CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-androguard

Comprehensive Python toolkit for Android application reverse engineering and security analysis.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

apk-processing.mddocs/

APK Processing

Complete Android Package (APK) file analysis capabilities including manifest parsing, resource extraction, signature verification, permission analysis, and file structure inspection.

Capabilities

APK Class

The main class for APK file analysis and manipulation, providing comprehensive access to all APK components.

class APK:
    def __init__(self, filename: str, raw: bool = False, magic_file: str = None, skip_analysis: bool = False, testzip: bool = False):
        """
        Initialize APK analysis.
        
        Parameters:
        - filename: Path to APK file or raw data if raw=True
        - raw: If True, filename contains raw APK data
        - magic_file: Legacy parameter (unused, deprecated)
        - skip_analysis: Skip manifest analysis for faster loading
        - testzip: Test ZIP file integrity before processing
        """

Basic Information

Extract fundamental APK metadata and identification information.

def get_filename(self) -> str:
    """Return the filename of the APK."""

def get_package(self) -> str:
    """Return the package name from AndroidManifest.xml."""

def get_app_name(self, locale=None) -> str:
    """Return the application name, optionally for specific locale."""

def get_app_icon(self, max_dpi: int = 65536) -> str:
    """Return the path to the app icon file within the APK."""

def get_androidversion_code(self) -> str:
    """Return the android:versionCode attribute."""

def get_androidversion_name(self) -> str:
    """Return the android:versionName attribute."""

def is_valid_APK(self) -> bool:
    """Return True if APK has valid AndroidManifest.xml."""

File System Access

Access and extract files from the APK archive.

def get_files(self) -> list[str]:
    """Return list of all files in the APK."""

def get_file(self, filename: str) -> bytes:
    """Return raw data of specified file."""

def get_files_types(self) -> dict[str, str]:
    """Return dictionary mapping filenames to detected file types."""

def get_files_crc32(self) -> dict[str, int]:
    """Return dictionary mapping filenames to CRC32 checksums."""

def get_raw(self) -> bytes:
    """Return raw bytes of the entire APK file."""

DEX File Access

Extract and access Dalvik Executable files from the APK.

def get_dex(self) -> bytes:
    """Return raw data of classes.dex file."""

def get_all_dex(self) -> Iterator[bytes]:
    """Return iterator over all DEX files in the APK."""

def get_dex_names(self) -> list[str]:
    """Return names of all DEX files (classes.dex, classes2.dex, etc.)."""

def is_multidex(self) -> bool:
    """Return True if APK contains multiple DEX files."""

Manifest Analysis

Parse and extract information from AndroidManifest.xml.

def get_activities(self) -> list[str]:
    """Return list of all activity names."""

def get_main_activity(self) -> str:
    """Return name of the main/launcher activity."""

def get_main_activities(self) -> set[str]:
    """Return set of all main activities."""

def get_services(self) -> list[str]:
    """Return list of all service names."""

def get_receivers(self) -> list[str]:
    """Return list of all broadcast receiver names."""

def get_providers(self) -> list[str]:
    """Return list of all content provider names."""

def get_intent_filters(self, itemtype: str, name: str) -> dict[str, list[str]]:
    """Return intent filters for specified component."""

Permission Analysis

Analyze declared and requested permissions.

def get_permissions(self) -> list[str]:
    """Return list of all requested permissions."""

def get_details_permissions(self) -> dict[str, list[str]]:
    """Return detailed permission information with protection levels."""

def get_declared_permissions(self) -> list[str]:
    """Return list of permissions declared by this app."""

def get_declared_permissions_details(self) -> dict[str, list[str]]:
    """Return detailed information about declared permissions."""

def get_uses_implied_permission_list(self) -> list[str]:
    """Return permissions implied by target SDK or other permissions."""

def get_requested_aosp_permissions(self) -> list[str]:
    """Return requested permissions from AOSP project."""

def get_requested_third_party_permissions(self) -> list[str]:
    """Return requested permissions not from AOSP."""

SDK and Features

Extract SDK version requirements and hardware features.

def get_min_sdk_version(self) -> str:
    """Return android:minSdkVersion attribute."""

def get_target_sdk_version(self) -> str:
    """Return android:targetSdkVersion attribute."""

def get_effective_target_sdk_version(self) -> int:
    """Return effective target SDK version (defaults to 1 if not set)."""

def get_max_sdk_version(self) -> str:
    """Return android:maxSdkVersion attribute."""

def get_libraries(self) -> list[str]:
    """Return list of required libraries."""

def get_features(self) -> list[str]:
    """Return list of required hardware features."""

def is_wearable(self) -> bool:
    """Return True if app targets wearable devices."""

def is_leanback(self) -> bool:
    """Return True if app supports Android TV."""

def is_androidtv(self) -> bool:
    """Return True if app targets Android TV."""

Signature Verification

Analyze APK signatures and certificates.

def is_signed(self) -> bool:
    """Return True if APK has any signature (v1, v2, or v3)."""

def is_signed_v1(self) -> bool:
    """Return True if APK has JAR/v1 signature."""

def is_signed_v2(self) -> bool:
    """Return True if APK has v2 signature."""

def is_signed_v3(self) -> bool:
    """Return True if APK has v3 signature."""

def get_signature_name(self) -> str:
    """Return name of first signature file."""

def get_signature_names(self) -> list[str]:
    """Return list of all signature file names."""

def get_certificate(self, filename: str) -> object:
    """Return X.509 certificate object for signature file."""

def get_certificates(self) -> list[object]:
    """Return list of all certificates from all signature versions."""

def get_certificates_v1(self) -> list[object]:
    """Return list of v1 signature certificates."""

def get_certificates_v2(self) -> list[object]:
    """Return list of v2 signature certificates."""

def get_certificates_v3(self) -> list[object]:
    """Return list of v3 signature certificates."""

Resource Access

Access Android resources and resource parsing.

def get_android_manifest_axml(self) -> object:
    """Return AXMLPrinter object for AndroidManifest.xml."""

def get_android_manifest_xml(self) -> object:
    """Return parsed XML object for AndroidManifest.xml."""

def get_android_resources(self) -> object:
    """Return ARSCParser object for resources.arsc."""

Usage Examples

Basic APK Information

from androguard.core.apk import APK

# Load APK
apk = APK("path/to/app.apk")

# Get basic information
print(f"Package: {apk.get_package()}")
print(f"App name: {apk.get_app_name()}")
print(f"Version: {apk.get_androidversion_name()} ({apk.get_androidversion_code()})")
print(f"Min SDK: {apk.get_min_sdk_version()}")
print(f"Target SDK: {apk.get_target_sdk_version()}")

Permission Analysis

# Get all permissions
permissions = apk.get_permissions()
for perm in permissions:
    print(f"Permission: {perm}")

# Get detailed permission info
perm_details = apk.get_details_permissions()
for perm, details in perm_details.items():
    protection_level, label, description = details
    print(f"{perm}: {protection_level} - {description}")

Component Analysis

# Get application components
print("Activities:")
for activity in apk.get_activities():
    print(f"  {activity}")
    # Get intent filters for this activity
    filters = apk.get_intent_filters("activity", activity)
    if filters:
        print(f"    Intent filters: {filters}")

print("Services:")
for service in apk.get_services():
    print(f"  {service}")

print("Receivers:")
for receiver in apk.get_receivers():
    print(f"  {receiver}")

Signature Verification

# Check signatures
if apk.is_signed():
    print("APK is signed")
    if apk.is_signed_v1():
        print("  Has v1 signature")
    if apk.is_signed_v2():
        print("  Has v2 signature")
    if apk.is_signed_v3():
        print("  Has v3 signature")
    
    # Get certificates
    certificates = apk.get_certificates()
    for cert in certificates:
        print(f"Certificate: {cert}")
else:
    print("APK is not signed")

Advanced Signature Verification

Advanced Android signature verification classes for V2 and V3 signature scheme analysis.

class APKV2SignedData:
    """Android APK v2 signature scheme signed data representation."""
    
    def __init__(self, data: bytes):
        """Initialize with v2 signed data block."""

class APKV3SignedData:
    """Android APK v3 signature scheme signed data representation."""
    
    def __init__(self, data: bytes):
        """Initialize with v3 signed data block."""

class APKV2Signer:
    """Individual signer information for v2 signature scheme."""
    
    def get_public_key(self) -> bytes:
        """Return the signer's public key in DER format."""
    
    def get_certificate(self) -> object:
        """Return the X.509 certificate for this signer."""
    
    def verify_signature(self) -> bool:
        """Verify the signature for this signer."""

class APKV3Signer:
    """Individual signer information for v3 signature scheme."""
    
    def get_public_key(self) -> bytes:
        """Return the signer's public key in DER format."""
    
    def get_certificate(self) -> object:
        """Return the X.509 certificate for this signer."""
    
    def verify_signature(self) -> bool:
        """Verify the signature for this signer."""
    
    def get_min_sdk_version(self) -> int:
        """Return minimum SDK version for this signer."""
    
    def get_max_sdk_version(self) -> int:
        """Return maximum SDK version for this signer."""

Advanced Signature API Methods

Extended APK methods for detailed signature analysis and verification.

def parse_v2_v3_signature(self) -> None:
    """Parse and initialize v2/v3 signature data."""

def get_public_keys_der_v2(self) -> list[bytes]:
    """Return list of v2 signers' public keys in DER format."""

def get_public_keys_der_v3(self) -> list[bytes]:
    """Return list of v3 signers' public keys in DER format."""

def get_certificates_v2(self) -> list[object]:
    """Return list of X.509 certificates from v2 signatures."""

def get_certificates_v3(self) -> list[object]:
    """Return list of X.509 certificates from v3 signatures."""

def verify_signer_info_against_sig_file(self, sig_file: str, info: dict) -> bool:
    """
    Verify signer information against signature file.
    
    Parameters:
    - sig_file: signature file name
    - info: signer information dictionary
    
    Returns:
        bool: True if verification successful
    """

Advanced Signature Usage Examples

V2/V3 Signature Analysis

from androguard.core.apk import APK

apk = APK("signed_app.apk")

# Parse advanced signature data
apk.parse_v2_v3_signature()

# Check for v2 signatures
if apk.is_signed_v2():
    print("APK has v2 signatures")
    
    # Get v2 public keys
    v2_keys = apk.get_public_keys_der_v2()
    print(f"Found {len(v2_keys)} v2 signers")
    
    # Get v2 certificates
    v2_certs = apk.get_certificates_v2()
    for i, cert in enumerate(v2_certs):
        print(f"V2 Signer {i+1} Certificate: {cert.subject}")

# Check for v3 signatures  
if apk.is_signed_v3():
    print("APK has v3 signatures")
    
    # Get v3 public keys
    v3_keys = apk.get_public_keys_der_v3()
    print(f"Found {len(v3_keys)} v3 signers")
    
    # Get v3 certificates with SDK versions
    v3_certs = apk.get_certificates_v3()
    for i, cert in enumerate(v3_certs):
        print(f"V3 Signer {i+1} Certificate: {cert.subject}")

Signature Verification

from androguard.core.apk import APK, APKV2Signer, APKV3Signer

apk = APK("app.apk")
apk.parse_v2_v3_signature()

# Verify individual v2 signers
if hasattr(apk, '_v2_signing_data'):
    for signer in apk._v2_signing_data.signers:
        v2_signer = APKV2Signer(signer)
        if v2_signer.verify_signature():
            print("V2 signature verification: PASSED")
            print(f"Public key: {v2_signer.get_public_key().hex()[:32]}...")
        else:
            print("V2 signature verification: FAILED")

# Verify individual v3 signers
if hasattr(apk, '_v3_signing_data'):
    for signer in apk._v3_signing_data.signers:
        v3_signer = APKV3Signer(signer)
        if v3_signer.verify_signature():
            print("V3 signature verification: PASSED")
            print(f"SDK range: {v3_signer.get_min_sdk_version()}-{v3_signer.get_max_sdk_version()}")
        else:
            print("V3 signature verification: FAILED")

Utility Functions

def get_apkid(apkfile: str) -> tuple[str, str, str]:
    """
    Extract (appid, versionCode, versionName) from APK quickly.
    
    Parameters:
    - apkfile: path to APK file
    
    Returns:
    Tuple of (package_name, version_code, version_name)
    """

def show_Certificate(cert: object, short: bool = False) -> None:
    """
    Print certificate information.
    
    Parameters:
    - cert: X.509 certificate object
    - short: Use short form for distinguished names
    """

Install with Tessl CLI

npx tessl i tessl/pypi-androguard

docs

apk-processing.md

bytecode-utilities.md

cli-tools.md

decompilation.md

dex-analysis.md

dynamic-analysis.md

index.md

session-management.md

static-analysis.md

utility-functions.md

xml-resources.md

tile.json