securebrain / ruby_apk Goto Github PK
View Code? Open in Web Editor NEWanalyzing android apk library for ruby
License: MIT License
analyzing android apk library for ruby
License: MIT License
/home/travis/build/SecureBrain/ruby_apk/lib/android/apk.rb:1:in `require': cannot load such file -- zip/zip (LoadError)
according to update rubyzip to v1.0.0, naming space is changed. then fail the rspecs.
two label methods are not good.
implement layout parser.
layout is android binary xml file. and it's in the res/layout/ directory.
apk = Android::Apk.new('sample.apk')
apk.layouts # => array of Layout object
apk.layouts.each do |layout|
p layout.path # => layout file path in apk
p layout.doc # => REXML::Document object
p layout.to_xml # => xml string
end
extract application label from AndroidManifest.xml and resources.arsc.
modify reference urls on comments below.
from: http://source.android.com/tech/dalvik/dex-format.html
to: http://source.android.com/devices/tech/dalvik/dex-format.html
I wanted to parse the google maps apk, but it returns nil. I've seen in the issues, and someone had made a pull request with the fix for it and it was accepted. When you download the gem (on a rails project with: gem ruby_apk) it doesn't have the fix.
May you please make a release with the last fixes?
Is there a way in ruby_apk to see if the apk is properly signed (or signed at all)?
Both examples are missing the .each
dex.strings do |str|
puts str
end
Should be
dex.strings.each do |str|
puts str
end
dex.classes do |cls| # cls is Android::Dex::ClassInfo
puts "class: #{cls.name}"
cls.virtual_methods.each do |m| # Android::Dex::MethodInfo
puts "\t#{m.definition}" # puts method definition
end
end
Should be
dex.classes.each do |cls| # cls is Android::Dex::ClassInfo
puts "class: #{cls.name}"
cls.virtual_methods.each do |m| # Android::Dex::MethodInfo
puts "\t#{m.definition}" # puts method definition
end
end
create CHANGELOG.md
parsing boolean attribute is wrong in AXMLParser#convert_value
when VAL_TYPE_INT_BOOLEAN
value = val != 0xFFFFFFFE ? true : false # ugh! is it ok??
According to below descriptions, true is reporesented by 1 or 0xFFFFFFFF.
// The 'data' is either 0 or 1, for input "false" or "true" respectively.
TYPE_INT_BOOLEAN = 0x12,
The entry values both have a value type of TYPE_BOOLEAN as you would expect, but true is represented by the value 0xFFFFFFFF rather than 1 as specified by the comment here.
http://justanapplication.wordpress.com/2011/09/20/android-internals-resources-part-nine-simple-resource-entry-examples/
http://justanapplication.wordpress.com/2011/09/19/android-internals-resources-part-eight-resource-entries-and-values/#struct_Res_value_type_enum
apk.label
returns nil
reported by cielavenir in issue #1
ver0.5.0
/var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:261:in `[]': bignum too big to convert into `long' (RangeError)
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:261:in `block (2 levels) in extract_res_strings'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:256:in `times'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:256:in `block in extract_res_strings'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:254:in `each'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:254:in `extract_res_strings'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:116:in `global_string_pool='
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:509:in `parse'
from /var/lib/gems/1.9.1/gems/ruby_apk-0.5.0/lib/android/resource.rb:441:in `initialize'
from label.rb:16:in `new'
from label.rb:16:in `block (2 levels) in <main>'
from /var/lib/gems/1.9.1/gems/rubyzip-0.9.9/lib/zip/zip_file.rb:90:in `open'
from label.rb:10:in `block in <main>'
from label.rb:9:in `each'
from label.rb:9:in `<main>'
I assume that this repo is no longer being maintained. Is there an 'official' fork?
If not, my team might be interested in becoming the maintainer of this gem. I have no idea how the process to transfer the ownership would work, though.
The routine that's parsing the compiled manifest isn't handling 0xffffffff correctly. If I set versionCode to -1 in my AndroidManifest.xml, ruby_apk parses this as 4294967295.
This probably requires a fix in axml_parser.rb, but I haven't had a chance to track down exactly where yet.
I'd like to query application-label. It isn't yet implemented? (although I can pipe aapt, it is quite heavy).
axml=Android::AXMLParser.new(zip.read('AndroidManifest.xml'))
xml=axml.parse
label_id=xml.get_elements('/manifest/application')[0].attributes['label']
arsc=Android::Resource.new(zip.read('resources.arsc'))
There are no ways to know label_id from arsc.strings...
Hi,
is this repo maintained? I know there are similar issues, but none of them have answers. If maintained we'd like to use it, but it has some severe security issues with Rubyzip version.
Thanks!
1 test case is failed in ruby 2.0 environtment.
1) Android::Dex Android::Dex::DexObject::Header#inspect
Failure/Error: it { should match(/\A<Android::Dex::DexObject::Header.*>\Z/m) }
ArgumentError:
invalid byte sequence in UTF-8
# ./spec/dex/dex_object_spec.rb:100:in `block (4 levels) in <top (required)>'
The versioned resources (v14, v17, v19) are not being filtered out when doing the extract_res_strings and are overwriting the default resources, as the versioned ones are always parsed after the default.
Please filter them out or filter them into a separate array that can be queried similar to local and country.
Hi,
Thank you for creating this useful library.
I think there is an issue with the way boolean attributes are parsed from the manifest file. It seems that true and false are parsed the wrong way around. For example, if AndroidManifest.xml has this element:
<uses-feature android:name='android.hardware.touchscreen' android:required='false'/>
Then when I call manifest.to_xml
the output shows this, instead:
<uses-feature android:name='android.hardware.touchscreen' android:required='true'/>
condition: AndrdoiManifest.xml has a text element in element like below.
<manifest xmlns:android='http://schemas.android.com/apk/res/android' android:versionCode='101' android:versionName='1.0.1-malware2' package='example.app.sample'>
<uses-sdk android:minSdkVersion='10'/>
<uses-permission android:name='android.permission.INTERNET'/>
<uses-permission android:name='android.permission.WRITE_EXTERNAL_STORAGE'/>
<application android:label='@0x7f040001' android:icon='@0x7f020000' android:debuggable='true'>
<activity android:label='@0x7f040001' android:name='example.app.sample.SampleActivity'>
<intent-filter>
<action android:name='android.intent.action.MAIN'/>
Sample Text Element
<category android:name='android.intent.category.LAUNCHER'/>
</intent-filter>
</activity>
</application>
</manifest>
You access Manifest::Component object with above xml, then crash occurs.
apk = Android::Apk.new('sample.apk')
apk.manifest.components.map {|c| c.name } # => crash!!
Ruby_apk uses outdated Rubyzip version (dependency <1.0.0), which causes compatibility errors with more modern ones.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.