Extract Module

apkInspector.extract.extract_all_files_from_central_directory(apk_file, central_directory_entries, local_header_entries, output_dir)

Extracts all files from an APK based on the entries detected in the central_directory_entries.

Parameters:

• apk_file (bytesIO) – The APK file e.g. with open(‘test.apk’, ‘rb’) as apk_file

• central_directory_entries (dict) – The dictionary with all the entries for the central directory

• local_header_entries (dict) – The dictionary with all the local header entries

• output_dir (str) – The output directory where to save the files.

Returns:

Returns 0 if no errors, 1 if an exception and 2 if the output directory already exists

Return type:

int

apkInspector.extract.extract_file_based_on_header_info(apk_file, local_header_info, central_directory_info)

Extracts a single file from the apk_file based on the information provided from the offset and the header_info. It takes into account that the compression method provided might not be STORED or DEFLATED! The returned ‘indicator’, shows what compression method was used. Besides the standard STORED/DEFLATE it may return ‘DEFLATED_TAMPERED’, which means that the compression method found was not DEFLATED(8) but it should have been, and ‘STORED_TAMPERED’ which means that the compression method found was not STORED(0) but should have been.

Parameters:

• apk_file (bytesIO) – The APK file e.g. with open(‘test.apk’, ‘rb’) as apk_file

• local_header_info (dict) – The local header dictionary info for that specific filename

• central_directory_info (dict) – The central directory entry for that specific filename

Returns:

Returns the actual extracted data for that file along with an indication of whether a static analysis evasion technique was used or not.

Return type:

set(bytes, str)