ruby_apk

Android Apk static analysis library for Ruby.

Requirements

ruby(>=1.9.x)

Install

$ gem install ruby_apk

Usage

Initialize

  require 'ruby_apk'
  apk = Android::Apk.new('sample.apk') # set apk file path

Apk

Listing files in Apk

# listing files in apk
apk = Android::Apk.new('sample.apk')
apk.each_file do |name, data|
  puts "#{name}: #{data.size}bytes" # puts file name and data size
end

Find files in Apk

  apk = Android::Apk.new('sample.apk')
  elf_files = apk.find{|name, data| data[0..3] == [0x7f, 0x45, 0x4c, 0x46] } # ELF magic number

Extract icon data in Apk (since 0.6.0)

  apk = Android::Apk.new('sample.apk')
  icons = apk.icon # { "res/drawable-hdpi/ic_launcher.png" => "\x89PNG\x0D\x0A...", ... }
  icons.each do |name, data|
    File.open(File.basename(name), 'wb') {|f| f.write data } # save to file.
  end

Extract signature and certificate information from Apk (since v0.7.0)

  apk = Android::Apk.new('sample.apk')
  signs = apk.signs # retrun Hash(key: signature file path, value: OpenSSL::PKCS7)
  signs.each do |path, sign|
    puts path # => "MATA-INF/CERT.RSA" or ...
    puts sign # => "-----BEGIN PKCS7-----\n..." PKCS7 object
  end

  certs = apk.certificates # retrun Hash(key: signature file path, value: OpenSSL::X509::Certificate)
  certs.each do |path, cert|
    puts path # => "MATA-INF/CERT.RSA" or ...
    puts cert # => "-----BEGIN CERTIFICATE-----\n..." # X509::Certificate object
  end

Note: Most apks have only one signature and cerficate.

Manifest

Get readable xml

  apk = Android::Apk.new('sample.apk')
  manifest = apk.manifest
  puts manifest.to_xml

Listing components and permissions

  apk = Android::Apk.new('sample.apk')
  manifest = apk.manifest
  # listing components
  manifest.components.each do |c| # 'c' is Android::Manifest::Component object
    puts "#{c.type}: #{c.name}" 
    c.intent_filters.each do |filter|
      puts "\t#{filter.type}"
    end
  end

  # listing use-permission tag
  manifest.use_permissions.each do |permission|
    puts permission
  end

Extract application label string

  apk = Android::Apk.new('sample.apk')
  puts apk.manifest.label

Resource

Extract resource strings from apk

  apk = Android::Apk.new('sample.apk')
  rsc = apk.resource
  rsc.strings.each do |str|
    puts str
  end

Parse resource file directly

  rsc_data = File.open('resources.arsc', 'rb').read{|f| f.read }
  rsc = Android::Resource.new(rsc_data)

Resolve resource id

This feature supports only srting resources for now.

  apk = Android::Apk.new('sample.apk')
  rsc = apk.resource
  
  # assigns readable resource id
  puts rsc.find('@string/app_name') # => 'application name'

  # assigns hex resource id
  puts rsc.find('@0x7f040000') # => 'application name'

  # you can set lang attribute.
  puts rsc.find('@0x7f040000', :lang => 'ja')

Dex

Extract dex information

  apk = Android::Apk.new('sample.apk')
  dex = apk.dex
  # listing string table in dex
  dex.strings.each do |str|
    puts str
  end

  # listing all class names
  dex.classes.each do |cls| # cls is Android::Dex::ClassInfo
    puts "class: #{cls.name}"
    cls.virtual_methods.each do |m| # Android::Dex::MethodInfo
      puts "\t#{m.definition}" # puts method definition
    end
  end

Parse dex file directly

  dex_data = File.open('classes.dex','rb').read{|f| f.read }
  dex = Android::Dex.new(dex_data)

ruby_apk

Development

Runtime

ruby_apk

Requirements

Install

Usage

Initialize

Apk

Listing files in Apk

Find files in Apk

Extract icon data in Apk (since 0.6.0)

Extract signature and certificate information from Apk (since v0.7.0)

Manifest

Get readable xml

Listing components and permissions

Extract application label string

Resource

Extract resource strings from apk

Parse resource file directly

Resolve resource id

Dex

Extract dex information

Parse dex file directly

Copyright