APKiD
=====
|Build Status| |PyPI| |PyPI - Python Version| |PyPI - Format| |PyPI -
License|
APKiD gives you information about how an APK was made. It identifies
many compilers, packers, obfuscators, and other weird stuff. It’s
`PEiD <https://www.aldeid.com/wiki/PEiD>`__ for Android.
.. figure:: https://user-images.githubusercontent.com/1356658/57322793-49be9c00-70b9-11e9-84da-1e64d9459a8a.png
:alt: Screen Shot 2019-05-07 at 10 55 00 AM
Screen Shot 2019-05-07 at 10 55 00 AM
For more information on what this tool can be used for, check out:
- `Android Compiler
Fingerprinting <http://hitcon.org/2016/CMT/slide/day1-r0-e-1.pdf>`__
- `Detecting Pirated and Malicious Android Apps with
APKiD <http://rednaga.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/>`__
- `APKiD: PEiD for Android
Apps <https://github.com/enovella/cve-bio-enovella/blob/master/slides/bheu18-enovella-APKID.pdf>`__
- `APKiD: Fast Identification of AppShielding
Products <https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf>`__
Installing
----------
.. code:: bash
pip install apkid
Docker
~~~~~~
You can also run APKiD with
`Docker <https://www.docker.com/community-edition>`__! Of course, this
requires that you have git and Docker installed.
Here’s how to use Docker:
.. code:: bash
git clone https://github.com/rednaga/APKiD
cd APKiD/
docker build . -t rednaga:apkid
docker/apkid.sh ~/reverse/targets/android/example/example.apk
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] example.apk!classes.dex
|-> compiler : dx
Usage
-----
::
usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]
[--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]
[-o DIR]
[FILE [FILE ...]]
APKiD - Android Application Identifier v2.1.2
positional arguments:
FILE apk, dex, or directory
optional arguments:
-h, --help show this help message and exit
-v, --verbose log debug messages
scanning:
-t TIMEOUT, --timeout TIMEOUT Yara scan timeout (in seconds)
-r, --recursive recurse into subdirectories
--scan-depth SCAN_DEPTH how deep to go when scanning nested zips
--entry-max-scan-size ENTRY_MAX_SCAN_SIZE max zip entry size to scan in bytes, 0 = no limit
--typing {magic,filename,none} method to decide which files to scan
output:
-j, --json output scan results in JSON format
-o DIR, --output-dir DIR write individual results here (implies --json)
Submitting New Packers / Compilers / Obfuscators
------------------------------------------------
If you come across an APK or DEX which APKiD does not recognize, please
open a GitHub issue and tell us:
- what you think it is – obfuscated, packed, etc.
- the file hash (either MD5, SHA1, SHA256)
We are open to any type of concept you might have for “something
interesting” to detect, so do not limit yourself solely to packers,
compilers or obfuscators. If there is an interesting anti-disassembler,
anti-vm, anti-\* trick, please make an issue.
Pull requests are welcome. If you’re submitting a new rule, be sure to
include a file hash of the APK / DEX so we can check the rule.
License
-------
This tool is available under a dual license: a commercial one suitable
for closed source projects and a GPL license that can be used in open
source software.
Depending on your needs, you must choose one of them and follow its
policies. A detail of the policies and agreements for each license type
are available in the `LICENSE.COMMERCIAL <LICENSE.COMMERCIAL>`__ and
`LICENSE.GPL <LICENSE.GPL>`__ files.
Hacking
-------
If you want to install the latest version in order to make changes,
develop your own rules, and so on, simply clone this repository, compile
the rules, and install the package in editable mode:
.. code:: bash
git clone https://github.com/rednaga/APKiD
cd APKiD
./prep-release.py
pip install -e .[dev,test]
If the above doesn’t work, due to permission errors dependent on your
local machine and where Python has been installed, try specifying the
``--user`` flag. This is likely needed if you’re not using a virtual
environment:
.. code:: bash
pip install -e .[dev,test] --user
If you update any of the rules, be sure to run ``prep-release.py`` to
recompile them.
For Package Maintainers
-----------------------
When releasing a new version, make sure the version has been updated in
`apkid/init.py <apkid/__init__.py>`__.
As for running tests, check out `.travis.yml <.travis.yml>`__ to see how
the dev and test environments are setup and tests are run.
Update the compiled rules, the readme, build the package and upload to
PyPI:
.. code:: bash
./prep-release.py readme
rm -f dist/*
python setup.py sdist bdist_wheel
twine upload --repository-url https://upload.pypi.org/legacy/ dist/*
For more information see `Packaging
Projects <https://packaging.python.org/tutorials/packaging-projects/>`__.
.. |Build Status| image:: https://app.travis-ci.com/rednaga/APKiD.svg?branch=master
:target: https://app.travis-ci.com/rednaga/APKiD
.. |PyPI| image:: https://img.shields.io/pypi/v/apkid.svg
:target: https://pypi.org/project/apkid/
.. |PyPI - Python Version| image:: https://img.shields.io/pypi/pyversions/apkid.svg
:target: https://pypi.org/project/apkid/
.. |PyPI - Format| image:: https://img.shields.io/pypi/format/apkid.svg
:target: https://pypi.org/project/apkid/
.. |PyPI - License| image:: https://img.shields.io/pypi/l/apkid.svg
:target: https://pypi.org/project/apkid/
Raw data
{
"_id": null,
"home_page": "https://github.com/rednaga/APKiD",
"name": "apkid",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "android analysis reversing malware apk dex dalvik",
"author": "Caleb Fenton & Tim Strazzere",
"author_email": "rednaga@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/c6/77/75e5469494eb6ba7dc089b70f594aa9674fc8569b12f082576e01a5164bb/apkid-2.1.5.tar.gz",
"platform": null,
"description": "APKiD\n=====\n\n|Build Status| |PyPI| |PyPI - Python Version| |PyPI - Format| |PyPI -\nLicense|\n\nAPKiD gives you information about how an APK was made. It identifies\nmany compilers, packers, obfuscators, and other weird stuff. It\u2019s\n`PEiD <https://www.aldeid.com/wiki/PEiD>`__ for Android.\n\n.. figure:: https://user-images.githubusercontent.com/1356658/57322793-49be9c00-70b9-11e9-84da-1e64d9459a8a.png\n :alt: Screen Shot 2019-05-07 at 10 55 00 AM\n\n Screen Shot 2019-05-07 at 10 55 00 AM\n\nFor more information on what this tool can be used for, check out:\n\n- `Android Compiler\n Fingerprinting <http://hitcon.org/2016/CMT/slide/day1-r0-e-1.pdf>`__\n- `Detecting Pirated and Malicious Android Apps with\n APKiD <http://rednaga.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/>`__\n- `APKiD: PEiD for Android\n Apps <https://github.com/enovella/cve-bio-enovella/blob/master/slides/bheu18-enovella-APKID.pdf>`__\n- `APKiD: Fast Identification of AppShielding\n Products <https://github.com/enovella/cve-bio-enovella/blob/master/slides/APKiD-NowSecure-Connect19-enovella.pdf>`__\n\nInstalling\n----------\n\n.. code:: bash\n\n pip install apkid\n\nDocker\n~~~~~~\n\nYou can also run APKiD with\n`Docker <https://www.docker.com/community-edition>`__! Of course, this\nrequires that you have git and Docker installed.\n\nHere\u2019s how to use Docker:\n\n.. code:: bash\n\n git clone https://github.com/rednaga/APKiD\n cd APKiD/\n docker build . -t rednaga:apkid\n docker/apkid.sh ~/reverse/targets/android/example/example.apk\n [+] APKiD 2.1.0 :: from RedNaga :: rednaga.io\n [*] example.apk!classes.dex\n |-> compiler : dx\n\nUsage\n-----\n\n::\n\n usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]\n [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]\n [-o DIR]\n [FILE [FILE ...]]\n\n APKiD - Android Application Identifier v2.1.2\n\n positional arguments:\n FILE apk, dex, or directory\n\n optional arguments:\n -h, --help show this help message and exit\n -v, --verbose log debug messages\n\n scanning:\n -t TIMEOUT, --timeout TIMEOUT Yara scan timeout (in seconds)\n -r, --recursive recurse into subdirectories\n --scan-depth SCAN_DEPTH how deep to go when scanning nested zips\n --entry-max-scan-size ENTRY_MAX_SCAN_SIZE max zip entry size to scan in bytes, 0 = no limit\n --typing {magic,filename,none} method to decide which files to scan\n\n output:\n -j, --json output scan results in JSON format\n -o DIR, --output-dir DIR write individual results here (implies --json)\n\nSubmitting New Packers / Compilers / Obfuscators\n------------------------------------------------\n\nIf you come across an APK or DEX which APKiD does not recognize, please\nopen a GitHub issue and tell us:\n\n- what you think it is \u2013 obfuscated, packed, etc.\n- the file hash (either MD5, SHA1, SHA256)\n\nWe are open to any type of concept you might have for \u201csomething\ninteresting\u201d to detect, so do not limit yourself solely to packers,\ncompilers or obfuscators. If there is an interesting anti-disassembler,\nanti-vm, anti-\\* trick, please make an issue.\n\nPull requests are welcome. If you\u2019re submitting a new rule, be sure to\ninclude a file hash of the APK / DEX so we can check the rule.\n\nLicense\n-------\n\nThis tool is available under a dual license: a commercial one suitable\nfor closed source projects and a GPL license that can be used in open\nsource software.\n\nDepending on your needs, you must choose one of them and follow its\npolicies. A detail of the policies and agreements for each license type\nare available in the `LICENSE.COMMERCIAL <LICENSE.COMMERCIAL>`__ and\n`LICENSE.GPL <LICENSE.GPL>`__ files.\n\nHacking\n-------\n\nIf you want to install the latest version in order to make changes,\ndevelop your own rules, and so on, simply clone this repository, compile\nthe rules, and install the package in editable mode:\n\n.. code:: bash\n\n git clone https://github.com/rednaga/APKiD\n cd APKiD\n ./prep-release.py\n pip install -e .[dev,test]\n\nIf the above doesn\u2019t work, due to permission errors dependent on your\nlocal machine and where Python has been installed, try specifying the\n``--user`` flag. This is likely needed if you\u2019re not using a virtual\nenvironment:\n\n.. code:: bash\n\n pip install -e .[dev,test] --user\n\nIf you update any of the rules, be sure to run ``prep-release.py`` to\nrecompile them.\n\nFor Package Maintainers\n-----------------------\n\nWhen releasing a new version, make sure the version has been updated in\n`apkid/init.py <apkid/__init__.py>`__.\n\nAs for running tests, check out `.travis.yml <.travis.yml>`__ to see how\nthe dev and test environments are setup and tests are run.\n\nUpdate the compiled rules, the readme, build the package and upload to\nPyPI:\n\n.. code:: bash\n\n ./prep-release.py readme\n rm -f dist/*\n python setup.py sdist bdist_wheel\n twine upload --repository-url https://upload.pypi.org/legacy/ dist/*\n\nFor more information see `Packaging\nProjects <https://packaging.python.org/tutorials/packaging-projects/>`__.\n\n.. |Build Status| image:: https://app.travis-ci.com/rednaga/APKiD.svg?branch=master\n :target: https://app.travis-ci.com/rednaga/APKiD\n.. |PyPI| image:: https://img.shields.io/pypi/v/apkid.svg\n :target: https://pypi.org/project/apkid/\n.. |PyPI - Python Version| image:: https://img.shields.io/pypi/pyversions/apkid.svg\n :target: https://pypi.org/project/apkid/\n.. |PyPI - Format| image:: https://img.shields.io/pypi/format/apkid.svg\n :target: https://pypi.org/project/apkid/\n.. |PyPI - License| image:: https://img.shields.io/pypi/l/apkid.svg\n :target: https://pypi.org/project/apkid/\n\n\n",
"bugtrack_url": null,
"license": "GPL & Commercial",
"summary": "Android Package Identifier",
"version": "2.1.5",
"project_urls": {
"Homepage": "https://github.com/rednaga/APKiD"
},
"split_keywords": [
"android",
"analysis",
"reversing",
"malware",
"apk",
"dex",
"dalvik"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5061cd3ec3aded6034df0e306cfebee9070d4197a0f40108f93094aa64a01de4",
"md5": "1283b00eaca8871492ffcc7b7de453b8",
"sha256": "be54f05d0599a163df505d8de5f7d3cccd3043c784334c15e4fa7034e7e9687a"
},
"downloads": -1,
"filename": "apkid-2.1.5-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "1283b00eaca8871492ffcc7b7de453b8",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 137820,
"upload_time": "2023-07-30T17:07:13",
"upload_time_iso_8601": "2023-07-30T17:07:13.396452Z",
"url": "https://files.pythonhosted.org/packages/50/61/cd3ec3aded6034df0e306cfebee9070d4197a0f40108f93094aa64a01de4/apkid-2.1.5-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c67775e5469494eb6ba7dc089b70f594aa9674fc8569b12f082576e01a5164bb",
"md5": "1296e57bb1420f264adb358956a7509a",
"sha256": "0f739ff9fc9d5a4c739af26762964bb5120b5264f5c58923d3434dd5d224e2b0"
},
"downloads": -1,
"filename": "apkid-2.1.5.tar.gz",
"has_sig": false,
"md5_digest": "1296e57bb1420f264adb358956a7509a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 139645,
"upload_time": "2023-07-30T17:07:15",
"upload_time_iso_8601": "2023-07-30T17:07:15.695691Z",
"url": "https://files.pythonhosted.org/packages/c6/77/75e5469494eb6ba7dc089b70f594aa9674fc8569b12f082576e01a5164bb/apkid-2.1.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-30 17:07:15",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "rednaga",
"github_project": "APKiD",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"lcname": "apkid"
}
JSON
