extract_api.py

#/usr/bin/python
#coding=utf-8
import sys,os
import shutil
import zipfile 
from xml.dom import minidom
import MySQLdb

#get all the smali files
def get_all_files(file_dir):
	for file in os.listdir(file_dir):
		if os.path.isfile(file_dir+"/"+file):
			files.append(file_dir+"/"+file)
		else:
			if file_dir=="apk/smali" or file_dir.find("com")!=-1:
				get_all_files(file_dir+"/"+file)


file_name = "1.apk"
file_dir = "apk/smali"

#get MainActivity name
AndroidManifest = minidom.parse("apk/AndroidManifest.xml")
MainActivity = ""
for activity in AndroidManifest.getElementsByTagName("activity"):
	activity_name = activity.attributes["android:name"].value
	if len(activity.getElementsByTagName("action")) > 0:
		for temp in activity.getElementsByTagName("action"):
			if temp.attributes["android:name"].value=="android.intent.action.MAIN":
				MainActivity = activity_name

#get all smali files path
files =  []
get_all_files(file_dir)


methods = {}
for file in files:
	f = open(file)
	while 1:
		lines = f.readlines(100000)
		if not lines:
			break;
		for line in lines:
			if line.find("invoke-")!=-1:
				method_name = line.split(",")[len(line.split(","))-1].strip("\n")
				method_name = method_name.replace("/",".")
				method_name = method_name.replace(";->",".")
				method_name = method_name[method_name.find('L')+1:]
				method_name = method_name[:method_name.find(')')+1]
				method_name = method_name.replace("(L","(")
				method_name = method_name.replace(";L",",")
				method_name = method_name.replace(";)",")")
				counts = methods.get(method_name,0)+1
				methods.update({method_name:counts})


methods_string = ""
for k,v in methods.items():
	methods_string += "%s:%d;" %(k,v)

#update database
#connect MySQL
conn= MySQLdb.connect(
        host='localhost',
        port = 3306,
        user='root',
        passwd='root',
        db ='Android',
        )
cur = conn.cursor()

#is already exist
cur.execute("select count(id) from malware where name='%s'" %(MainActivity))
already_exist = cur.fetchone()
if(already_exist[0]>0):
	sql = "update malware set apis='%s' where name='%s'" %(methods_string,MainActivity)
	cur.execute(sql)
else:
	print("not exist")
	exit()

cur.close()
conn.commit()
conn.close()
print("over")