AndroidManifest_parser

# This file is part of Androguard. # # Copyright (C) 2012, Anthony Desnos <desnos at t0t0.fr> # All rights reserved. # # Androguard is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Androguard is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with Androguard. If not, see <http://www.gnu.org/licenses/>. import io from struct import pack, unpack from xml.sax.saxutils import escape from xml.dom import minidom ######################################################## AXML FORMAT ######################################################## # Translated from http://code.google.com/p/android4me/source/browse/src/android/content/res/AXmlResourceParser.java UTF8_FLAG = 0x00000100 class StringBlock: def __init__(self, buff): self.start = buff.get_idx() self._cache = {} self.header = unpack('<h', buff.read(2))[0] self.header_size = unpack('<h', buff.read(2))[0] self.chunkSize = unpack('<i', buff.read(4))[0] self.stringCount = unpack('<i', buff.read(4))[0] self.styleOffsetCount = unpack('<i', buff.read(4))[0] self.flags = unpack('<i', buff.read(4))[0] self.m_isUTF8 = ((self.flags & UTF8_FLAG) != 0) self.stringsOffset = unpack('<i', buff.read(4))[0] self.stylesOffset = unpack('<i', buff.read(4))[0] self.m_stringOffsets = [] self.m_styleOffsets = [] self.m_strings = [] self.m_styles = [] for i in range(0, self.stringCount): self.m_stringOffsets.append(unpack('<i', buff.read(4))[0]) for i in range(0, self.styleOffsetCount): self.m_styleOffsets.append(unpack('<i', buff.read(4))[0]) size = self.chunkSize - self.stringsOffset if self.stylesOffset != 0: size = self.stylesOffset - self.stringsOffset # FIXME if (size % 4) != 0: androconf.warning("ooo") for i in range(0, size): self.m_strings.append(unpack('=b', buff.read(1))[0]) if self.stylesOffset != 0: size = self.chunkSize - self.stylesOffset # FIXME if (size % 4) != 0: androconf.warning("ooo") for i in range(0, size / 4): self.m_styles.append(unpack('<i', buff.read(4))[0]) def getRaw(self, idx): if idx in self._cache: return self._cache[idx] if idx < 0 or not self.m_stringOffsets or idx >= len(self.m_stringOffsets): return "" offset = self.m_stringOffsets[idx] if not self.m_isUTF8: length = self.getShort2(self.m_strings, offset) offset += 2 self._cache[idx] = self.decode(self.m_strings, offset, length) else: offset += self.getVarint(self.m_strings, offset)[1] varint = self.getVarint(self.m_strings, offset) offset += varint[1] length = varint[0] self._cache[idx] = self.decode2(self.m_strings, offset, length) return self._cache[idx] def decode(self, array, offset, length): length = length * 2 length = length + length % 2 data = bytes() for i in range(0, length): t_data = pack("=b", self.m_strings[offset + i]) data += t_data if data[-2:] == b"\x00\x00": break end_zero = data.find(b"\x00\x00") if end_zero != -1: data = data[:end_zero] return data.decode('utf-16') def decode2(self, array, offset, length): data = bytes() for i in range(0, length): t_data = pack("=b", self.m_strings[offset + i]) data += t_data return data.decode('utf-8') def getVarint(self, array, offset): val = array[offset] more = (val & 0x80) != 0 val &= 0x7f if not more: return val, 1 return val << 8 | array[offset + 1] & 0xff, 2 def getShort(self, array, offset): value = array[offset / 4] if ((offset % 4) / 2) == 0: return value & 0xFFFF else: return value >> 16 def getShort2(self, array, offset): return (array[offset + 1] & 0xff) << 8 | array[offset] & 0xff def show(self): print("StringBlock", hex(self.start), hex(self.header), hex(self.header_size), hex(self.chunkSize), hex(self.stringsOffset), self.m_stringOffsets) for i in range(0, len(self.m_stringOffsets)): print(i, repr(self.getRaw(i))) class SV : def __init__(self, size, buff) : self.__size = size self.__value = unpack(self.__size, buff)[0] def _get(self) : return pack(self.__size, self.__value) def __str__(self) : return "0x%x" % self.__value def __int__(self) : return self.__value def get_value_buff(self) : return self._get() def get_value(self) : return self.__value def set_value(self, attr) : self.__value = attr class BuffHandle: def __init__(self, buff): self.__buff = buff self.__idx = 0 def size(self): return len(self.__buff) def set_idx(self, idx): self.__idx = idx def get_idx(self): return self.__idx def readNullString(self, size): data = self.read(size) return data def read_b(self, size) : return self.__buff[ self.__idx : self.__idx + size ] def read_at(self, offset, size): return self.__buff[ offset : offset + size ] def read(self, size) : if isinstance(size, SV) : size = size.value buff = self.__buff[ self.__idx : self.__idx + size ] self.__idx += size return buff def end(self) : return self.__idx == len(self.__buff) ATTRIBUTE_IX_NAMESPACE_URI = 0 ATTRIBUTE_IX_NAME = 1 ATTRIBUTE_IX_VALUE_STRING = 2 ATTRIBUTE_IX_VALUE_TYPE = 3 ATTRIBUTE_IX_VALUE_DATA = 4 ATTRIBUTE_LENGHT = 5 CHUNK_AXML_FILE = 0x00080003 CHUNK_RESOURCEIDS = 0x00080180 CHUNK_XML_FIRST = 0x00100100 CHUNK_XML_START_NAMESPACE = 0x00100100 CHUNK_XML_END_NAMESPACE = 0x00100101 CHUNK_XML_START_TAG = 0x00100102 CHUNK_XML_END_TAG = 0x00100103 CHUNK_XML_TEXT = 0x00100104 CHUNK_XML_LAST = 0x00100104 START_DOCUMENT = 0 END_DOCUMENT = 1 START_TAG = 2 END_TAG = 3 TEXT = 4 class AXMLParser: def __init__(self, raw_buff): self.reset() self.buff = BuffHandle(raw_buff) self.buff.read(4) self.buff.read(4) self.sb = StringBlock(self.buff) self.m_resourceIDs = [] self.m_prefixuri = {} self.m_uriprefix = {} self.m_prefixuriL = [] self.visited_ns = [] def reset(self): self.m_event = -1 self.m_lineNumber = -1 self.m_name = -1 self.m_namespaceUri = -1 self.m_attributes = [] self.m_idAttribute = -1 self.m_classAttribute = -1 self.m_styleAttribute = -1 def next(self): self.doNext() return self.m_event def doNext(self): if self.m_event == END_DOCUMENT: return event = self.m_event self.reset() while True: chunkType = -1 # Fake END_DOCUMENT event. if event == END_TAG: pass # START_DOCUMENT