-
Notifications
You must be signed in to change notification settings - Fork 165
/
Copy pathreverse-apk
executable file
·275 lines (209 loc) · 13.8 KB
/
reverse-apk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
#!/bin/bash
# + -- --=[ReverseAPK v1.2 by @xer0dayz
# + -- --=[https://sn1persecurity.com
#
# ABOUT:
# Quickly analyze and reverse engineer Android applications.
#
# INSTALL:
# ./install
#
# USAGE:
# reverseapk <appname.apk>
#
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
RESET='\e[0m'
echo -e "$OKORANGE "
echo -e "__________ "
echo -e "\______ \ _______ __ ___________ ______ ____ "
echo -e " | _// __ \ \/ // __ \_ __ \/ ___// __ \ "
echo -e " | | \ ___/\ /\ ___/| | \/\___ \\ ___/ "
echo -e " |____|_ /\___ >\_/ \___ >__| /____ >\___ >"
echo -e " \/ \/ \/ \/ \/ "
echo -e " _____ __________ ____ __."
echo -e " / _ \\\\______ \ |/ _|"
echo -e " --=[( by @xer0dayz )]=-- / /_\ \| ___/ < "
echo -e " --=[( https://sn1persecurity.com )]=-- / | \ | | | \ "
echo -e " \____|__ /____| |____|__ \\"
echo -e " \/ \/"
echo -e "$RESET"
# Handling argument error
if [ -z "$1" ];then
echo -en "$OKRED Usage:$RESET ./reverse-apk <path_to_apk>\n"
exit 1
fi
# Dependency checker
deps=("unzip" "smali" "apktool" "d2j-dex2jar" "jadx")
for dep in ${deps[@]}
do
which $dep &>/dev/null
if [ $? != 0 ];then
echo -en "Command: $dep not found.\n"
echo -en "Use $OKGREEN./install$RESET to install dependencies.\n"
exit 1
fi
done
echo -e "$OKRED Unpacking APK file..."
echo -e "$OKRED=====================================================================$RESET"
unzip $PWD/$1 -d $PWD/$1-unzipped/
baksmali d $PWD/$1-unzipped/classes.dex -o $PWD/$1-unzipped/classes.dex.out/ 2> /dev/null
echo -e "$OKRED Converting APK to Java JAR file..."
echo -e "$OKRED=====================================================================$RESET"
d2j-dex2jar $PWD/$1 -o $PWD/$1.jar --force
echo -e "$OKRED Decompiling using Jadx..."
echo -e "$OKRED=====================================================================$RESET"
jadx $PWD/$1 -j $(grep -c ^processor /proc/cpuinfo) -d $PWD/$1-jadx/ > /dev/null
echo -e "$OKRED Unpacking using APKTool..."
echo -e "$OKRED=====================================================================$RESET"
apktool d $PWD/$1 -o $PWD/$1-unpacked/ -f
echo -e "$OKRED Displaying APK files..."
echo -e "$OKRED=====================================================================$RESET"
find $PWD/$1 | egrep 'apk|class' --color=auto 2>/dev/null
echo -e "$OKRED Searching for OAuth secrets..."
echo -e "$OKRED=====================================================================$RESET"
find $PWD/$1 | egrep -i 'oauth' --color=auto 2>/dev/null
echo -e "$OKRED Displaying AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
cat $PWD/$1-unpacked/AndroidManifest.xml
echo -e "$OKRED Displaying Package Info in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'package=' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Activities in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'activity ' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Services in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'service ' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Content Providers in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'provider' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Broadcast Receivers in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'receiver' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Intent Filter Actions in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'action|category' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Permissions in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'android.permission' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Exports in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'exported="true"' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
echo -e "$OKRED Displaying Backups in AndroidManifest.xml..."
echo -e "$OKRED=====================================================================$RESET"
egrep -i 'backup' $PWD/$1-unpacked/AndroidManifest.xml --color=auto 2>/dev/null
#echo -e "$OKRED Displaying all classes and methods..."
#echo -e "$OKRED=====================================================================$RESET"
#dexdump -f $PWD/$1-unzipped/classes.dex -l xml | egrep 'class name' --color=auto 2>/dev/null
#dexdump -f $PWD/$1-unzipped/classes.dex -l xml | egrep 'method name' --color=auto 2>/dev/null
################## DEVICE INFO
echo -e "$OKRED Searching for DeviceId references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'getDeviceId' $a --color=auto 2>/dev/null; done;
################## INTENT REFERENCES
echo -e "$OKRED Searching for android.intent references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'android\.intent' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for Intent references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'intent\.' $a --color=auto 2>/dev/null; done;
################# COMMAND EXECUTION REFERENCES
echo -e "$OKRED Searching for command execution references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'Runtime.getRuntime\(\).exec' $a --color=auto 2>/dev/null; done;
################# SQLITE REFERENCES
echo -e "$OKRED Searching for SQLiteDatabase references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'SQLiteDatabase' $a --color=auto 2>/dev/null; done;
################# LOGGING REFERENCES
echo -e "$OKRED Searching for Log.d references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'log\.d|Log\.' $a --color=auto 2>/dev/null; done;
################# CONTENT PROVIDERS
echo -e "$OKRED Displaying Content Providers..."
echo -e "$OKRED=====================================================================$RESET"
egrep -nH 'content://' -R $PWD/$1* --color=auto 2>/dev/null
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH '://' $a --color=auto 2>/dev/null; done;
################# BROADCAST RECEIVERS
echo -e "$OKRED Searching for Broadcast Receiver references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'BroadcastReceiver|onReceive|sendBroadcast' $a --color=auto 2>/dev/null; done;
################# SERVICE REFERENCES
echo -e "$OKRED Searching for Service references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'stopService|startService' $a --color=auto 2>/dev/null; done;
################# FILE REFERENCES
echo -e "$OKRED Searching for file:// references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'file://' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for getSharedPreferences references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH getSharedPreferences $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for getExternal references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -iH getExternal $a --color=auto 2>/dev/null; done;
################# CRYPTO REFERENCES
echo -e "$OKRED Searching for Crpto references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'crypto\.' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for MessageDigest references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'MessageDigest' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for java.util.Random references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'java\.util\.Random' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for Base64 references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'Base64' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for Hex references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'Hex|hex\.' $a --color=auto 2>/dev/null; done;
################# HARDCODED SECRETS
echo -e "$OKRED Searching for hardcoded secrets..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -inH 'secret|password|username' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for sensitive information..."
echo -e "$OKRED=====================================================================$RESET"
#strings $PWD/$1 | egrep -i 'user|pass|key|login|pwd|log' --color=auto 2>/dev/null
strings $PWD/$1 > $PWD/$1-strings.txt
################# URL VULNERABILITIES
echo -e "$OKRED Searching for URL's..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'http:|https:' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for HTTP headers..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'addHeader' $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for UDP and TCP Sockets..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH '\.connect\(|\.disconnect|serverSocket|DatagramSocket' $a --color=auto 2>/dev/null; done;
################# SSL REFERENCES
echo -e "$OKRED Searching for client certificates..."
echo -e "$OKRED=====================================================================$RESET"
find $PWD/$1-unzipped/ | egrep '\.pkcs|\.p12|\.cer|\.der' --color=auto 2>/dev/null
echo -e "$OKRED Searching for SSL certificate pinning..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH getCertificatePinningSSL $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for SSL connections..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH 'ssl\.SSL' $a --color=auto 2>/dev/null; done;
################# WEBVIEW REFERENCES
echo -e "$OKRED Searching for WebView activity..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH WebView $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for addJavascriptInterface references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH addJavascriptInterface $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for setJavaScriptEnabled references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH setJavaScriptEnabled $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for setAllowFileAccess references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH setAllow $a --color=auto 2>/dev/null; done;
echo -e "$OKRED Searching for setSavePassword references..."
echo -e "$OKRED=====================================================================$RESET"
for a in `find $PWD/$1-jadx | egrep -i .java`; do egrep -nH setSavePassword $a --color=auto 2>/dev/null; done;
echo -e "$OKRED DONE!"
echo -e "$OKRED=====================================================================$RESET"