these-android-re/android_of_theseus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check for google/facebook ads

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-06-02 11:23:35 +02:00
parent 0a2c668c53
commit a34636498b
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
1 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

25
experiment/check_runtimedata.py
View file

@ -1,4 +1,5 @@
from pathlib import Path from pathlib import Path
import hashlib
import argparse import argparse
import json import json
@ -12,15 +13,14 @@ androguard.util.set_log("SUCCESS") # type: ignore
def get_bytecode_classes(bytecode: bytes) -> list[str]: def get_bytecode_classes(bytecode: bytes) -> list[str]:
try: try:
dex = DEX(bytecode) dex = DEX(bytecode)
return dex.get_classes() return list(map(lambda x: x.get_name(), dex.get_classes()))
except ValueError: except ValueError:
apk = APK(bytecode, raw=True, skip_analysis=True) apk = APK(bytecode, raw=True, skip_analysis=True)
classes = [] classes = []
for dex_bin in apk.get_all_dex(): for dex_bin in apk.get_all_dex():
dex = DEX(dex_bin) dex = DEX(dex_bin)
classes.extend(dex.get_classes()) classes.extend(dex.get_classes())
return classes return list(map(lambda x: x.get_name(), classes))
def check_app_result( def check_app_result(
@ -44,7 +44,6 @@ def check_app_result(
if "Visited activities:" in line: if "Visited activities:" in line:
nb_visited_activity = int(line.split("Visited activities:")[1].strip()) nb_visited_activity = int(line.split("Visited activities:")[1].strip())
does_reflection = False does_reflection = False
boot_cl_id = "" boot_cl_id = ""
for cl in data["classloaders"].values(): for cl in data["classloaders"].values():
@ -148,6 +147,7 @@ def check_app_result(
classes_by_cl: dict[str, list[str]] = {} classes_by_cl: dict[str, list[str]] = {}
dyn_load_classes = set() dyn_load_classes = set()
dyn_loaded_files = {}
for dyn_load in data["dyn_code_load"]: for dyn_load in data["dyn_code_load"]:
dyn_load_classes.add(dyn_load["classloader_class"]) dyn_load_classes.add(dyn_load["classloader_class"])
cl_id = dyn_load["classloader"] cl_id = dyn_load["classloader"]
@ -156,8 +156,21 @@ def check_app_result(
for file in dyn_load["files"]: for file in dyn_load["files"]:
with open(file, "rb") as fp: with open(file, "rb") as fp:
dex_bin = fp.read() dex_bin = fp.read()
classes_by_cl[cl_id].extend(get_bytecode_classes(dex_bin)) hasher = hashlib.sha256()
hasher.update(dex_bin)
h = hasher.hexdigest()
classes = get_bytecode_classes(dex_bin)
dyn_loaded_files[h] = {
"classes": classes,
"facebook_ads": any(
map(lambda x: x.startswith("Lcom/facebook/ads/"), classes)
),
"google_ads": any(
map(lambda x: x.startswith("Lcom/google/android/ads/"), classes)
),
}
classes_by_cl[cl_id].extend(classes)
# Don't do androguard scan when there is no other dynloading # Don't do androguard scan when there is no other dynloading
if len(data["dyn_code_load"]) != 0: if len(data["dyn_code_load"]) != 0:
@ -176,8 +189,6 @@ def check_app_result(
nb_class_collision += len(already_found.intersection(cls)) nb_class_collision += len(already_found.intersection(cls))
already_found.update(cls) already_found.update(cls)
summary["apks"][path.name] = { summary["apks"][path.name] = {
"nb_class_collision": nb_class_collision, "nb_class_collision": nb_class_collision,
"nb_class_collision_at_invoke": nb_class_collision_at_invoke, "nb_class_collision_at_invoke": nb_class_collision_at_invoke,