCCFF; color:#000000 } /* Dark mauve */ 13 | .TableSubHeadingColor { background: #EEEEFF; color:#000000 } /* Light mauve */ 14 | .TableRowColor { background: #FFFFFF; color:#000000 } /* White */ 15 | 16 | /* Font used in left-hand frame lists */ 17 | .FrameTitleFont { font-size: 100%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 18 | .FrameHeadingFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 19 | .FrameItemFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 20 | 21 | /* Navigation bar fonts and colors */ 22 | .NavBarCell1 { background-color:#EEEEFF; color:#000000} /* Light mauve */ 23 | .NavBarCell1Rev { background-color:#00008B; color:#FFFFFF} /* Dark Blue */ 24 | .NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;color:#000000;} 25 | .NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;color:#FFFFFF;} 26 | 27 | .NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 28 | .NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 29 | 30 | -------------------------------------------------------------------------------- /transformations sources/CallIndirection/src/CallIndirection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CallIndirection/src/CallIndirection.java -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | ChangingPackage 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.7 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.7 12 | -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/aa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/aa -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/bin/Changing.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/bin/Changing.class -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/bin/commons-lang3-3.3.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/bin/commons-lang3-3.3.2.jar -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/src/Changing.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/src/Changing.java -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/src/commons-lang3-3.3.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/src/commons-lang3-3.3.2.jar -------------------------------------------------------------------------------- /transformations sources/ChangingPackage/x: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/ChangingPackage/x -------------------------------------------------------------------------------- /transformations sources/CodeReordering/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /transformations sources/CodeReordering/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | CodeReordering 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/CodeReordering/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.8 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.8 12 | -------------------------------------------------------------------------------- /transformations sources/CodeReordering/bin/ReoderCode.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/CodeReordering/bin/ReoderCode.class -------------------------------------------------------------------------------- /transformations sources/DatEncoding/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /transformations sources/DatEncoding/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | DatEncoding 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/DatEncoding/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.8 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.8 12 | -------------------------------------------------------------------------------- /transformations sources/DatEncoding/bin/Encrypter.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/DatEncoding/bin/Encrypter.class -------------------------------------------------------------------------------- /transformations sources/DatEncoding/src/Encrypter.java: -------------------------------------------------------------------------------- 1 | import java.io.File; 2 | import java.io.FileNotFoundException; 3 | import java.io.FileOutputStream; 4 | import java.io.IOException; 5 | import java.io.PrintStream; 6 | import java.io.UnsupportedEncodingException; 7 | import java.util.Scanner; 8 | import java.util.regex.Matcher; 9 | import java.util.regex.Pattern; 10 | 11 | 12 | /** 13 | * @author Michele Meninno 14 | * 15 | */ 16 | 17 | public class Encrypter { 18 | 19 | 20 | /** 21 | * @param args 22 | * @throws IOException 23 | * @throws UnsupportedEncodingException 24 | */ 25 | public static void main(String[] args) throws UnsupportedEncodingException, IOException { 26 | 27 | navigateDirectoryContents(new File(args[0])); 28 | 29 | } 30 | /** 31 | * this code applies the transformation Data Encoding 32 | * @param nome 33 | * @throws FileNotFoundException 34 | */ 35 | public static void process(String nome) throws FileNotFoundException{ 36 | 37 | File x = new File(nome); 38 | Scanner read = new Scanner(x); 39 | StringBuffer text=new StringBuffer(); 40 | //read every line in the file 41 | while(read.hasNextLine()) 42 | text.append(read.nextLine()+"\n"); 43 | FileOutputStream f= new FileOutputStream(x.getAbsoluteFile()+""); 44 | PrintStream ps = new PrintStream(f); 45 | 46 | String regex = "\".*\""; 47 | Pattern pattern = Pattern.compile(regex); 48 | Matcher matcher = pattern.matcher(text.toString()); 49 | String key=null; 50 | //these 3 variables are needed to fix the line order 51 | int somma=0; 52 | int cont=0; 53 | int volte=0; 54 | while(matcher.find()){ 55 | key=matcher.group(); 56 | String skip= text.substring(matcher.start()-17+somma, matcher.start()-1+somma); 57 | //the string to encode is found and the transformation will be applied 58 | if( skip.contains("const-string v")) 59 | { 60 | cont+=1; 61 | key=applyCaesar(key.substring(1, key.length()-1), 2); 62 | 63 | text.replace(matcher.start()+1+somma, matcher.end()-1+somma, key); 64 | text.insert(matcher.end()+1+somma, " invoke-static {"+text.substring(matcher.start()-4+somma, matcher.start()-2+somma)+ 65 | "}, Lcom123456789/Decrypter;->applyCaesar(Ljava/lang/String;)Ljava/lang/String;\n" + 66 | " move-result-object "+text.substring(matcher.start()-4+somma, matcher.start()-2+somma)); 67 | 68 | somma+=115+cont-volte; 69 | volte++; 70 | } 71 | } 72 | 73 | 74 | ps.print(text); 75 | read.close(); 76 | ps.close(); 77 | 78 | } 79 | /** 80 | * this method encode a string with a Caesar code with a specific shift 81 | * @param text 82 | * @param shift 83 | * @return 84 | */ 85 | public static String applyCaesar(String text, int shift) 86 | { 87 | char[] chars = text.toCharArray(); 88 | boolean skip=false; 89 | int sc=0; 90 | for (int i=0; i < text.length(); i++) 91 | { 92 | char c = chars[i]; 93 | if(c=='\\') 94 | { 95 | sc=0; 96 | skip=true; 97 | continue; 98 | } 99 | if(c=='\"') 100 | continue; 101 | if(c==' ') 102 | continue; 103 | if(c=='\n') 104 | continue; 105 | if(c=='Z') 106 | continue; 107 | if(c=='\t') 108 | continue; 109 | if(c=='\'') 110 | continue; 111 | if(c=='X') 112 | continue; 113 | 114 | 115 | if (c >= 32 && c <= 127) 116 | { 117 | if(c!=' ' && skip && sc<5) 118 | { 119 | sc++; 120 | skip=true; 121 | continue; 122 | } 123 | else 124 | skip=false; 125 | 126 | } 127 | int x = c - 32; 128 | x = (x + shift) % 96; 129 | if (x < 0) //java modulo can lead to negative values! 130 | x += 96; 131 | chars[i] = (char) (x + 32); 132 | } 133 | 134 | return new String(chars); 135 | } 136 | /** 137 | * navigation algorithm. It finds every file in every directory 138 | * @param dir 139 | * @throws UnsupportedEncodingException 140 | * @throws IOException 141 | */ 142 | private static void navigateDirectoryContents(File dir) throws UnsupportedEncodingException, IOException 143 | { 144 | File[] files = dir.listFiles(); 145 | for (File file : files) 146 | { 147 | if (file.isDirectory()) 148 | { 149 | if(!file.getName().equalsIgnoreCase("android")) 150 | { 151 | navigateDirectoryContents(file); 152 | } 153 | } 154 | else 155 | { 156 | process(file.getCanonicalPath()); 157 | } 158 | } 159 | } 160 | 161 | } 162 | -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | IdentifierRenaming 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 4 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 5 | org.eclipse.jdt.core.compiler.compliance=1.7 6 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 7 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 8 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 9 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 10 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 11 | org.eclipse.jdt.core.compiler.source=1.7 12 | -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/bin/IdentifierRenaming.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/IdentifierRenaming/bin/IdentifierRenaming.class -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/commons-lang3-3.3.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/IdentifierRenaming/commons-lang3-3.3.2.jar -------------------------------------------------------------------------------- /transformations sources/IdentifierRenaming/src/IdentifierRenaming.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/IdentifierRenaming/src/IdentifierRenaming.java -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | JunkInsertion 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | #Wed Jan 07 14:33:52 CET 2015 2 | eclipse.preferences.version=1 3 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 4 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 5 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 6 | org.eclipse.jdt.core.compiler.compliance=1.6 7 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 8 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 9 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 10 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 11 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 12 | org.eclipse.jdt.core.compiler.source=1.6 13 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/bin/com/example/pack/Insertion.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/JunkInsertion/JunkInsertion/bin/com/example/pack/Insertion.class -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/bin/com/example/pack/Tester.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/JunkInsertion/JunkInsertion/bin/com/example/pack/Tester.class -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/bin/com/example/textresource/junkInstructions: -------------------------------------------------------------------------------- 1 | const/4 VV,LL 2 | move VV,VV 3 | mul-int/2addr VV,VV 4 | and-int/2addr VV,VV 5 | add-int/2addr VV,VV 6 | or-int/2addr VV,VV 7 | xor-int/2addr VV,VV 8 | * 9 | if-eq VV,VV,:TT 10 | :TT 11 | * 12 | * 13 | if-ne VV,VV,:TT 14 | :TT 15 | * 16 | * 17 | if-lt VV,VV,:TT 18 | :TT 19 | * 20 | * 21 | if-le VV,VV,:TT 22 | :TT 23 | * 24 | * 25 | if-gt VV,VV,:TT 26 | :TT 27 | * -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/files/com/example/textresource/junkInstructions: -------------------------------------------------------------------------------- 1 | const/4 VV,LL 2 | move VV,VV 3 | mul-int/2addr VV,VV 4 | and-int/2addr VV,VV 5 | add-int/2addr VV,VV 6 | or-int/2addr VV,VV 7 | xor-int/2addr VV,VV 8 | * 9 | if-eq VV,VV,:TT 10 | :TT 11 | * 12 | * 13 | if-ne VV,VV,:TT 14 | :TT 15 | * 16 | * 17 | if-lt VV,VV,:TT 18 | :TT 19 | * 20 | * 21 | if-le VV,VV,:TT 22 | :TT 23 | * 24 | * 25 | if-gt VV,VV,:TT 26 | :TT 27 | * -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/src/com/example/pack/Insertion.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/JunkInsertion/JunkInsertion/src/com/example/pack/Insertion.java -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/JunkInsertion/src/com/example/pack/Tester.java: -------------------------------------------------------------------------------- 1 | package com.example.pack; 2 | 3 | import java.util.regex.Matcher; 4 | import java.util.regex.Pattern; 5 | 6 | public class Tester { 7 | 8 | /** 9 | * @param args 10 | */ 11 | public static void main(String[] args) 12 | { 13 | //System.out.println(Insertion.oneReg("const/4 VV,LL", "v5")); 14 | 15 | //System.out.println(Insertion.twoReg("move VV,VV", "v5","v6")); 16 | 17 | //System.out.println(Insertion.threeReg("if-ne VV,VV,:TT ji :TT", "v5","v6","v7")); 18 | 19 | Pattern pattern = Pattern.compile("(nop)"); 20 | Matcher matcher = pattern.matcher("ciao nop hahaha nop jiji"); 21 | StringBuffer sb = new StringBuffer(); 22 | 23 | while( matcher.find()) 24 | { 25 | //matcher.appendReplacement(sb,""); 26 | } 27 | 28 | matcher.appendTail(sb); 29 | 30 | System.out.println(sb.toString()); 31 | 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | NopToJunk 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | #Thu Dec 18 12:22:51 CET 2014 2 | eclipse.preferences.version=1 3 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 4 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 5 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 6 | org.eclipse.jdt.core.compiler.compliance=1.6 7 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 8 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 9 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 10 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 11 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 12 | org.eclipse.jdt.core.compiler.source=1.6 13 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/bin/com/example/RecursiveFileDisplay.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/faber03/AndroidMalwareEvaluatingTools/58324b84ebf8843e909e1243bbd2d1725a28b884/transformations sources/JunkInsertion/NopToJunk/bin/com/example/RecursiveFileDisplay.class -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/bin/com/example/textresource/junkInstructions: -------------------------------------------------------------------------------- 1 | nop 2 | * 3 | goto :saltojump 4 | :saltojump 5 | * 6 | -------------------------------------------------------------------------------- /transformations sources/JunkInsertion/NopToJunk/files/com/example/textresource/junkInstructions: -------------------------------------------------------------------------------- 1 | nop 2 | * 3 | goto :saltojump 4 | :saltojump 5 | * 6 | -------------------------------------------------------------------------------- /transformations sources/README.txt: -------------------------------------------------------------------------------- 1 | Each folder contains the Java project of the specific transformation. --------------------------------------------------------------------------------