tomliamlynch / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

Suggestion: Create a switch for getting all found signatures #57

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What is the expected output? What do you see instead?
it could be possible that multiple signatures are found on a dex file. Instead 
of just showing the first one, all signatures should be showed. But only on 
specific argument (--all?) to have a fast and a slow scanning mechanism.

Original issue reported on code.google.com by 5hp...@gmail.com on 29 Jun 2012 at 10:26

GoogleCodeExporter commented 8 years ago
For more clarification is here an example:

android@honeynet ~/git/androguard (hg)-[default] % ./androsign.py -d 
/home/android/git/androsign/samples -b signatures/adwaredb -c 
signatures/dbconfig
signatures/adwaredb signatures/dbconfig False
sample1 : ----> Adware.GoogleAds
sample2 : ----> AirPush
sample3 : ----> Adware.Flurry
sample4 : ----> Adware.Flurry
./androsign.py -d /home/android/git/androsign/samples -b signatures/adwaredb   
325.25s user 0.14s system 99% cpu 5:25.44 total
android@honeynet ~/git/androguard (hg)-[default] % ./androsign.py -d 
/home/android/git/androsign/samples -b signatures/adwaredb -c 
signatures/dbconfig
signatures/adwaredb signatures/dbconfig False
sample1 : ----> AirPush
sample2 : ----> AirPush
sample3 : ----> Adware.GoogleAds
sample4 : ----> Adware.Flurry
./androsign.py -d /home/android/git/androsign/samples -b signatures/adwaredb   
316.99s user 0.19s system 99% cpu 5:17.31 total
android@honeynet ~/git/androguard (hg)-[default] % ./androsign.py -d 
/home/android/git/androsign/samples -b signatures/adwaredb -c 
signatures/dbconfig
signatures/adwaredb signatures/dbconfig False
sample1 : ----> AirPush
sample2 : ----> AirPush
sample3 : ----> Adware.Apperhand
sample4 : ----> Adware.Apperhand
./androsign.py -d /home/android/git/androsign/samples -b signatures/adwaredb   
314.90s user 0.13s system 100% cpu 5:15.02 total

all the samples have different ad-libs inside. for each scan run i find another 
lib. only my sample2 seems stable.
now it would be nice to have a list of all signatures that where found inside 
the sample

Original comment by 5hp...@gmail.com on 29 Jun 2012 at 10:42

GoogleCodeExporter commented 8 years ago

Original comment by anthony....@gmail.com on 2 Jul 2012 at 3:57