コンテンツにスキップ
1337skills 1337skills - チートシート

AndroGuardチートシート

概要

AndroGuardは、Androidアプリケーションのリバースエンジニアリングとマルウェア分析のために設計されたPythonツールです。APKファイル、DEXバイトコード、Androidリソースを分析するための強力な機能を提供します。

インストール

前提条件

# Install Python 3.6+
sudo apt update
sudo apt install python3 python3-pip

# Install required dependencies
sudo apt install python3-dev libxml2-dev libxslt1-dev zlib1g-dev
```[前提条件のセクションは空です]

### AndroGuardのインストール
```bash
# Install from PyPI
pip3 install androguard

# Install with optional dependencies
pip3 install androguard[GUI,magic]

# Install from source
git clone https://github.com/androguard/androguard.git
cd androguard
pip3 install -e .
```[AndroGuardのインストールセクションは空です]

## 基本的な使用方法

### APKファイルの分析
```bash
# Basic APK analysis
androguard analyze app.apk

# Interactive analysis
androguard shell app.apk

# Generate analysis report
androguard analyze app.apk --output report.txt
```[APKファイル分析のセクションは空です]

### コマンドラインツール
```bash
# APK information
apkinfo app.apk

# DEX analysis
dexdump classes.dex

# Resource analysis
axml AndroidManifest.xml
```[コマンドラインツールのセクションは空です]

## Python APIの使用

### 基本的な分析
```python
from androguard.misc import AnalyzeAPK

# Analyze APK
a, d, dx = AnalyzeAPK("app.apk")

# Get APK information
print("Package name:", a.get_package())
print("App name:", a.get_app_name())
print("Version:", a.get_androidversion_code())
print("Permissions:", a.get_permissions())
```[基本的な分析のセクションは空です]

### 高度な分析
```python
from androguard.core.bytecodes import apk, dvm
from androguard.core.analysis import analysis

# Load APK
apk_obj = apk.APK("app.apk")
dex = dvm.DalvikVMFormat(apk_obj.get_dex())
dx = analysis.Analysis(dex)

# Analyze classes and methods
for cls in dx.get_classes():
    print(f"Class: \\\\{cls.name\\\\}")
    for method in cls.get_methods():
        print(f"  Method: \\\\{method.name\\\\}")
```[高度な分析のセクションは空です]

## APK分析

### 基本情報
```python
# APK metadata
print("Package:", a.get_package())
print("App name:", a.get_app_name())
print("Version code:", a.get_androidversion_code())
print("Version name:", a.get_androidversion_name())
print("Min SDK:", a.get_min_sdk_version())
print("Target SDK:", a.get_target_sdk_version())
```[基本情報のセクションは空です]

### 権限分析
```python
# Get all permissions
permissions = a.get_permissions()
for perm in permissions:
    print(f"Permission: \\\\{perm\\\\}")

# Check for dangerous permissions
dangerous_perms = [
    "android.permission.READ_SMS",
    "android.permission.SEND_SMS",
    "android.permission.ACCESS_FINE_LOCATION",
    "android.permission.CAMERA"
]

for perm in permissions:
    if perm in dangerous_perms:
        print(f"Dangerous permission found: \\\\{perm\\\\}")
```[権限分析のセクションは空です]

### 証明書分析
```python
# Get certificate information
certificates = a.get_certificates()
for cert in certificates:
    print(f"Certificate: \\\\{cert\\\\}")
    print(f"Subject: \\\\{cert.subject\\\\}")
    print(f"Issuer: \\\\{cert.issuer\\\\}")
    print(f"Serial: \\\\{cert.serial_number\\\\}")
```[証明書分析のセクションは空です]

## コード分析

### メソッド分析
```python
# Find specific methods
for cls in dx.get_classes():
    for method in cls.get_methods():
        if "crypto" in method.name.lower():
            print(f"Crypto method: \\\\{cls.name\\\\}->\\\\{method.name\\\\}")
```[メソッド分析のセクションは空です]

### 文字列分析
```python
# Extract strings
strings = dx.get_strings()
for string in strings:
    if "http" in string.get_value():
        print(f"URL found: \\\\{string.get_value()\\\\}")
```[文字列分析のセクションは空です]

### クロスリファレンス分析
```python
# Find method calls
for method in dx.get_methods():
    if method.is_external():
        continue

    for ref in method.get_xref_from():
        print(f"\\\\{ref.class_name\\\\}->\\\\{ref.method_name\\\\} calls \\\\{method.name\\\\}")
```[クロスリファレンス分析のセクションは空です]

## セキュリティ分析

### 暗号分析
```python
# Find crypto usage
crypto_methods = [
    "javax.crypto.Cipher",
    "java.security.MessageDigest",
    "javax.crypto.spec.SecretKeySpec"
]

for method in dx.get_methods():
    for crypto in crypto_methods:
        if crypto in str(method.get_method()):
            print(f"Crypto usage: \\\\{method.name\\\\}")
```[暗号分析のセクションは空です]

### ネットワーク分析
```python
# Find network operations
network_classes = [
    "java.net.URL",
    "java.net.HttpURLConnection",
    "okhttp3.OkHttpClient"
]

for cls in dx.get_classes():
    for net_class in network_classes:
        if net_class in str(cls):
            print(f"Network class: \\\\{cls.name\\\\}")
```[ネットワーク分析のセクションは空です]

### リフレクション分析
```python
# Find reflection usage
reflection_methods = [
    "java.lang.Class.forName",
    "java.lang.reflect.Method.invoke"
]

for method in dx.get_methods():
    for ref_method in reflection_methods:
        if ref_method in str(method.get_method()):
            print(f"Reflection usage: \\\\{method.name\\\\}")
```[リフレクション分析のセクションは空です]

## マルウェア検出

### 不審なパターン
```python
# Check for suspicious patterns
suspicious_strings = [
    "getDeviceId",
    "getSubscriberId",
    "sendTextMessage",
    "android.intent.action.BOOT_COMPLETED"
]

strings = dx.get_strings()
for string in strings:
    for suspicious in suspicious_strings:
        if suspicious in string.get_value():
            print(f"Suspicious string: \\\\{string.get_value()\\\\}")
```[不審なパターンのセクションは空です]

### 動的ローディング検出
```python
# Find dynamic loading
dynamic_methods = [
    "dalvik.system.DexClassLoader",
    "dalvik.system.PathClassLoader"
]

for method in dx.get_methods():
    for dyn_method in dynamic_methods:
        if dyn_method in str(method.get_method()):
            print(f"Dynamic loading: \\\\{method.name\\\\}")
```[動的ローディング検出のセクションは空です]

## リソース分析

### マニフェスト分析
```python
# Parse AndroidManifest.xml
manifest = a.get_android_manifest_xml()
print("Manifest content:")
print(manifest.toprettyxml())

# Get activities
activities = a.get_activities()
for activity in activities:
    print(f"Activity: \\\\{activity\\\\}")

# Get services
services = a.get_services()
for service in services:
    print(f"Service: \\\\{service\\\\}")
```[マニフェスト分析のセクションは空です]

### リソース抽出
```python
# Extract resources
for file_name in a.get_files():
    if file_name.endswith('.xml'):
        content = a.get_file(file_name)
        print(f"XML file: \\\\{file_name\\\\}")
```[リソース抽出のセクションは空です]

## 高度な機能

### 制御フロー分析

Would you like me to elaborate on any specific section or provide more detailed translations?```python
# Analyze control flow
for method in dx.get_methods():
    if method.is_external():
        continue

    # Get basic blocks
    for bb in method.get_basic_blocks():
        print(f"Basic block: \\\\{bb\\\\}")
```### データフロー分析
```python
# Trace data flow
for method in dx.get_methods():
    # Get method instructions
    instructions = method.get_instructions()
    for instruction in instructions:
        if instruction.get_name() == "const-string":
            print(f"String constant: \\\\{instruction\\\\}")
```### コールグラフ生成
```python
# Generate call graph
import networkx as nx

G = nx.DiGraph()
for method in dx.get_methods():
    for ref in method.get_xref_from():
        G.add_edge(f"\\\\{ref.class_name\\\\}.\\\\{ref.method_name\\\\}",
                  f"\\\\{method.class_name\\\\}.\\\\{method.name\\\\}")

# Export call graph
nx.write_gml(G, "call_graph.gml")
```## 自動化スクリプト
```python
#!/usr/bin/env python3
import os
import sys
from androguard.misc import AnalyzeAPK

def analyze_apk_batch(directory):
    for filename in os.listdir(directory):
        if filename.endswith('.apk'):
            print(f"Analyzing \\\\{filename\\\\}")
            try:
                a, d, dx = AnalyzeAPK(os.path.join(directory, filename))
                print(f"Package: \\\\{a.get_package()\\\\}")
                print(f"Permissions: \\\\{len(a.get_permissions())\\\\}")
                print("-" * 50)
            except Exception as e:
                print(f"Error analyzing \\\\{filename\\\\}: \\\\{e\\\\}")

if __name__ == "__main__":
    analyze_apk_batch(sys.argv[1])
```### バッチ分析
```python
#!/usr/bin/env python3
from androguard.misc import AnalyzeAPK

def security_scan(apk_path):
    a, d, dx = AnalyzeAPK(apk_path)

    # Check permissions
    dangerous_perms = [
        "android.permission.READ_SMS",
        "android.permission.SEND_SMS",
        "android.permission.ACCESS_FINE_LOCATION"
    ]

    found_perms = []
    for perm in a.get_permissions():
        if perm in dangerous_perms:
            found_perms.append(perm)

    # Check for crypto usage
    crypto_usage = False
    for method in dx.get_methods():
        if "crypto" in str(method.get_method()).lower():
            crypto_usage = True
            break

    print(f"Dangerous permissions: \\\\{found_perms\\\\}")
    print(f"Crypto usage detected: \\\\{crypto_usage\\\\}")

if __name__ == "__main__":
    security_scan("app.apk")
```### セキュリティスキャナ
```bash
# Launch GUI
androguard gui

# Open APK in GUI
androguard gui app.apk
```## GUIの使用
```bash
1. Basic APK information
2. Permission analysis
3. Code structure review
4. Security pattern detection
5. Malware signature matching
6. Report generation
```### AndroGuard GUI
```python
# Use lazy loading for large APKs
from androguard.core.bytecodes.apk import APK
a = APK("large_app.apk", raw=False)

# Process in chunks for batch analysis
import multiprocessing
pool = multiprocessing.Pool()
results = pool.map(analyze_apk, apk_list)
```### 機能
- ビジュアルコード分析
- インタラクティブな探索
- グラフの可視化
- エクスポート機能
https://github.com/androguard/androguard#

# ベストプラクティス
https://androguard.readthedocs.io/##

# 分析ワークフロー
https://owasp.org/www-project-mobile-security-testing-guide/##

# パフォーマンスのヒント