{"id":13438052,"url":"https://github.com/dorneanu/smalisca","last_synced_at":"2025-03-19T18:31:43.558Z","repository":{"id":28459460,"uuid":"31975151","full_name":"dorneanu/smalisca","owner":"dorneanu","description":"Static Code Analysis for Smali files","archived":true,"fork":false,"pushed_at":"2019-10-03T15:42:12.000Z","size":99,"stargazers_count":313,"open_issues_count":16,"forks_count":81,"subscribers_count":31,"default_branch":"master","last_synced_at":"2024-04-25T01:40:45.029Z","etag":null,"topics":["android","python","reverse-engineering","smali"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dorneanu.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE.rst","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-10T18:43:15.000Z","updated_at":"2024-03-19T12:58:36.000Z","dependencies_parsed_at":"2022-09-19T09:31:34.040Z","dependency_job_id":null,"html_url":"https://github.com/dorneanu/smalisca","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dorneanu%2Fsmalisca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dorneanu%2Fsmalisca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dorneanu%2Fsmalisca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dorneanu%2Fsmalisca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dorneanu","download_url":"https://codeload.github.com/dorneanu/smalisca/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221729794,"owners_count":16871106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","python","reverse-engineering","smali"],"created_at":"2024-07-31T03:01:02.546Z","updated_at":"2025-03-19T18:31:43.551Z","avatar_url":"https://github.com/dorneanu.png","language":"Python","funding_links":[],"categories":["Android Security","Tools","Python"],"sub_categories":["Static Analysis Tools"],"readme":"=========================================\nStatic Code Analysis for Smali\n=========================================\n\n.. image:: https://img.shields.io/pypi/dm/smalisca.svg?style=plastic \n :target: https://pypi.python.org/pypi/smalisca\n.. image:: https://img.shields.io/pypi/v/smalisca.svg?style=plastic \n :target: https://pypi.python.org/pypi/smalisca\n.. image:: https://img.shields.io/pypi/l/smalisca.svg?style=plastic \n :target: https://pypi.python.org/pypi/smalisca\n.. image:: https://readthedocs.org/projects/smalisca/badge/?version=stable \n :target: http://smalisca.readthedocs.org/en/stable/\n\n\nIf you ever have looked at Android applications you know to appreciate\nthe ability of analyzing your target at the most advanced level. Dynamic\nprogram analysis will give you a pretty good overview of your applications\nactivities and general behaviour. However sometimes you'll want to just\nanalyze your application **without** running it. You'll want to have a look\nat its components, analyze how they interact and how data is tainted\nfrom one point to another.\n\nThis is was the major factor driving the development of *smalisca*. There\nare indeed some good reasons for a *static code analysis* before the\n*dynamic* one. Before interacting with the application I like to know\nhow the application has been build, if there is any API and generate all\nsort of *call flow graphs*. In fact graphs have been very important to\nme since they *visualize* things. Instead of jumping from file to file,\nfrom class to class, I just look at the graphs.\n\nWhile graph building has been an important reason for me to code such a\ntool, *smalisca* has some other neat **features** you should read about.\n\n\nFeatures\n========\n\nAt the moment there are some few major functionalities like:\n\n* **parsing**\n\n You can parse a whole directory of **Smali** files and **extract**:\n\n * class information\n * class properties\n * class methods\n * calls between methods of different classes\n\n You can then **export** the results as **JSON** or **SQLite**.\n\n Have a loot at the `parsing page \u003chttp://smalisca.readthedocs.org/en/stable/parsing.html\u003e`_ for more information.\n\n\n\n* **analyzing**\n\n After exporting the results you'll get an **interactive prompt** to take\n a closer look at your parsed data. You can **search** for classes, properties,\n methods and even method calls. You can then apply several **filters** to your search\n criterias like::\n\n smalisca\u003e sc -c class_name -p test -r 10 -x path -s class_type\n\n This command will search for *10* (-r 10) classes which contain the pattern *test* (-p)\n in their *class name* (-c). Afterwards the command will exclude the column *path*\n (-x path) from the results and sort them by the *class type* (-s).\n\n Let's have a look at another example::\n\n smalisca\u003e scl -fc com/android -fm init -r 10\n\n This will search for all **method calls** whose *calling* class name contains the pattern\n *com/android* (-fc). Additionally we can look for calls originating from methods whose\n name contain the pattern *init* (-fm).\n\n You can of course read your commands from a file and analyze your results in a *batch*-\n like manner::\n\n $ cat cmd.txt\n sc -c class_name -p com/gmail/xlibs -r 10 -x path\n quit\n $ ./smalisca.py analyzer -i results.sqlite -f sqlite -c cmd.txt\n ...\n\n Have a loot at the `analysis page \u003chttp://smalisca.readthedocs.org/en/stable/analysis.html\u003e`_ for more information.\n\n* **web API**\n\n smalisca provides a REST web service in order to easily interact with the results by just using \n a web client. This way you can access data in your own (fancy) web application and have a clean\n separation between backend and frontend. \n\n Read more about the available REST API at the `web API page \u003chttp://smalisca.readthedocs.org/en/stable/web-api.html\u003e`_. \n\n\n* **visualizing**\n\n I think this the **most** valuable feature of *smalisca*. The ability to visualize your\n results in a structured way makes your life more comfortable. Depending on what you're\n interested in, this tool has several graph drawing features I'd like to promote.\n\n At first you can draw your packages including their classes, properties and methods::\n\n smalisca\u003e dc -c class_name -p test -f dot -o /tmp/classes.dot\n :: INFO Wrote results to /tmp/classes.dot\n smalisca\u003e\n\n This will first search classes whose class name contains *test* and then export the\n results in the **Graphviz DOT** language. You can then manually generate a graph using\n *dot*, *neato*, *circo* etc. Or you do that using the interactive prompt::\n\n smalisca\u003e dc -c class_name -p test -f pdf -o /tmp/classes.pdf --prog neato\n :: INFO Wrote results to /tmp/classes.pdf\n smalisca\u003e\n\n Have a loot at the `drawing page \u003chttp://smalisca.readthedocs.org/en/stable/drawing.html\u003e`_ for more information.\n\nScreenshots\n===========\n\n.. figure:: http://smalisca.readthedocs.org/en/stable/_images/smalisca_search_classes.png\n :scale: 99%\n :alt: Basic usage\n \n Output results as table.\n \n\n\n.. figure:: http://smalisca.readthedocs.org/en/stable/_images/smalisca_dxcl_dot_0.png\n :scale: 99%\n :alt: Cross calls\n \n Basic relationships between classes and modules.\n\n\nHave a look at the `screenshots page \u003chttp://smalisca.readthedocs.org/en/stable/screenshots.html\u003e`_.\n\n\nInstallation\n============\n\nRefer to the `installation page \u003chttp://smalisca.readthedocs.org/en/stable/installation.html\u003e`_.\nRequirements:\n\n* Python (2.x / 3.x)\n* `cement \u003chttp://builtoncement.com/\u003e`_\n* Graphviz\n* SQLAlchemy\n\n\nHow to use it\n=============\n\nAfter installing the tool, you may want to first pick up an Android application (APK)\nto play with. Use `apktool \u003chttps://code.google.com/p/android-apktool/\u003e`_ or my own tool\n`ADUS \u003chttps://github.com/dorneanu/adus\u003e`_ to dump the APKs content. For the sake of\nsimplicity I'll be using **FakeBanker** which I've analyzed in a previous\n`blog post \u003chttp://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/\u003e`_.\n\nFirst touch\n-----------\n\nBut first let's have a look at the tools main options::\n\n $ smalisca --help\n\n /\\_ \\ __ \n ____ ___ ___ __ \\//\\ \\ /\\_\\ ____ ___ __ \n /',__\\ /' __` __`\\ /'__`\\ \\ \\ \\ \\/\\ \\ /',__\\ /'___\\ /'__`\\ \n /\\__, `\\/\\ \\/\\ \\/\\ \\/\\ \\L\\.\\_ \\_\\ \\_\\ \\ \\/\\__, `\\/\\ \\__//\\ \\L\\.\\_ \n \\/\\____/\\ \\_\\ \\_\\ \\_\\ \\__/.\\_\\/\\____\\\\ \\_\\/\\____/\\ \\____\\ \\__/.\\_\\\n \\/___/ \\/_/\\/_/\\/_/\\/__/\\/_/\\/____/ \\/_/\\/___/ \\/____/\\/__/\\/_/\n \n\n --------------------------------------------------------------------------------\n :: Author: Victor \u003cCyneox\u003e Dorneanu\n :: Desc: Static Code Analysis tool for Smali files\n :: URL: http://nullsecurity.net, http://{blog,www}.dornea.nu\n :: Version: 0.2\n --------------------------------------------------------------------------------\n\n usage: smalisca (sub-commands ...) [options ...] {arguments ...}\n\n [--] Static Code Analysis (SCA) tool for Baskmali (Smali) files.\n\n commands:\n\n analyzer\n [--] Analyze results using an interactive prompt or on the command line.\n\n parser\n [--] Parse files and extract data based on Smali syntax.\n\n web\n [--] Analyze results using web API.\n\n optional arguments:\n -h, --help show this help message and exit\n --debug toggle debug output\n --quiet suppress all output\n --log-level {debug,info,warn,error,critical}\n Change logging level (Default: info)\n -v, --version show program's version number and exit\n\n\nParsing\n-------\n\nI'll first **parse** some directory for **Smali** files before doing the analysis stuff::\n\n $ smalisca parser -l ~/tmp/FakeBanker2/dumped/smali -s java -f sqlite -o fakebanker.sqlite\n\n ...\n\n :: INFO Parsing .java files in /home/victor/tmp/FakeBanker2/dumped/smali ...\n :: INFO Finished parsing!\n :: INFO Exporting results to SQLite\n :: INFO Extract classes ...\n :: INFO Extract class properties ...\n :: INFO Extract class methods ...\n :: INFO Extract calls ...\n :: INFO Commit changes to SQLite DB\n :: INFO Wrote results to fakebanker.sqlite\n :: INFO Finished scanning\n\nAlso have a look at the `parsing page \u003chttp://smalisca.readthedocs.org/en/stable/parsing.html\u003e`_ for further information.\n\n\nAnalyzing\n----------\n\nNow you're free to do whatever you want with your generated exports. You can inspect the **SQLite DB**\ndirectly or use *smaliscas* **analysis** features::\n\n $ smalisca analyzer -f sqlite -i fakebanker.sqlite\n\n ...\n\n\n smalisca\u003esc -x path -r 10\n +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+\n | id | class_name | class_type | class_package | depth |\n +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+\n | 1 | Landroid/support/v4/net/ConnectivityManagerCompat | public | Landroid.support.v4.net | 5 |\n | 2 | Landroid/support/v4/view/AccessibilityDelegateCompat$AccessibilityDelegateJellyBeanImpl | | Landroid.support.v4.view | 5 |\n | 3 | Landroid/support/v4/view/ViewCompat$ViewCompatImpl | interface abstract | Landroid.support.v4.view | 5 |\n | 4 | Landroid/support/v4/app/ActivityCompatHoneycomb | | Landroid.support.v4.app | 5 |\n | 5 | Landroid/support/v4/app/NoSaveStateFrameLayout | | Landroid.support.v4.app | 5 |\n | 6 | Landroid/support/v4/net/ConnectivityManagerCompatHoneycombMR2 | | Landroid.support.v4.net | 5 |\n | 7 | Lcom/gmail/xpack/BuildConfig | public final | Lcom.gmail.xpack | 4 |\n | 8 | Landroid/support/v4/app/BackStackRecord$Op | final | Landroid.support.v4.app | 5 |\n | 9 | Landroid/support/v4/app/FragmentManagerImpl | final | Landroid.support.v4.app | 5 |\n | 10 | Landroid/support/v4/app/ShareCompat$ShareCompatImpl | interface abstract | Landroid.support.v4.app | 5 |\n +----+-----------------------------------------------------------------------------------------+--------------------+--------------------------+-------+\n\nAlso refer to the `analysis page \u003chttp://smalisca.readthedocs.org/en/stable/analysis.html\u003e`_ for more available **commands** and options.\n\n\nDrawing\n-------\n\nPlease refer to the `drawing page \u003chttp://smalisca.readthedocs.org/en/stable/drawing.html\u003e`_ for full examples.\n\n\nLicense\n========\n\n*smalisca* has been released under the **MIT** license. Have a look at the **LICENSE.rst** file.\n\nCredits\n=======\n\nThis tool is dedicated to **Lică**. Many thanks also go to:\n\n* `Stephen McAllister \u003chttps://de.linkedin.com/pub/stephen-mcallister/13/843/71a\u003e`_\n\n * Many thanks for all those hours full of APK debugging and great ideas\n\n* My gf\n\n * Thank you very much for your patience and understanding!\n\n* `nullsecurity.net \u003chttp://nullsecurity.net\u003e`_\n\n * Hack the planet!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdorneanu%2Fsmalisca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdorneanu%2Fsmalisca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdorneanu%2Fsmalisca/lists"}