Skip to main content

Android Package Identifier

Project description

Build Status PyPI PyPI - Python Version PyPI - Format PyPI - License

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android.

Screen Shot 2019-05-07 at 10 55 00 AM

Screen Shot 2019-05-07 at 10 55 00 AM

For more information on what this tool can be used for, check out:

Installing

pip install apkid

Docker

You can also run APKiD with Docker! Of course, this requires that you have git and Docker installed.

Here’s how to use Docker:

git clone https://github.com/rednaga/APKiD
cd APKiD/
docker build . -t rednaga:apkid
docker/apkid.sh ~/reverse/targets/android/example/example.apk
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] example.apk!classes.dex
 |-> compiler : dx

Usage

usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]
             [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]
             [-o DIR]
             [FILE [FILE ...]]

APKiD - Android Application Identifier v2.1.2

positional arguments:
  FILE                                       apk, dex, or directory

optional arguments:
  -h, --help                                 show this help message and exit
  -v, --verbose                              log debug messages

scanning:
  -t TIMEOUT, --timeout TIMEOUT              Yara scan timeout (in seconds)
  -r, --recursive                            recurse into subdirectories
  --scan-depth SCAN_DEPTH                    how deep to go when scanning nested zips
  --entry-max-scan-size ENTRY_MAX_SCAN_SIZE  max zip entry size to scan in bytes, 0 = no limit
  --typing {magic,filename,none}             method to decide which files to scan

output:
  -j, --json                                 output scan results in JSON format
  -o DIR, --output-dir DIR                   write individual results here (implies --json)

Submitting New Packers / Compilers / Obfuscators

If you come across an APK or DEX which APKiD does not recognize, please open a GitHub issue and tell us:

  • what you think it is – obfuscated, packed, etc.

  • the file hash (either MD5, SHA1, SHA256)

We are open to any type of concept you might have for “something interesting” to detect, so do not limit yourself solely to packers, compilers or obfuscators. If there is an interesting anti-disassembler, anti-vm, anti-* trick, please make an issue.

Pull requests are welcome. If you’re submitting a new rule, be sure to include a file hash of the APK / DEX so we can check the rule.

License

This tool is available under a dual license: a commercial one suitable for closed source projects and a GPL license that can be used in open source software.

Depending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type are available in the LICENSE.COMMERCIAL and LICENSE.GPL files.

Hacking

If you want to install the latest version in order to make changes, develop your own rules, and so on, simply clone this repository, compile the rules, and install the package in editable mode:

git clone https://github.com/rednaga/APKiD
cd APKiD
python prep-release.py
pip install -e .[dev,test]

If the above doesn’t work, due to permission errors dependent on your local machine and where Python has been installed, try specifying the --user flag. This is likely needed if you’re not using a virtual environment:

pip install -e .[dev,test] --user

If you update any of the rules, be sure to run prep-release.py to recompile them.

If you are using Windows, install Yara 3.11.0 and yara-python-dex before compiling

pip install yara-python==3.11.0
pip install wheel
pip wheel --wheel-dir=yara-python-dex git+https://github.com/MobSF/yara-python-dex.git
pip install --no-index --find-links=yara-python-dex yara-python-dex

For Package Maintainers

When releasing a new version, make sure the version has been updated in apkid/init.py.

As for running tests, check out .travis.yml to see how the dev and test environments are setup and tests are run.

Update the compiled rules, the readme, build the package and upload to PyPI:

./prep-release.py readme
rm -f dist/*
python setup.py sdist bdist_wheel
twine upload --repository-url https://upload.pypi.org/legacy/ dist/*

For more information see Packaging Projects.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apkid-3.0.0.tar.gz (189.3 kB view details)

Uploaded Source

Built Distribution

apkid-3.0.0-py2.py3-none-any.whl (187.4 kB view details)

Uploaded Python 2Python 3

File details

Details for the file apkid-3.0.0.tar.gz.

File metadata

  • Download URL: apkid-3.0.0.tar.gz
  • Upload date:
  • Size: 189.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 colorama/0.4.4 importlib-metadata/4.6.4 keyring/23.5.0 pkginfo/1.8.2 readme-renderer/34.0 requests-toolbelt/0.9.1 requests/2.25.1 rfc3986/1.5.0 tqdm/4.57.0 urllib3/1.26.5 CPython/3.10.12

File hashes

Hashes for apkid-3.0.0.tar.gz
Algorithm Hash digest
SHA256 e554dfdeaf4c8a5207fba7c40796a36b39e03b55bb23b5af4e2b22435d374ad1
MD5 81baa1c5dc684b0b419e95244082b64f
BLAKE2b-256 6b28dc1b85e1503c73cf932c4086b43b78aae3552f658967f5d15939ace895d8

See more details on using hashes here.

File details

Details for the file apkid-3.0.0-py2.py3-none-any.whl.

File metadata

  • Download URL: apkid-3.0.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 187.4 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 colorama/0.4.4 importlib-metadata/4.6.4 keyring/23.5.0 pkginfo/1.8.2 readme-renderer/34.0 requests-toolbelt/0.9.1 requests/2.25.1 rfc3986/1.5.0 tqdm/4.57.0 urllib3/1.26.5 CPython/3.10.12

File hashes

Hashes for apkid-3.0.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 0e3b3d381dce46f39cb37479ba5675569113279d1d306e18be6dc70ca532072a
MD5 a957dfa542107c56bcbf4dc51dd24753
BLAKE2b-256 788dc65bf5c5904da54b5be389ba239f4d1a559b9d2c9f819f8c5f0b0224624f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page