From f68b7e7089f430a483a8837ee8da662d96d35387 Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Mon, 20 Sep 2021 19:15:39 +0200
Subject: [PATCH] Pull file hashes fom Packages module directly

---
 mvt/android/download_apks.py        | 34 +++++------------------------
 mvt/android/lookups/koodous.py      |  2 +-
 mvt/android/lookups/virustotal.py   |  2 +-
 mvt/android/modules/adb/packages.py | 28 ++++++++++++++++++++++++
 4 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/mvt/android/download_apks.py b/mvt/android/download_apks.py
index 07a1176..9c37176 100644
--- a/mvt/android/download_apks.py
+++ b/mvt/android/download_apks.py
@@ -11,7 +11,6 @@ import pkg_resources
 from tqdm import tqdm
 
 from mvt.common.module import InsufficientPrivileges
-from mvt.common.utils import get_sha256_from_file_path
 
 from .modules.adb.base import AndroidExtraction
 from .modules.adb.packages import Packages
@@ -158,37 +157,16 @@ class DownloadAPKs(AndroidExtraction):
             log.info("[%d/%d] Package: %s", counter, len(packages_selection),
                      package["package_name"])
 
-            # Get the file path for the specific package.
-            try:
-                output = self._adb_command(f"pm path {package['package_name']}")
-                output = output.strip().replace("package:", "")
-                if not output:
-                    continue
-            except Exception as e:
-                log.exception("Failed to get path of package %s: %s",
-                              package["package_name"], e)
-                self._adb_reconnect()
-                continue
-
             # Sometimes the package path contains multiple lines for multiple apks.
             # We loop through each line and download each file.
-            for path in output.split("\n"):
-                device_path = path.strip()
-                file_path = self.pull_package_file(package["package_name"],
-                                                   device_path)
-                if not file_path:
+            for package_file in package["files"]:
+                device_path = package_file["path"]
+                local_path = self.pull_package_file(package["package_name"],
+                                                    device_path)
+                if not local_path:
                     continue
 
-                file_info = {
-                    "path": device_path,
-                    "local_name": file_path,
-                    "sha256": get_sha256_from_file_path(file_path),
-                }
-
-                if "files" not in package:
-                    package["files"] = [file_info,]
-                else:
-                    package["files"].append(file_info)
+                package_file["local_path"] = local_path
 
         log.info("Download of selected packages completed")
 
diff --git a/mvt/android/lookups/koodous.py b/mvt/android/lookups/koodous.py
index bb9ee03..1e5b576 100644
--- a/mvt/android/lookups/koodous.py
+++ b/mvt/android/lookups/koodous.py
@@ -32,7 +32,7 @@ def koodous_lookup(packages):
             res = requests.get(url)
             report = res.json()
 
-            row = [package["package_name"], file["local_name"]]
+            row = [package["package_name"], file["path"]]
 
             if "package_name" in report:
                 trusted = "no"
diff --git a/mvt/android/lookups/virustotal.py b/mvt/android/lookups/virustotal.py
index 23dba9b..c5266f1 100644
--- a/mvt/android/lookups/virustotal.py
+++ b/mvt/android/lookups/virustotal.py
@@ -75,7 +75,7 @@ def virustotal_lookup(packages):
 
     for package in packages:
         for file in package.get("files", []):
-            row = [package["package_name"], file["local_name"]]
+            row = [package["package_name"], file["path"]]
 
             if file["sha256"] in detections:
                 detection = detections[file["sha256"]]
diff --git a/mvt/android/modules/adb/packages.py b/mvt/android/modules/adb/packages.py
index fc6051a..49a1516 100644
--- a/mvt/android/modules/adb/packages.py
+++ b/mvt/android/modules/adb/packages.py
@@ -55,6 +55,31 @@ class Packages(AndroidExtraction):
                                  root_package)
                 self.detected.append(root_package)
 
+    def _get_files_for_package(self, package_name):
+        output = self._adb_command(f"pm path {package_name}")
+        output = output.strip().replace("package:", "")
+        if not output:
+            return []
+
+        package_files = []
+        for file_path in output.split("\n"):
+            file_path = file_path.strip()
+
+            md5 = self._adb_command(f"md5sum {file_path}").split(" ")[0]
+            sha1 = self._adb_command(f"sha1sum {file_path}").split(" ")[0]
+            sha256 = self._adb_command(f"sha256sum {file_path}").split(" ")[0]
+            sha512 = self._adb_command(f"sha512sum {file_path}").split(" ")[0]
+
+            package_files.append({
+                "path": file_path,
+                "md5": md5,
+                "sha1": sha1,
+                "sha256": sha256,
+                "sha512": sha512,
+            })
+
+        return package_files
+
     def run(self):
         self._adb_connect()
 
@@ -85,6 +110,8 @@ class Packages(AndroidExtraction):
             first_install = dumpsys[1].split("=")[1].strip()
             last_update = dumpsys[2].split("=")[1].strip()
 
+            package_files = self._get_files_for_package(package_name)
+
             self.results.append({
                 "package_name": package_name,
                 "file_name": file_name,
@@ -96,6 +123,7 @@ class Packages(AndroidExtraction):
                 "disabled": False,
                 "system": False,
                 "third_party": False,
+                "files": package_files,
             })
 
         cmds = [