Androguard交叉引用Crossreferences(XREFs)
Crossreferences(XREFs)交叉引用,是由 androguard.core.analysis.analysis.Analysis
类提供的,用于处理 Classes,Methods,Fields 和 Strings
查看类和方法的具体调用情况
准备工作,通过 androguard analyze
命令开启 ipython shell,以腾讯会议的 APK 为例
ubuntu@ubuntu:~$ androguard analyze /home/ubuntu/Desktop/meeting.apk
Please be patient, this might take a while.
Found the provided file is of type 'APK'
[INFO ] androguard.apk: Starting analysis on AndroidManifest.xml
[INFO ] androguard.apk: APK file was successfully validated!
[INFO ] androguard.analysis: Adding DEX file version 35
[INFO ] androguard.analysis: Reading bytecode took : 0min 00s
[INFO ] androguard.analysis: Adding DEX file version 35
[INFO ] androguard.analysis: Reading bytecode took : 0min 00s
[INFO ] androguard.analysis: End of creating cross references (XREF) run time: 0min 00s
Added file to session: SHA256::689673bed0f4d6121a63f3c9fd88efb538ec316561d426120c440d8be89f6256
Loaded APK file...
>>> a
<androguard.core.bytecodes.apk.APK object at 0x7f029d0329b0>
>>> d
[<androguard.core.bytecodes.dvm.DalvikVMFormat object at 0x7f029083f978>, <androguard.core.bytecodes.dvm.DalvikVMFormat object at 0x7f02907d9b00>]
>>> dx
<analysis.Analysis VMs: 2, Classes: 85, Methods: 340, Strings: 122>
Androguard version 3.4.0a1 started
获取方法调用的 XREFs
接下来从 java/io/FileNotFoundException;
类查询调用的类(如果使用其他 APK 进行分析,在进行到这步时最好先使用 dx.get_classes()
查询该 APK 包含的类),注意在写类名时不能再用 “.” 分割,而是应该用正斜杠 “/”
In [9]: dx.classes['Ljava/io/FileNotFoundException;']
Out[9]: <analysis.ClassAnalysis Ljava/io/FileNotFoundException; EXTERNAL>
接下来遍历该类内部的所有方法并输出 XREFs
In [7]: for meth in dx.classes['Lcom/wrapper/proxyapplication/WrapperProxyApplication;'