Permhash calculator

Project description

Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoting similar to import hashing and rich header hashing.

Permhash is currently capable of running on four types of files, but is extensible beyond this:

An Android Package (APK) file.
A Chromium-based Extension file (CRX).
An AXML Android Manifest file found at the root directory within APKs.
A JSON Extension Manifest from a Chromium-based extension.

Download and Usage

Install the permhash library

pip install permhash

Library Use

Import permhash

from permhash import functions as permhash

Use permhash

# The path variable should be the full path to the file you wish to use to calculate the permhash.

# Calculate the permhash for a CRX
ph = permhash.permhash_crx(path)

# Calculate the permhash for a CRX manifest
ph = permhash.permhash_crx_manifest(path)

# Calculate the permhash for an APK
ph = permhash.permhash_apk(path)

# Calculate the permhash for an APK manifest
ph = permhash.permhash_apk_manifest(path)

Example

An example of calculating permhash in bulk.

import csv
import os
from permhash import functions as permhash


def bulk_permhash_crx_manifest(path, output):
    """
    Computes the permhash from a directory of CRX manifests
    Outputs the results in a csv passed as input

    :param path: The targeted directory
    :type path: string
    :param output:
    :type path: string

    """
    with open(output, mode="w", encoding="utf-8") as results:
        out_writer = csv.writer(
            results, delimiter=",", quotechar='"', quoting=csv.QUOTE_MINIMAL
        )
        out_writer.writerow(["filename", "permhash"])
        for filename in os.listdir(path):
            if path.endswith("/"):
                full_path = path + filename
            else:
                full_path = path + "/" + filename
            calculated_permhash = permhash.permhash_crx_manifest(full_path)
            if calculated_permhash:
                out_writer.writerow([filename, calculated_permhash])

Commandline Use

Permhash can also be used as a commandline tool. Provide the full path to the file to calculate the permhash in the --path/-p switch and the type of file being analyzed in the --type/-t switch. The command will output the permhash or False if it is an invalid file.

permhash --type crx --path '[PATH TO CRX File]'
permhash --type crx_manifest --path '[PATH TO CRX Manifest File]'
permhash --type apk --path '[PATH TO APK File]'
permhash --type apk_manifest --path '[PATH TO APK Manifest Files]'

Further Information

Permhash

Review the Mandiant Permhash Blog for more details.

Discussion

The Permhash Google Group can be used to facilitate discussion.

Disclaimer

This is not an officially supported Google product.

Project details

Release history Release notifications | RSS feed

This version

0.1.4.2

Feb 28, 2024

0.1.4.1

Nov 8, 2023

0.1.4

Nov 8, 2023

0.1.3

May 15, 2023

0.1.2

May 15, 2023

0.1.1

May 15, 2023

0.1.0

May 15, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

permhash-0.1.4.2.tar.gz (13.9 kB view details)

Uploaded Feb 28, 2024 Source

File details

Details for the file permhash-0.1.4.2.tar.gz.

File metadata

Download URL: permhash-0.1.4.2.tar.gz
Upload date: Feb 28, 2024
Size: 13.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for permhash-0.1.4.2.tar.gz
Algorithm	Hash digest
SHA256	`5e46c1a36aeb1dd19974c48d5c6331aae3621cebd2b725d261e248b6789b3797`
MD5	`78fddf041e70d58cc37bfe715a1c36b3`
BLAKE2b-256	`5f188dfaea2fe937fbdf5d3872463d48f47a58ef41edd46a86de7a73e257465b`