Pull file hashes fom Packages module directly

2024-06-18 10:29:01 +00:00 · 2021-09-20 19:15:39 +02:00 · 2021-09-20 19:15:39 +02:00 · f68b7e7089
commit f68b7e7089
parent a22241ec32
4 changed files with 36 additions and 30 deletions
--- a/mvt/android/download_apks.py
+++ b/mvt/android/download_apks.py
@ -11,7 +11,6 @@ import pkg_resources
 from tqdm import tqdm

 from mvt.common.module import InsufficientPrivileges
-from mvt.common.utils import get_sha256_from_file_path

 from .modules.adb.base import AndroidExtraction
 from .modules.adb.packages import Packages
@ -158,37 +157,16 @@ class DownloadAPKs(AndroidExtraction):
            log.info("[%d/%d] Package: %s", counter, len(packages_selection),
                     package["package_name"])

-            # Get the file path for the specific package.
-            try:
-                output = self._adb_command(f"pm path {package['package_name']}")
-                output = output.strip().replace("package:", "")
-                if not output:
-                    continue
-            except Exception as e:
-                log.exception("Failed to get path of package %s: %s",
-                              package["package_name"], e)
-                self._adb_reconnect()
-                continue
-
            # Sometimes the package path contains multiple lines for multiple apks.
            # We loop through each line and download each file.
-            for path in output.split("\n"):
-                device_path = path.strip()
-                file_path = self.pull_package_file(package["package_name"],
-                                                   device_path)
-                if not file_path:
+            for package_file in package["files"]:
+                device_path = package_file["path"]
+                local_path = self.pull_package_file(package["package_name"],
+                                                    device_path)
+                if not local_path:
                    continue

-                file_info = {
-                    "path": device_path,
-                    "local_name": file_path,
-                    "sha256": get_sha256_from_file_path(file_path),
-                }
-
-                if "files" not in package:
-                    package["files"] = [file_info,]
-                else:
-                    package["files"].append(file_info)
+                package_file["local_path"] = local_path

        log.info("Download of selected packages completed")

--- a/mvt/android/lookups/koodous.py
+++ b/mvt/android/lookups/koodous.py
@ -32,7 +32,7 @@ def koodous_lookup(packages):
            res = requests.get(url)
            report = res.json()

-            row = [package["package_name"], file["local_name"]]
+            row = [package["package_name"], file["path"]]

            if "package_name" in report:
                trusted = "no"
--- a/mvt/android/lookups/virustotal.py
+++ b/mvt/android/lookups/virustotal.py
@ -75,7 +75,7 @@ def virustotal_lookup(packages):

    for package in packages:
        for file in package.get("files", []):
-            row = [package["package_name"], file["local_name"]]
+            row = [package["package_name"], file["path"]]

            if file["sha256"] in detections:
                detection = detections[file["sha256"]]
--- a/mvt/android/modules/adb/packages.py
+++ b/mvt/android/modules/adb/packages.py
@ -55,6 +55,31 @@ class Packages(AndroidExtraction):
                                 root_package)
                self.detected.append(root_package)

+    def _get_files_for_package(self, package_name):
+        output = self._adb_command(f"pm path {package_name}")
+        output = output.strip().replace("package:", "")
+        if not output:
+            return []
+
+        package_files = []
+        for file_path in output.split("\n"):
+            file_path = file_path.strip()
+
+            md5 = self._adb_command(f"md5sum {file_path}").split(" ")[0]
+            sha1 = self._adb_command(f"sha1sum {file_path}").split(" ")[0]
+            sha256 = self._adb_command(f"sha256sum {file_path}").split(" ")[0]
+            sha512 = self._adb_command(f"sha512sum {file_path}").split(" ")[0]
+
+            package_files.append({
+                "path": file_path,
+                "md5": md5,
+                "sha1": sha1,
+                "sha256": sha256,
+                "sha512": sha512,
+            })
+
+        return package_files
+
    def run(self):
        self._adb_connect()

@ -85,6 +110,8 @@ class Packages(AndroidExtraction):
            first_install = dumpsys[1].split("=")[1].strip()
            last_update = dumpsys[2].split("=")[1].strip()

+            package_files = self._get_files_for_package(package_name)
+
            self.results.append({
                "package_name": package_name,
                "file_name": file_name,
@ -96,6 +123,7 @@ class Packages(AndroidExtraction):
                "disabled": False,
                "system": False,
                "third_party": False,
+                "files": package_files,
            })

        cmds = [