Notebook

A walkthrough some of Cryptoguard.py options¶

This provides several of the most common documenting commands for cryptoguard.py¶

The script was created to be able to run offline (manually saves information in the script itself), however it is running online since it's in the github repo folder.

In [1]:

import sys;

version = str(sys.version[0])
print('Python Version: ' + version)
if version == '2':
    print('This script requires python3')
    sys.exit(0)
#Only run this once
import os;os.chdir('../')

Python Version: 3

In [2]:

import numpy as np
import matplotlib.pyplot as plt
import matplotlib.patches as patch
import cryptoguard as cg

In [3]:

####Cryptoguard Version
cg.Utils.printVersion()

cryptoguard: V03.12.01
Gradle Version: 4.10.3
Java Build Version: 1.8.232

In [4]:

####Checking the Environment######
cg.envVars.checkVariables()

In [5]:

####Displaying Raw Arguments######
##cmd: ./cryptoguard.py rawArgs

cg.argsUtils.readRawArgs()

Name: FORMAT
* Arg: -in
Required: The format of input you want to scan
Default: format
Usage: java -jar cryptoguard -in format

Different Options available for project types:
	jar: JAR File To signal a Jar File to be scanned.)
	apk: APK File To signal a APK File to be scanned.)
	source: Directory of Source Code To signal the source directory of a Maven/Gradle Project.)
	java: Java File or Files To signal a Java File(s) to be scanned.)
	class: Class File or Files To signal a Class File(s) to be scanned.);

Name: SOURCE
* Arg: -s
Required: The source to be scanned use the absolute path or send all of the source files via the file input.in; ex. find -type f *.java >> input.in.
Default: file/files/*.in/dir/ClassPathString
Usage: java -jar cryptoguard -s file/files/*.in/dir/ClassPathString

Name: DEPENDENCY
Arg: -d
The dependency to be scanned use the relative path.
Default: dir
Usage: java -jar cryptoguard -d dir

Name: OUT
Arg: -o
The file to be created with the output default will be the project name.
Default: file
Usage: java -jar cryptoguard -o file

Name: NEW
Arg: -new
The file to be created with the output if existing will be overwritten.
Usage: java -jar cryptoguard -new

Name: TIMEMEASURE
Arg: -t
Output the time of the internal processes.
Usage: java -jar cryptoguard -t

Name: FORMATOUT
Arg: -m
The output format you want to produce
Default: formatType
Usage: java -jar cryptoguard -m formatType

Different Options available for output format:
	L: Legacy
	SX: ScarfXML
	D: Default

Name: PRETTY
Arg: -n
Output the analysis information in a 'pretty' format.
Usage: java -jar cryptoguard -n

Name: EXPERIMENTRESULTS
Arg: -exp
View the experiment based results.
Usage: java -jar cryptoguard -exp

Name: VERSION
Arg: -V
Output the version number.
Usage: java -jar cryptoguard -V

Name: NOLOGS
Arg: -vx
Display logs only from the fatal logs
Usage: java -jar cryptoguard -vx

Name: VERBOSE
Arg: -v
Display logs from debug levels
Usage: java -jar cryptoguard -v

Name: VERYVERBOSE
Arg: -vv
Display logs from trace levels
Usage: java -jar cryptoguard -vv

Name: TIMESTAMP
Arg: -ts
Add a timestamp to the file output.
Usage: java -jar cryptoguard -ts

Name: DEPTH
Arg: -depth
The depth of slicing to go into
Usage: java -jar cryptoguard -depth

Name: LOG
Arg: -L
Enable logging to the console.
Usage: java -jar cryptoguard -L

Name: JAVA
Arg: -java
Directory of Java to be used JDK 7 for JavaFiles/Project and JDK 8 for ClassFiles/Jar
Default: envVariable
Usage: java -jar cryptoguard -java envVariable

Name: ANDROID
Arg: -android
Specify of Android SDK
Default: envVariable
Usage: java -jar cryptoguard -android envVariable

Name: HEURISTICS
Arg: -H
The flag determining whether or not to display heuristics.
Usage: java -jar cryptoguard -H

Name: STREAM
Arg: -st
Stream the analysis to the output file.
Usage: java -jar cryptoguard -st

Name: HELP
Arg: -h
Print out the Help Information.
Usage: java -jar cryptoguard -h

Name: MAIN
Arg: -main
Choose the main class if there are multiple main classes in the files given.
Default: className
Usage: java -jar cryptoguard -main className

Exceptions
0: Successful
0: Asking For Help
0: Asking For Version
1: General Argument Validation
2: Argument Value Validation
7: Format Specific Argument Validation
15: File Input Error
16: Reading File Error
17: File Not Available
30: File Output Error
31: Output File Creation Error
32: Error Closing The File
45: Environment Variable Not Set
100: Error Marshalling The Output
120: General Error Scanning The Program
121: Error Loading Class
127: Unknown

In [6]:

####Displaying Different Example Arguments######
##cmd: ./cryptoguard.py exampleArgs

cg.argsUtils.helpfulArgs()

Example General Project Version
=========================
java -jar cryptoguard.jar -V
The version argument (-V) returns the version of the project and exits.

Example General Project No Logging
=========================
java -jar cryptoguard.jar -vx
The argument (-vx) only displays the fatal logs.

Example General Project Verbose Logging
=========================
java -jar cryptoguard.jar -v
The argument (-v) displays debug logs.

Example General Project Very Verbose Logging
=========================
java -jar cryptoguard.jar -vv
The argument (-vv) displays the all of the logs available.

Example General Project Stream
=========================
java -jar cryptoguard.jar -st
The argument (-st) enables streaming the results to whatever output file is specified.

Example General Project Heuristics
=========================
java -jar cryptoguard.jar -H
The argument (-H) writes the heuristics picked up in the output file.

Example General Project Specifying the main file
=========================
java -jar cryptoguard.jar -main
The argument (-main) specifies the main class (containing public static void main) if there are multiple within the project.

Example General Project Java Home
=========================
java -jar cryptoguard.jar -java
The argument (-java) sets the Java file path needed for an internal library. This is needed if the environment variable isn't set.
JDK 7 needed for either a Project or Java File Scanning.
JDK 8 needed for the other projects.

Example General Project Android Home
=========================
java -jar cryptoguard.jar -android
The argument (-android) sets the Android file path.needed for an internal library. This is needed if the environment variable isn't set.
Needed if an Android project is being scanned.

Example General Project PrettyPrint
=========================
java -jar cryptoguard.jar -n
The prettyprint argument (-n) writes the result in the "pretty" format.

Example General Project Time Measurement
=========================
java -jar cryptoguard.jar -t
The time argument (-t) displays the time taken for the scanning.

Example JAR Project Base
=========================
java -jar cryptoguard.jar -in jar -s .../project.jar
The format argument (-in) specifies the type of project (jar) and the source argument (-s) specifies the location of the project.

Example JAR Project Dependency
=========================
java -jar cryptoguard.jar -in jar -s .../project.jar -d .../lib/file(s).jar
The format argument (-d) specifies the directory of the dependencies to be used with the project and picks up the file.jar.

Example JAR Project Fileout
=========================
java -jar cryptoguard.jar -in jar -s .../project.jar -m D -o .../fileout.json
The output format argument (-m) specifies the type of output to write amd the output argument (-o) specifies the file to write the results to.

Example JAR Project Sample Test 
=========================
java -jar cryptoguard.jar -in jar -s cryptoguard/samples/testable-jar/build/libs/testable-jar.jar  -d cryptoguard/samples/testable-jar/build/dependencies  -m SX  -o cryptoguard/build/tmp/tempJarFile_Scarf_0.xml  -t  -H  -n -java .../jdk8
The output format argument (-in) specifies the type of project (jar).
The source argument (-s) specifies the project to be scanned (.../testable-jar.jar).
The dependency argument (-d) specifies the directory of the dependencies (.../dependencies).
The output format argument (-m) specifies the type of result to write out (Scarf).
The output argument (-o) specifies the file to write out to (.../tempJarFile_Scarf_0.xml).
The time argument (-t) displays time taken via the project.
The heuristic argument (-H) writes various heuristics taken to the output.
The prettyprint argument (-n) formats and writes the output into a "pretty" format.
The java argument (-java) specifies the java home, either java 7 or 8 for the internal library.

Example Project Scanner Base
=========================
java -jar cryptoguard.jar -in source -s .../project/
The format argument (-in) specifies the type of project (source) and the source argument (-s) specifies the location of the project.
This must either be a gradle or maven based project.

Example Project Scanner Dependency
=========================
java -jar cryptoguard.jar -in source -s .../project/ -d .../lib/file(s).jar
The format argument (-d) specifies the directory of the dependencies to be used with the project and picks up the file.jar.

Example Project Fileout
=========================
java -jar cryptoguard.jar -in source -s .../project/ -m D -o .../fileout.json
The output format argument (-m) specifies the type of output to write amd the output argument (-o) specifies the file to write the results to.

Example Project Sample Test 
=========================
java -jar cryptoguard.jar -in source -s cryptoguard/samples/testable-jar  -d cryptoguard/samples/testable-jar/build/dependencies  -m L  -o cryptoguard/build/tmp/testable-jar.txt  -t  -H  -n 
The output format argument (-in) specifies the type of project (source).
The source argument (-s) specifies the project to be scanned (.../testable-jar).
The dependency argument (-d) specifies the directory of the dependencies (.../dependencies).
The output format argument (-m) specifies the type of result to write out (Legacy).
The output argument (-o) specifies the file to write out to (.../testable-jar.txt).
The time argument (-t) displays time taken via the project.
The heuristic argument (-H) writes various heuristics taken to the output.
The prettyprint argument (-n) formats and writes the output into a "pretty" format.

Example Java File(s) Project Base Single File
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../test.java
The format argument (-in) specifies the type of project (java) and the source argument (-s) specifies the file to be used.

Example Java File(s) Project Multiple Files (Split via space)
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../test.java .../testTwo.java
The argument (-s) specifies the file to be used, retrieving test.java and testTwo.java via the space between the arguments.

Example Java File(s) Project Multiple Files (Split via classpath)
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../test.java:.../testTwo.java
The argument (-s) specifies the file to be used, retrieving test.java and testTwo.java via the split by classpath (delimited by :).

Example Java File(s) Project Multiple Files (Split via input.in file)
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../input.in
The argument (-s) specifies the input.in file to be used. This file should contain a line delimited paths to the source file. This also works based on the 
ex. 
.../test.java
.../testTwo.java

Example Java File Fileout
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../test.java -m D -o .../fileout.json
The output format argument (-m) specifies the type of output to write amd the output argument (-o) specifies the file to write the results to.

Example Java File Dependency
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s .../test.java -d .../lib/file(s).jar
The format argument (-d) specifies the directory of the dependencies to be used with the project and picks up the file.jar.

Example Java File Test 
CURRENTLY UNSTABLE
=========================
java -jar cryptoguard.jar -in java -s cryptoguard/samples/temp/tester/test.java  -m SX  -o cryptoguard/build/tmp/test_java.xml  -t  -vv  -n 
The output format argument (-in) specifies the type of project (java).
The source argument (-s) specifies the project to be scanned (.../test.java).
The output format argument (-m) specifies the type of result to write out (Scarf).
The output argument (-o) specifies the file to write out to (.../test_java.xml).
The very verbose argument (-vv) displays all of the logs available.
The prettyprint argument (-n) formats and writes the output into a "pretty" format.

Example Java Class File(s) Project Base
=========================
java -jar cryptoguard.jar -in class -s .../test.class
The format argument (-in) specifies the type of project (class) and the source argument (-s) specifies the location of the project.

Example Java Class File(s) Project Multiple Files (Split via space)
=========================
java -jar cryptoguard.jar -in class -s .../test.class .../testTwo.class
The argument (-s) specifies the file to be used, retrieving test.class and testTwo.class via the space between the arguments.

Example Java Class File(s) Project Multiple Files (Split via classpath)
=========================
java -jar cryptoguard.jar -in class -s .../test.class:.../testTwo.class
The argument (-s) specifies the file to be used, retrieving test.class and testTwo.class via the split by classpath (delimited by :).

Example Java Class File(s) Project Multiple Files (Split via input.in file)
=========================
java -jar cryptoguard.jar -in class -s .../input.in
The argument (-s) specifies the input.in file to be used. This file should contain a line delimited paths to the source file. This also works based on the 
ex. 
.../test.class
.../testTwo.class

Example Java Class File(s) Project Dependency
=========================
java -jar cryptoguard.jar -in class -s .../test.class -d .../lib/file(s).jar
The format argument (-d) specifies the directory of the dependencies to be used with the project and picks up the file.jar.

Example Java Class File Test 
=========================
java -jar cryptoguard.jar -in class -s cryptoguard/samples/VerySimple/very.class -m SX  -o cryptoguard/build/tmp/verySimple_klass.xml  -n 
The output format argument (-in) specifies the type of project (java).
The source argument (-s) specifies the project to be scanned (.../test.java).
The output format argument (-m) specifies the type of result to write out (Scarf).
The output argument (-o) specifies the file to write out to (.../verySimple_klass.xml).
The prettyprint argument (-n) formats and writes the output into a "pretty" format.

Example APK Project Base
=========================
java -jar cryptoguard.jar -in apk -s .../app-debug.apk
The format argument (-in) specifies the type of project (apk) and the source argument (-s) specifies the location of the project.

Example APK Project Dependency
=========================
java -jar cryptoguard.jar -in apk -s  .../app-debug.apk -d .../lib/file(s).jar
The format argument (-d) specifies the directory of the dependencies to be used with the project and picks up the file.jar.

Example APK Project Fileout
=========================
java -jar cryptoguard.jar -in apk -s .../app-debug.apk -m D -o .../fileout.json
The output format argument (-m) specifies the type of output to write amd the output argument (-o) specifies the file to write the results to.

Example APK Project File Test 
=========================
java -jar cryptoguard.jar -in apk -s cryptoguard/samples/app-debug.apk -m SX  -o cryptoguard/build/tmp/app-debug.xml  -n -android .../android_home
The output format argument (-in) specifies the type of project (java).
The source argument (-s) specifies the project to be scanned (.../test.java).
The output format argument (-m) specifies the type of result to write out (Scarf).
The output argument (-o) specifies the file to write out to (.../debug.xml).
The prettyprint argument (-n) formats and writes the output into a "pretty" format.
The android argument (-android) specifies the android home for the internal library.

In [7]:

####General Help######
##cmd: ./cryptoguard.py

cg.Utils.help(exit=False)

cryptoguard: V03.12.01
Gradle Version: 4.10.3
Java Build Version: 1.8.232
=========================
	./cryptoguard.py: rawArgs Prints the raw arguments of the program.
	./cryptoguard.py: exampleArgs Sample examples of running the program with arguments and explanations.
	./cryptoguard.py: writeUsage Write the example args to a markdown file (USAGE.md).
	./cryptoguard.py: checkEnv Checks (suggestions to set them if missing) the environment variables.
	./cryptoguard.py: projectType Displays some information about the project types available to scan.
	./cryptoguard.py: outputType Displays some information about the various output types available to write out as.
	./cryptoguard.py: exceptionType Displays information about the standardized exceptions.
	./cryptoguard.py: clean Cleans the project.
	./cryptoguard.py: build Builds the project.
	./cryptoguard.py: refresh A shortcut to clean and build the project.
	./cryptoguard.py: hash Determines the hash of a freshly built project.
	./cryptoguard.py: buildCmd Build the command to run, NOTE experimental!
	./cryptoguard.py: test Runs a specified test.
	./cryptoguard.py: tests Runs all of the tests crawled.
	./cryptoguard.py: testType Runs a specified set of tests.
	./cryptoguard.py: testsHelp Shows helpful information about the tests crawled.
	./cryptoguard.py: displayTests Displays Tests available.
	./cryptoguard.py: help Displays helpful information to the user if it's the first time running.
	./cryptoguard.py: offline Write enough of the information internally for this script to run stand-alone.

In [8]:

####Displaying Different Test Types######
##cmd: ./cryptoguard.py testsHelp

cg.TestUtils.helptests()

General Information
=========================
Total Tests: 65
Live Tests: 65 : 100.0
Deactivated Tests: 0 : 0

APK
=========================
Live Tests: 9 : 13.85
Deactivated Tests: 0 : 0

JAR
=========================
Live Tests: 14 : 21.54
Deactivated Tests: 0 : 0

JAVA
=========================
Live Tests: 7 : 10.77
Deactivated Tests: 0 : 0

SOURCE
=========================
Live Tests: 5 : 7.69
Deactivated Tests: 0 : 0

CLASS
=========================
Live Tests: 10 : 15.38
Deactivated Tests: 0 : 0

In [9]:

####Displaying Different Project Types######
##cmd: ./cryptoguard.py projectType

cg.argsUtils.displayProjectTypes()

Can scan the following project types:
=========================
	JAR File accepts a .jar
	APK File accepts a .apk
	Directory of Source Code accepts a dir
	Java File or Files accepts a .java
	Class File or Files accepts a .class

In [10]:

####Displaying Different Output Types#####
##cmd: ./cryptoguard.py outputType

cg.argsUtils.displayOutputTypes()

Can write the results as the following output types:
=========================
	Legacy accepts a .txt file output type.
	ScarfXML accepts a .xml file output type.
	Default accepts a .json file output type.

In [11]:

####Displaying Different Exception Types######
##cmd: ./cryptoguard.py exceptionType

cg.argsUtils.displayExceptionTypes()

Uses the following error codes:
=========================
	0 is a Successful Exception.
	0 is a Asking For Help Exception.
	0 is a Asking For Version Exception.
	1 is a General Argument Validation Exception.
	2 is a Argument Value Validation Exception.
	7 is a Format Specific Argument Validation Exception.
	15 is a File Input Error Exception.
	16 is a Reading File Error Exception.
	17 is a File Not Available Exception.
	30 is a File Output Error Exception.
	31 is a Output File Creation Error Exception.
	32 is a Error Closing The File Exception.
	45 is a Environment Variable Not Set Exception.
	100 is a Error Marshalling The Output Exception.
	120 is a General Error Scanning The Program Exception.
	121 is a Error Loading Class Exception.
	127 is a Unknown Exception.

In [12]:

####Displaying test Types######
##cmd: ./cryptoguard.py displayTests

cg.TestUtils.getDisplayTests(exit=False)

Displaying available tests
Please enter what kind of test you would like to have run from ['APK', 'JAR', 'JAVA', 'SOURCE', 'CLASS', 'OTHER', 'ALL'] : JAR
Test Type: JAR
=========================
Live | EntryPointTest_JAR | main_VerySimple_Scarf | EntryPointTest_JAR.main_VerySimple_Scarf
Live | EntryPointTest_JAR | main_TestableJar | EntryPointTest_JAR.main_TestableJar
Live | EntryPointTest_JAR | main_TestableJar_Scarf | EntryPointTest_JAR.main_TestableJar_Scarf
Live | EntryPointTest_JAR | main_TestableJar_Scarf_Heuristics | EntryPointTest_JAR.main_TestableJar_Scarf_Heuristics
Live | EntryPointTest_JAR | main_TestableJar_Default | EntryPointTest_JAR.main_TestableJar_Default
Live | EntryPointTest_JAR | main_TestableJar_Default_SpecifyJavaHome | EntryPointTest_JAR.main_TestableJar_Default_SpecifyJavaHome
Live | EntryPointTest_JAR | main_TestableJar_Default_Heuristics | EntryPointTest_JAR.main_TestableJar_Default_Heuristics
Live | EntryPointTest_JAR | main_TestableJar_Scarf_Args | EntryPointTest_JAR.main_TestableJar_Scarf_Args
Live | EntryPointTest_JAR | main_TestableJar_Scarf_Stream | EntryPointTest_JAR.main_TestableJar_Scarf_Stream
Live | EntryPointTest_JAR | main_TestableJar_Default_Stream | EntryPointTest_JAR.main_TestableJar_Default_Stream
Live | EntryPointTest_JAR | main_TestableJar_ScarfTimeStamp | EntryPointTest_JAR.main_TestableJar_ScarfTimeStamp
Live | EntryPointTest_JAR | main_TestableJar_ScarfTimeStamp_UsingClassPaths | EntryPointTest_JAR.main_TestableJar_ScarfTimeStamp_UsingClassPaths
Live | EntryPointTest_JAR | main_TestableJar_Default_WithHeuristics | EntryPointTest_JAR.main_TestableJar_Default_WithHeuristics
Live | EntryPointTest_JAR | main_TestableJar_Default_WithClassPath | EntryPointTest_JAR.main_TestableJar_Default_WithClassPath

In [13]:

####General Help######
##cmd: ./cryptoguard.py buildCmd

cg.argsUtils.basicBuildCommand()