goapk

package module

v0.6.0 Latest Latest Go to latest Published: May 13, 2020 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mikusjelly/goapk

README ¶

goapk

A library for parsing apk, dex, pcap file.

Usage

go get -u github.com/mikusjelly/goapk

// parse apk
path := "./datas/test.apk"
apkReader, err := apkparser.OpenZip(path)

// parse pcap
p := NewPcapParser()
p.Parse(`./datas/test.pcap`)

Documentation ¶

Index ¶

Variables
func ConvertIP(bytes []byte) string
func PrintStruct(i interface{})
func Struct2Json(i interface{}) string
func TypeList(dex *DexFile, offset int) string
type APK
- func NewAPK(path string) (a *APK, err error)
- func (a *APK) Close()
- func (a *APK) GetAndroidManifest() string
- func (a *APK) GetDexClass() []DexClass
- func (a *APK) GetDexStrings() []string
- func (a *APK) ParseAndroidManifest()
- func (a *APK) ParseDex(dexReader io.Reader)
- func (a *APK) ParseDexes()
type ClassData
- func NewClassData(dexFile *DexFile, offset int) ClassData
type CodeItem
- func NewCodeItem(dex *DexFile, offset int) CodeItem
type DNS
- func (d *DNS) FromBytes(data []byte) error
type DNSAnswer
type DNSInfo
type DexClass
- func NewDexClass(dexFile *DexFile, offset int, idx int) DexClass
type DexFile
- func (d *DexFile) Stream(offset int) Reader
- func (d *DexFile) String(index int) string
- func (d *DexFile) Type(index int) string
type ELFParser
- func NewELFParser() *ELFParser
- func (e *ELFParser) Parse(r io.Reader)
- func (e *ELFParser) ParseFile(path string)
- func (e *ELFParser) ReadString(b []byte) map[uint64][]byte
type Field
- func NewField(dex *DexFile, fieldIdx int, access int) Field
type FieldID
- func NewFieldID(dex *DexFile, fieldIdx int) FieldID
type HTTPRequest
- func NewHTTPRequest() HTTPRequest
- func (r *HTTPRequest) GetData() string
- func (r *HTTPRequest) GetMethod() string
- func (r *HTTPRequest) GetResponeContentType() string
- func (r *HTTPRequest) GetURL() string
- func (r *HTTPRequest) GetUserAgent() string
- func (r *HTTPRequest) SetData(Data string)
- func (r *HTTPRequest) SetMethod(mtd string)
- func (r *HTTPRequest) SetResponeContentType(ct string)
- func (r *HTTPRequest) SetURL(url string)
- func (r *HTTPRequest) SetUserAgent(ua string)
type MailAccount
type MailContent
type MailInfos
type Method
- func NewMethod(dex *DexFile, methodIdx int, acess int, codeOff int) Method
type MethodID
- func NewMethodID(dex *DexFile, methodIdx int) MethodID
type PcapParser
- func NewPcapParser() *PcapParser
- func (p *PcapParser) Parse(path string) error
- func (p *PcapParser) ParseBytes(bs []byte) error
- func (p *PcapParser) ParseReader(src io.Reader) error
type Reader
- func (s *Reader) Read(size int) ([]byte, error)
- func (s *Reader) ReadCStr(off int) string
- func (s *Reader) U16() uint16
- func (s *Reader) U32() uint32
- func (s *Reader) U64() uint64
- func (s *Reader) U8(flag bool) int32
- func (s *Reader) Uleb128() uint64
type SizeOff
type TransmissionData

Constants ¶

This section is empty.

Variables ¶

View Source

var NoIndex = 0xFFFFFFFF

NoIndex 偏移过长

Functions ¶

func ConvertIP ¶

func ConvertIP(bytes []byte) string

ConvertIP 将bytes格式的IP，转为字符串

func PrintStruct ¶ added in v0.3.0

func PrintStruct(i interface{})

PrintStruct 打印结构体

func Struct2Json ¶ added in v0.3.0

func Struct2Json(i interface{}) string

Struct2Json Struct转Json

func TypeList ¶ added in v0.6.0

func TypeList(dex *DexFile, offset int) string

TypeList 获取参数列表

Types ¶

type APK ¶

type APK struct {
	// contains filtered or unexported fields
}

APK 定义APK的结构

func NewAPK ¶

func NewAPK(path string) (a *APK, err error)

NewAPK 新建一个APK对象，一次性全部解析完毕，然后，再放在内存进行检索

func (*APK) Close ¶

func (a *APK) Close()

Close 关闭

func (*APK) GetAndroidManifest ¶

func (a *APK) GetAndroidManifest() string

GetAndroidManifest 获取清单内容

func (*APK) GetDexClass ¶ added in v0.6.0

func (a *APK) GetDexClass() []DexClass

GetDexClass get dexclass

func (*APK) GetDexStrings ¶ added in v0.6.0

func (a *APK) GetDexStrings() []string

GetDexStrings 获得字符串

func (*APK) ParseAndroidManifest ¶

func (a *APK) ParseAndroidManifest()

ParseAndroidManifest 解析清单内容

func (*APK) ParseDex ¶

func (a *APK) ParseDex(dexReader io.Reader)

ParseDex 解析单个

func (*APK) ParseDexes ¶ added in v0.6.0

func (a *APK) ParseDexes()

ParseDexes 解析所有的Dex

type ClassData ¶

type ClassData struct {
	// contains filtered or unexported fields
}

ClassData DexClass 中的数据，包含字段、方法。

func NewClassData ¶

func NewClassData(dexFile *DexFile, offset int) ClassData

NewClassData 初始化ClassData

type CodeItem ¶

type CodeItem struct {
	// contains filtered or unexported fields
}

CodeItem 代码结构

func NewCodeItem ¶

func NewCodeItem(dex *DexFile, offset int) CodeItem

NewCodeItem New CodeItem

type DNS ¶ added in v0.3.0

type DNS struct {
	// contains filtered or unexported fields
}

DNS 协议结构

func (*DNS) FromBytes ¶ added in v0.3.0

func (d *DNS) FromBytes(data []byte) error

FromBytes 解析DNS应答数据

type DNSAnswer ¶

type DNSAnswer struct {
	Name string `json:"name"`
	Addr string `json:"addr"`
}

DNSAnswer DNS应答内容

type DNSInfo ¶ added in v0.3.0

type DNSInfo struct {
	Domain  string      `json:"domain"`
	Answers []DNSAnswer `json:"answers"`
}

DNSInfo DNS信息

type DexClass ¶

type DexClass struct {
	// contains filtered or unexported fields
}

DexClass 相关

func NewDexClass ¶

func NewDexClass(dexFile *DexFile, offset int, idx int) DexClass

NewDexClass 实例化DexClass对象

type DexFile ¶

type DexFile struct {
	// contains filtered or unexported fields
}

DexFile Dex文件结构

func (*DexFile) Stream ¶

func (d *DexFile) Stream(offset int) Reader

Stream 从Dex文件中，读一段数据（TODO 这种情况是否会增加内存？）

func (*DexFile) String ¶

func (d *DexFile) String(index int) string

func (*DexFile) Type ¶

func (d *DexFile) Type(index int) string

Type 获取类名/类型

type ELFParser ¶ added in v0.6.0

type ELFParser struct {
	File              *elf.File
	ImportedLibraries []string
	ImportedSymbols   []elf.ImportedSymbol
}

ELFParser ELF信息

func NewELFParser ¶ added in v0.6.0

func NewELFParser() *ELFParser

NewELFParser 初始化

func (*ELFParser) Parse ¶ added in v0.6.0

func (e *ELFParser) Parse(r io.Reader)

Parse 解析reader

func (*ELFParser) ParseFile ¶ added in v0.6.0

func (e *ELFParser) ParseFile(path string)

ParseFile 解析elf文件

func (*ELFParser) ReadString ¶ added in v0.6.0

func (e *ELFParser) ReadString(b []byte) map[uint64][]byte

ReadString 从原始数据中找出字符串

type Field ¶

type Field struct {
	// contains filtered or unexported fields
}

Field Field结构

func NewField ¶

func NewField(dex *DexFile, fieldIdx int, access int) Field

NewField New Field

type FieldID ¶

type FieldID struct {
	// contains filtered or unexported fields
}

FieldID FieldID结构

func NewFieldID ¶

func NewFieldID(dex *DexFile, fieldIdx int) FieldID

NewFieldID 新建FieldID对象

type HTTPRequest ¶ added in v0.4.0

type HTTPRequest struct {
	URL                string `json:"URL,omitempty"`    // url，不包含 ://
	Method             string `json:"Method,omitempty"` // GET POST
	UserAgent          string `json:"UserAgent,omitempty"`
	ResponeContentType string `json:"ResponeContentType,omitempty"` // 返回的数据格式
	Data               string `json:"Data,omitempty"`               // HTTP数据，包括请求和返回。
}

HTTPRequest 存放一次HTTP请求，及其数据。

func NewHTTPRequest ¶ added in v0.4.0

func NewHTTPRequest() HTTPRequest

NewHTTPRequest init

func (*HTTPRequest) GetData ¶ added in v0.5.3

func (r *HTTPRequest) GetData() string

GetData get

func (*HTTPRequest) GetMethod ¶ added in v0.5.3

func (r *HTTPRequest) GetMethod() string

GetMethod get

func (*HTTPRequest) GetResponeContentType ¶ added in v0.5.3

func (r *HTTPRequest) GetResponeContentType() string

GetResponeContentType get

func (*HTTPRequest) GetURL ¶ added in v0.5.3

func (r *HTTPRequest) GetURL() string

GetURL get

func (*HTTPRequest) GetUserAgent ¶ added in v0.5.3

func (r *HTTPRequest) GetUserAgent() string

GetUserAgent get

func (*HTTPRequest) SetData ¶ added in v0.4.0

func (r *HTTPRequest) SetData(Data string)

SetData set

func (*HTTPRequest) SetMethod ¶ added in v0.4.0

func (r *HTTPRequest) SetMethod(mtd string)

SetMethod set

func (*HTTPRequest) SetResponeContentType ¶ added in v0.4.0

func (r *HTTPRequest) SetResponeContentType(ct string)

SetResponeContentType set

func (*HTTPRequest) SetURL ¶ added in v0.4.0

func (r *HTTPRequest) SetURL(url string)

SetURL set

func (*HTTPRequest) SetUserAgent ¶ added in v0.4.0

func (r *HTTPRequest) SetUserAgent(ua string)

SetUserAgent set

type MailAccount ¶ added in v0.3.0

type MailAccount struct {
	User string `json:"user,omitempty"`
	Pwd  string `json:"pwd,omitempty"`
}

MailAccount 邮箱账号

type MailContent ¶ added in v0.3.0

type MailContent struct {
	From    string `json:"from,omitempty"`
	To      string `json:"to,omitempty"`
	Subject string `json:"subject,omitempty"`
	Content string `json:"content,omitempty"`
}

MailContent 邮件内容

type MailInfos ¶ added in v0.3.0

type MailInfos struct {
	Accounts []MailAccount `json:"Accounts,omitempty"`
	Contents []MailContent `json:"contents,omitempty"`
}

MailInfos 邮箱信息

type Method ¶

type Method struct {
	// contains filtered or unexported fields
}

Method 方法结构

func NewMethod ¶ added in v0.6.0

func NewMethod(dex *DexFile, methodIdx int, acess int, codeOff int) Method

NewMethod new method obj

type MethodID ¶

type MethodID struct {
	// contains filtered or unexported fields
}

MethodID MethodID结构

func NewMethodID ¶ added in v0.6.0

func NewMethodID(dex *DexFile, methodIdx int) MethodID

NewMethodID new method id

type PcapParser ¶ added in v0.3.2

type PcapParser struct {
	HTTPRequests []HTTPRequest
	DNSInfos     []DNSInfo
	MailInfos    MailInfos
	TDatas       []TransmissionData //存放每次交互传输的数据，不包括已解析的数据，如HTTP、DNS、SMTP。

	IPs []string // 存放pcap中，出现的所有IP。
	// contains filtered or unexported fields
}

PcapParser Pcap解析器

func NewPcapParser ¶ added in v0.3.2

func NewPcapParser() *PcapParser

NewPcapParser 初始化

func (*PcapParser) Parse ¶ added in v0.3.2

func (p *PcapParser) Parse(path string) error

Parse 解析目标pcap文件

func (*PcapParser) ParseBytes ¶ added in v0.3.7

func (p *PcapParser) ParseBytes(bs []byte) error

ParseBytes 解析目标pcap bytes 格式

func (*PcapParser) ParseReader ¶ added in v0.3.7

func (p *PcapParser) ParseReader(src io.Reader) error

ParseReader 解析目标pcap reader

type Reader ¶

type Reader struct {
	// contains filtered or unexported fields
}

Reader Dex的数据块+偏移

func (*Reader) Read ¶

func (s *Reader) Read(size int) ([]byte, error)

读的时候，会自动修改指针位置

func (*Reader) ReadCStr ¶

func (s *Reader) ReadCStr(off int) string

ReadCStr 读取ASCII字符串

func (*Reader) U16 ¶

func (s *Reader) U16() uint16

U16 read 2 bytes FF FF

func (*Reader) U32 ¶

func (s *Reader) U32() uint32

U32 read 4 bytes FF FF FF FF

func (*Reader) U64 ¶

func (s *Reader) U64() uint64

U64 read 8 bytes FF FF FF FF FF FF FF FF

func (*Reader) U8 ¶

func (s *Reader) U8(flag bool) int32

U8 read 1 bytes FF

func (*Reader) Uleb128 ¶

func (s *Reader) Uleb128() uint64

Uleb128 读一个uleb128格式的字符串

type SizeOff ¶

type SizeOff struct {
	// contains filtered or unexported fields
}

SizeOff 一块数据，表示目标数据的大小和偏移

type TransmissionData ¶ added in v0.3.0

type TransmissionData struct {
	Source          string // 来源的IP/域名/URL
	SourcePort      uint16 // 来源的IP/域名/URL
	Destination     string // 目的地的IP/域名/URL
	DestinationPort uint16 // 端口
	Data            []byte //传输的数据

}

TransmissionData 存放传输的数据，TCP/UDP等，未解析的数据

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL