通过AAPT 进行Android危险权限检测

于 2020-04-13 15:34:10 发布
阅读量925 收藏 1
点赞数 1
分类专栏: 移动安全 文章标签: 反编译 python 安全 android
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Qiled/article/details/105489911
版权

通过AAPT 进行Android危险权限检测

1.基本环境配置

1. ADT环境配置(这边无需Java环境变量)

首先,先用泡妹大法祭出远古版本的ADT

链接:https://pan.baidu.com/s/1lWM0LmVYDYKxWk-LTrRlCw
提取码:pgzx

然后我们就可以开始配置Android开发的环境变量

系统环境变量中添加
ANDROID_HOME=D:\path\android\adt-bundle-windows-x86_64-20131030\sdk

系统环境变量path中添加:
%ANDROID_HOME%;%ANDROID_HOME%/tools;%ANDROID_HOME%/platform-tools

此时我们在CMD窗口输入 adb version

Android Debug Bridge version 1.0.31

就成功了哟

或者你也可以在 https://androidaapt.com/ 中下载单独的aapt。

2.Android Asset Packaging Tool(aapt)的基本使用

首先aapt它在 %ANDROID_HOME%/build-tools/android-4.4/中,如果你没有android-4.4的话,可以自己通过SDK Manager安装任意Version的sdk

在这里插入图片描述

aapt命令提示: 从 https://androidaapt.com/command 中获取.具体的可以通过超链接进入看仔细的命令。

在这里插入图片描述

由于该篇技术文章只描述如何通过AAPT 进行Android危险权限检测,我们可以使用aapt dump permissions WHAT file.{apk}

e.g.:aapt dump permissions lxsj.apk

package: com.jiayouya.travel
uses-permission: android.permission.INTERNET
uses-permission: android.permission.WRITE_EXTERNAL_STORAGE
uses-permission: android.permission.READ_EXTERNAL_STORAGE
uses-permission: android.permission.ACCESS_FINE_LOCATION
uses-permission: android.permission.ACCESS_COARSE_LOCATION
uses-permission: android.permission.READ_PHONE_STATE
uses-permission: android.permission.ACCESS_NETWORK_STATE
uses-permission: android.permission.ACCESS_WIFI_STATE
uses-permission: android.permission.WRITE_SETTINGS
uses-permission: android.permission.VIBRATE
uses-permission: android.permission.WAKE_LOCK
uses-permission: android.permission.RECEIVE_USER_PRESENT
uses-permission: android.permission.RECEIVE_BOOT_COMPLETED
uses-permission: android.permission.BROADCAST_STICKY
uses-permission: android.permission.KILL_BACKGROUND_PROCESSES
uses-permission: android.permission.READ_LOGS
uses-permission: android.permission.BLUETOOTH
uses-permission: android.permission.BATTERY_STATS
uses-permission: com.meizu.flyme.push.permission.RECEIVE
permission: com.jiayouya.travel.push.permission.MESSAGE
uses-permission: com.jiayouya.travelpush.permission.MESSAGE
uses-permission: com.meizu.c2dm.permission.RECEIVE
permission: com.jiayouya.travel.permission.C2D_MESSAGE
uses-permission: com.jiayouya.travel.permission.C2D_MESSAGE
permission: com.jiayouya.travel.permission.MIPUSH_RECEIVE
uses-permission: com.jiayouya.travel.permission.MIPUSH_RECEIVE
uses-permission: android.permission.REQUEST_INSTALL_PACKAGES
uses-permission: android.permission.CHANGE_CONFIGURATION
uses-permission: android.permission.MODIFY_AUDIO_SETTINGS
uses-permission: android.permission.CAMERA
uses-permission: android.permission.RECORD_AUDIO
permission: com.jiayouya.travel.andpermission.bridge
uses-permission: com.jiayouya.travel.andpermission.bridge
uses-permission: android.permission.GET_TASKS
uses-permission: android.permission.READ_SETTINGS
uses-permission: android.permission.RUN_INSTRUMENTATION
uses-permission: android.permission.FLASHLIGHT

我们可以看到这边返回了在AndroidManifast.xml中的所有权限声明,同时我这里在祭出一份Android危险权限表:

BLACK_LIST = (    
    'android.permission.READ_EXTERNAL_STORAGE', 
    'android.permission.WRITE_EXTERNAL_STORAGE',    
    'android.permission.READ_CALENDAR',    
    'android.permission.WRITE_CALENDAR',    
    'android.permission.CAMERA',    
    'android.permission.READ_CONTACTS',    
    'android.permission.WRITE_CONTACTS',    
    'android.permission.GET_ACCOUNTS',    
    'android.permission.ACCESS_FINE_LOCATION', 
    'android.permission.ACCESS_COARSE_LOCATION',    
    'android.permission.RECORD_AUDIO',    
    'android.permission.READ_PHONE_STATE',    
    'android.permission.CALL_PHONE',    
    'android.permission.READ_CALL_LOG', 
    'android.permission.WRITE_CALL_LOG',   
    'com.android.voicemail.permission.ADD_VOICEMAIL',
    'android.permission.USE_SIP',
    'android.permission.PROCESS_OUTGOING_CALLS',   
    'android.permission.BODY_SENSORS',  
    'android.permission.SEND_SMS',  
    'android.permission.RECEIVE_SMS', 
    'android.permission.READ_SMS',  
    'android.permission.RECEIVE_WAP_PUSH', 
    'android.permission.RECEIVE_MMS',  
    'android.permission.READ_CELL_BROADCASTS',   
    'android.permission.WRITE_SETTINGS')

我们只需要匹配通过aapt dump出来的permission是否和我们的BLACK_LIST匹配即可。此处祭出Python检测代码:

import re
import subprocess
import os



class ApkInfo:
    def __init__(self, apk_path):
        self.apkPath = apk_path
        self.aapt_path = self.get_aapt()
        self.BLACK_LIST = (
            'android.permission.READ_EXTERNAL_STORAGE',
            'android.permission.WRITE_EXTERNAL_STORAGE',
            'android.permission.READ_CALENDAR',
            'android.permission.WRITE_CALENDAR',
            'android.permission.CAMERA',
            'android.permission.READ_CONTACTS',
            'android.permission.WRITE_CONTACTS',
            'android.permission.GET_ACCOUNTS',
            'android.permission.ACCESS_FINE_LOCATION',
            'android.permission.ACCESS_COARSE_LOCATION',
            'android.permission.RECORD_AUDIO',
            'android.permission.READ_PHONE_STATE',
            'android.permission.CALL_PHONE',
            'android.permission.READ_CALL_LOG',
            'android.permission.WRITE_CALL_LOG',
            'com.android.voicemail.permission.ADD_VOICEMAIL',
            'android.permission.USE_SIP',
            'android.permission.PROCESS_OUTGOING_CALLS',
            'android.permission.BODY_SENSORS',
            'android.permission.SEND_SMS',
            'android.permission.RECEIVE_SMS',
            'android.permission.READ_SMS',
            'android.permission.RECEIVE_WAP_PUSH',
            'android.permission.RECEIVE_MMS',
            'android.permission.READ_CELL_BROADCASTS',
            'android.permission.WRITE_SETTINGS'
        )
    @staticmethod
    def get_aapt():
        if "ANDROID_HOME" in os.environ:
            root_dir = os.path.join(os.environ["ANDROID_HOME"], "build-tools")
            for path, subdir, files in os.walk(root_dir):
                if "aapt.exe" in files:
                    return os.path.join(path, "aapt.exe")
        else:
            return "ANDROID_HOME not exist"

    def get_apk_permission(self):
        p = subprocess.Popen(self.aapt_path + " dump permissions %s" % self.apkPath, stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE,
                             stdin=subprocess.PIPE, shell=True)
        (output, err) = p.communicate()
        print(output.decode())
        match = re.compile("permission: (\S+)").findall(output.decode())
        Black_permission = []
        if match is not None:
            for permission in match:
                if permission in self.BLACK_LIST:
                    Black_permission.append(permission)
            print(Black_permission)
            
if __name__ == '__main__':
    apkPath = input("APK文件路径:")
    apk_info = ApkInfo(apkPath)
    apk_info.get_apk_permission()

同时,强大的AAPT不只是可以做这么点的事情,还可以获取十分多的APK信息,具体大家可以自己尝试着使用AAPT命令的尝试尝试

3.总结

相信挺多和我一样刚入门的同学,大部分时间都不会去了解,一款反编译工具到底是什么工作的。一上场就祭出JADX,JEB等高级完善的功能,但是我们对其工作原理并不是太清楚。所以大家可以多多了解了解这些反编译工具的工作原理。对大家是有好处的哟!(面试官可能会问。)

Qiled
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值