added new fragments for file injection detection and scanning

build.gradle

@@ -29,6 +29,7 @@ dependencies {
     compile files('libs/cryptix-jce-provider.jar')
     compile 'org.snmp4j:snmp4j:1.10.1'
     compile files('libs/snmp4j-agent-2.3.3.jar')
+    compile files('libs/VirustotalPublicV2.0-1.1.GA-SNAPSHOT-jar-with-dependencies.jar')
 }
 
 android {

res/layout/fragment_scan_file.xml

@@ -0,0 +1,18 @@
+<FrameLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    tools:context="de.tudarmstadt.informatik.hostage.ui.fragment.ScanFileFragment">
+
+    <!-- TODO: Update blank fragment layout -->
+    <TextView android:layout_width="match_parent" android:layout_height="match_parent"
+        android:text="@string/hello_blank_fragment" />
+
+    <TextView
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:textAppearance="?android:attr/textAppearanceSmall"
+        android:text="Small Text"
+        android:id="@+id/scanResult"
+        android:layout_gravity="left|center_vertical" />
+
+</FrameLayout>

res/values/api_keys.xml

@@ -2,4 +2,5 @@
 <resources>
 	<string name="google_maps_api_key_debug">AIzaSyCqh4bb4aMzvDcpDfiqHyXoAWFTQ6iNxe8</string>
 	<string name="google_maps_api_key_release">AIzaSyCxYbHYCoA0Mc_uZ_RwxqfJFZC1HBzzTR8</string>
+	<string name="virustotal_api_key">111c226204f5de7228563bbca91c5860e4965fbe936307dffa8f2f2d575ff292</string>
 </resources>

src/de/tudarmstadt/informatik/hostage/commons/HelperUtils.java

@@ -51,22 +51,25 @@ import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 
 /**
  * Helper class with some static methods for general usage.
- * 
+ *
  * @author Lars Pandikow
  * @author Wulf Pfeiffer
- * 
+ *
  */
 public final class HelperUtils {
 
-
-	public static boolean isFileAlert() {
-		return fileAlert;
+	public static String getFilePath() {
+		return filePath;
 	}
 
-	public static void setFileAlert(boolean fileAlert) {
-		HelperUtils.fileAlert = fileAlert;
+	public static void setFilePath(String filePath) {
+		HelperUtils.filePath = filePath;
 	}
 
+	public static String filePath;
+
+
+
 	public static String getFileName() {
 		return fileName;
 	}
@@ -75,15 +78,25 @@ public final class HelperUtils {
 		HelperUtils.fileName = fileName;
 	}
 
-	public static boolean fileAlert = false;
+
 	public static String fileName;
 
+	public static String getFileMD5() {
+		return fileMD5;
+	}
+
+	public static void setFileMD5(String fileMD5) {
+		HelperUtils.fileMD5 = fileMD5;
+	}
+
+	public static String fileMD5;
+
 
 
 	/**
 	 * Converts a byte array into a hexadecimal String, e.g. {0x00, 0x01} to
 	 * "00, 01".
-	 * 
+	 *
 	 * @param bytes
 	 *            that will be converted.
 	 * @return converted String.
@@ -105,7 +118,7 @@ public final class HelperUtils {
 	/**
 	 * Converts a byte[] to a String, but only characters in ASCII between 32
 	 * and 127
-	 * 
+	 *
 	 * @param bytes
 	 *            that are converted
 	 * @return converted String
@@ -113,9 +126,9 @@ public final class HelperUtils {
 	public static String byteToStr(byte[] bytes) {
 		int size = 0;
 		for(byte b : bytes) {
-			 if(isLetter((char) b)) {
-				 size++;
-			 }
+			if(isLetter((char) b)) {
+				size++;
+			}
 		}
 		char[] chars = new char[size];
 		for (int i = 0, j = 0; i < bytes.length && j < size; i++) {
@@ -129,7 +142,7 @@ public final class HelperUtils {
 
 	/**
 	 * Concatenates several byte arrays.
-	 * 
+	 *
 	 * @param bytes
 	 *            The byte arrays.
 	 * @return A single byte arrays containing all the bytes from the given
@@ -156,7 +169,7 @@ public final class HelperUtils {
 
 	/**
 	 * Puts a 0x00 byte between each byte in a byte array.
-	 * 
+	 *
 	 * @param bytes
 	 *            that need to be filled with 0x00.
 	 * @return filled byte array.
@@ -173,7 +186,7 @@ public final class HelperUtils {
 	/**
 	 * Puts a 0x00 byte between each byte and another 2 0x00 bytes at the end of
 	 * a byte array.
-	 * 
+	 *
 	 * @param bytes
 	 *            that need to be filled with 0x00.
 	 * @return filled byte array.
@@ -189,7 +202,7 @@ public final class HelperUtils {
 
 	/**
 	 * Gets BSSID of the wireless network.
-	 * 
+	 *
 	 * @param context
 	 *            Needs a context to get system recourses.
 	 * @return BSSID of wireless network if connected, else null.
@@ -270,7 +283,7 @@ public final class HelperUtils {
 
 	/**
 	 * Gets internal IP address of the device in a wireless network.
-	 * 
+	 *
 	 * @param context
 	 *            Needs a context to get system recourses.
 	 * @return internal IP of the device in a wireless network if connected,
@@ -301,7 +314,7 @@ public final class HelperUtils {
 
 	/**
 	 * Gets SSID of the wireless network.
-	 * 
+	 *
 	 * @param context
 	 *            Needs a context to get system recourses
 	 * @return SSID of wireless network if connected, else null.
@@ -326,10 +339,10 @@ public final class HelperUtils {
 		}
 		return ssid;
 	}
-	
+
 	/**
 	 * Gets the mac address of the devicek.
-	 * 
+	 *
 	 * @param context
 	 *            Needs a context to get system recourses
 	 * @return MAC address of the device.
@@ -337,16 +350,16 @@ public final class HelperUtils {
 	public static String getMacAdress(Context context) {
 		String mac = null;
 		WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);
-		WifiInfo connectionInfo = wifiManager.getConnectionInfo();		
+		WifiInfo connectionInfo = wifiManager.getConnectionInfo();
 		mac = connectionInfo.getMacAddress();
 		return mac;
 	}
-	
+
 	/**
 	 * Produces a random String. The String can be of random length (minimum 1)
 	 * with a maximum length, or it can be forced to have the length that was
 	 * given.
-	 * 
+	 *
 	 * @param length
 	 *            maximal / forced length of String.
 	 * @param forceLength
@@ -365,7 +378,7 @@ public final class HelperUtils {
 
 	/**
 	 * Converts a String into a byte array, e.g. "00, 01" to {0x00, 0x01}.
-	 * 
+	 *
 	 * @param string
 	 *            that will be converted.
 	 * @return converted byte array.
@@ -382,7 +395,7 @@ public final class HelperUtils {
 
 	/**
 	 * Generates a random byte[] of a specified size
-	 * 
+	 *
 	 * @param size
 	 *            of the byte[]
 	 * @return random byte[]
@@ -397,7 +410,7 @@ public final class HelperUtils {
 	/**
 	 * Turns around the values of an byte[], e.g. {0x00, 0x01, 0x02} turns into
 	 * {0x02, 0x01, 0x00}.
-	 * 
+	 *
 	 * @param bytes
 	 *            array that is turned.
 	 * @return turned array.
@@ -412,7 +425,7 @@ public final class HelperUtils {
 
 	/**
 	 * Determines if a character is in ASCII between 32 and 126
-	 * 
+	 *
 	 * @param character
 	 *            that is checked
 	 * @return true if the character is between 32 and 126, else false
@@ -444,11 +457,11 @@ public final class HelperUtils {
 
 	public static String inetAddressToString(int address) {
 		return String.valueOf(address & 0xFF) + "."
-			+ String.valueOf((address >>> 8) & 0xFF) + "."
-			+ String.valueOf((address >>> 16) & 0xFF) + "."
-			+ String.valueOf((address >>> 24) & 0xFF);
+				+ String.valueOf((address >>> 8) & 0xFF) + "."
+				+ String.valueOf((address >>> 16) & 0xFF) + "."
+				+ String.valueOf((address >>> 24) & 0xFF);
 	}
-	
+
 	public static boolean isWifiConnected(Context context){
 		if(context == null) return false;
 		ConnectivityManager connManager = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
@@ -456,7 +469,7 @@ public final class HelperUtils {
 
 		return mWifi.isConnected();
 	}
-	
+
 	public static boolean isNetworkAvailable(Context context) {
 		if(context == null) return false;
 
@@ -465,7 +478,7 @@ public final class HelperUtils {
 		return activeNetworkInfo != null && activeNetworkInfo.isConnected();
 	}
 
-    public static int getRedirectedPort(int port){
-        return port + 1024 + 27113;
-    }
+	public static int getRedirectedPort(int port){
+		return port + 1024 + 27113;
+	}
 }

src/de/tudarmstadt/informatik/hostage/protocol/cifs/PseudoJavaFileDiskDriver.java

@@ -1,13 +1,8 @@
 package de.tudarmstadt.informatik.hostage.protocol.cifs;
 
 import android.app.Activity;
-import android.app.AlertDialog;
 import android.app.FragmentManager;
-import android.app.Notification;
 import android.content.Context;
-import android.content.DialogInterface;
-import android.content.Intent;
-import android.widget.Toast;
 
 import org.alfresco.jlan.server.SrvSession;
 import org.alfresco.jlan.server.core.DeviceContext;
@@ -18,7 +13,6 @@ import org.alfresco.jlan.server.filesys.NetworkFile;
 import org.alfresco.jlan.server.filesys.TreeConnection;
 import org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver;
 import org.alfresco.jlan.smb.server.disk.JavaNetworkFile;
-import org.apache.log4j.chainsaw.Main;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -27,38 +21,29 @@ import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
-import de.tudarmstadt.informatik.hostage.Hostage;
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
 import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.protocol.SMB;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
-import de.tudarmstadt.informatik.hostage.ui.fragment.ConnectionInfoDialogFragment;
 import de.tudarmstadt.informatik.hostage.ui.fragment.FileAlertDialogFragment;
-import de.tudarmstadt.informatik.hostage.ui.fragment.HomeFragment;
 
 /**
  * HostageV3
  * ================
  * @author Alexander Brakowski
  * @author Daniel Lazar
+ * @author Shreyas Srinivasa
  *
  * This is a pseudo file disk driver, which overwrites the libs JavaFileDiskDriver,
  * so that we can get more information about the attack
  */
 public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
 
-
-
-
     private static class PseudoJavaNetworkFile extends JavaNetworkFile {
         protected final SMB SMB;
         private final SrvSession sess;
         boolean wasWrittenTo = false;
 
-
-
-
-
         public PseudoJavaNetworkFile(File file, String netPath, SMB SMB, SrvSession sess) {
             super(file, netPath);
             this.SMB = SMB;
@@ -76,7 +61,7 @@ public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
             super.closeFile();
             if(wasWrittenTo){
                 try {
-                    MessageDigest digest = MessageDigest.getInstance("MD5");
+                    MessageDigest digest = MessageDigest.getInstance("SHA256");
                     FileInputStream fis = new FileInputStream(m_file);
 
                     byte[] buffer = new byte[8192];
@@ -90,15 +75,20 @@ public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
 
                     String message = "File received: " + m_file.getName() + "\n\nCHECKSUM:\n" + checksum;
 
+                    HelperUtils.setFileName(m_file.getName());
+                    HelperUtils.setFilePath(m_file.getPath());
+                    HelperUtils.setFileMD5(checksum);
+
                     System.out.print(m_file.getName());
+                    displayAlert();
 
                     SMB.log(MessageRecord.TYPE.RECEIVE, message, 445, sess.getRemoteAddress(), 445);
                 } catch (NoSuchAlgorithmException e) {
                     e.printStackTrace();
                 }
 
-                m_file.delete();
-                wasWrittenTo = false;
+                //m_file.delete();      // Retaining the file for further analysis
+                wasWrittenTo = true;    // Saving file in phones memory
             }
         }
 
@@ -129,12 +119,8 @@ public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
         //  Check if the file already exists
 
         File file = new File(fname);
-        System.out.print(fname);
-
-
-
-
 
+        String path = file.getAbsolutePath();
         if (file.exists())
             throw new FileExistsException();
 
@@ -143,37 +129,20 @@ public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
         FileWriter newFile = new FileWriter(fname, false);
 
 
-        HelperUtils.setFileAlert(true);
-        HelperUtils.setFileName(fname);
-
-
-
         newFile.close();
 
-
-
         //  Create a Java network file
-
         file = new File(fname);
         PseudoJavaNetworkFile netFile = new PseudoJavaNetworkFile(file, params.getPath(), SMB, sess);
         netFile.setGrantedAccess(NetworkFile.READWRITE);
         netFile.setFullName(params.getPath());
 
         //  Return the network file
-       // Toast.makeText(MainActivity.getInstance().getApplicationContext(),fname,Toast.LENGTH_LONG).show();
-
-
-        displayAlert();
-
-
-
-
         return netFile;
 
-
     }
 
-    private void displayAlert() {
+    private static void displayAlert() {
 
         Context context = null;
         final Activity activity = MainActivity.getInstance();
@@ -187,4 +156,4 @@ public class PseudoJavaFileDiskDriver extends JavaFileDiskDriver {
     }
 
 
-}
+}

src/de/tudarmstadt/informatik/hostage/ui/fragment/FileAlertDialogFragment.java

@@ -53,7 +53,7 @@ public class FileAlertDialogFragment extends DialogFragment {
 
         // assign values in layout
         if (view != null) {
-            ((TextView)view.findViewById(R.id.FileAlertText)).setText(fname);
+            ((TextView)view.findViewById(R.id.FileAlertText)).setText(HelperUtils.fileMD5);
 
         }
 
@@ -62,28 +62,34 @@ public class FileAlertDialogFragment extends DialogFragment {
         final String filterProtocol = protocol;
 
         // build the actual dialog
-        AlertDialog.Builder builder = new AlertDialog.Builder(getActivity(), AlertDialog.THEME_HOLO_DARK);
-        builder.setView(view);
+        AlertDialog.Builder builder = new AlertDialog.Builder(getActivity(), AlertDialog.THEME_DEVICE_DEFAULT_DARK);
+        //  builder.setView(view);
         builder.setTitle("File Injection Alert");
+        builder.setMessage("File Injected:" + fname + "\nPath" + HelperUtils.getFilePath() + "\nSHA256:" + HelperUtils.fileMD5);
         builder.setIcon(android.R.drawable.ic_dialog_info);
-        builder.setPositiveButton(R.string.show_records, new DialogInterface.OnClickListener() {
+
+        builder.setPositiveButton("SCAN", new DialogInterface.OnClickListener() {
             @Override
             public void onClick(DialogInterface dialog, int which) {
                 ArrayList<String> ssids = new ArrayList<String>();
                 ssids.add(filterProtocol);
-
                 LogFilter filter = new LogFilter();
                 filter.setESSIDs(ssids);
 
-                RecordOverviewFragment recordOverviewFragment = new RecordOverviewFragment();
-                recordOverviewFragment.setFilter(filter);
-                recordOverviewFragment.setGroupKey("ESSID");
 
-                MainActivity.getInstance().injectFragment(recordOverviewFragment);
+                ScanFileFragment scanFileFragment = new ScanFileFragment();
+                scanFileFragment.scanfile(HelperUtils.getFilePath());
+                MainActivity.getInstance().injectFragment(scanFileFragment);
+
+
+                /*RecordOverviewFragment recordOverviewFragment = new RecordOverviewFragment();
+                recordOverviewFragment.setFilter(filter);
+                recordOverviewFragment.setGroupKey("Protocol");
+                MainActivity.getInstance().injectFragment(recordOverviewFragment);*/
             }
         });
         builder.setNegativeButton(R.string.close, null);
 
         return builder.create();
     }
-}
+}

src/de/tudarmstadt/informatik/hostage/ui/fragment/ScanFileFragment.java

@@ -0,0 +1,161 @@
+package de.tudarmstadt.informatik.hostage.ui.fragment;
+
+import android.app.Activity;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.net.Uri;
+import android.os.Bundle;
+import android.app.Fragment;
+import android.text.method.LinkMovementMethod;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.TextView;
+
+import com.kanishka.virustotal.dto.FileScanReport;
+import com.kanishka.virustotal.dto.ScanInfo;
+import com.kanishka.virustotal.dto.VirusScanInfo;
+import com.kanishka.virustotal.exception.APIKeyNotFoundException;
+import com.kanishka.virustotal.exception.UnauthorizedAccessException;
+import com.kanishka.virustotalv2.VirusTotalConfig;
+import com.kanishka.virustotalv2.VirustotalPublicV2;
+import com.kanishka.virustotalv2.VirustotalPublicV2Impl;
+
+import java.io.File;
+import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+
+import de.tudarmstadt.informatik.hostage.Hostage;
+import de.tudarmstadt.informatik.hostage.R;
+import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
+import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
+
+/**
+ * A simple {@link Fragment} subclass.
+ * Activities that contain this fragment must implement the
+ * {@link ScanFileFragment.OnFragmentInteractionListener} interface
+ * to handle interaction events.
+ * Use the {@link ScanFileFragment#newInstance} factory method to
+ * create an instance of this fragment.
+ */
+public class ScanFileFragment extends Fragment {
+    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+        super.onCreateView(inflater, container, savedInstanceState);
+
+        final Activity activity = getActivity();
+        if (activity != null) {
+            activity.setTitle("Scan File");
+        }
+
+        View rootView = inflater.inflate(R.layout.fragment_scan_file, container, false);
+       // PackageManager manager = Hostage.getContext().getPackageManager();
+        //PackageInfo info = null;
+        /*try {
+            info = manager.getPackageInfo(Hostage.getContext().getPackageName(), 0);
+        } catch (PackageManager.NameNotFoundException e) {
+            e.printStackTrace();
+        }*/
+
+
+        TextView scanResult = (TextView) rootView.findViewById(R.id.scanResult);
+        scanfile(path);
+        scanResult.setText(getFileScanReport());
+
+
+
+//        TextView version = (TextView) rootView.findViewById(R.id.hostageVersion);
+
+        /*version.setText("ver. "+versionApp);
+        hostage.setMovementMethod(LinkMovementMethod.getInstance());
+        version.setMovementMethod(LinkMovementMethod.getInstance());
+*/
+        return rootView;
+    }
+
+
+
+    public String result;
+    public String scanner;
+    public String path= HelperUtils.getFilePath();
+
+
+    public void scanfile(String path){
+
+        try {
+            VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey("111c226204f5de7228563bbca91c5860e4965fbe936307dffa8f2f2d575ff292");
+            VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl();
+
+            ScanInfo scanInformation = virusTotalRef.scanFile(new File(path));
+
+            System.out.println("___SCAN INFORMATION___");
+            System.out.println("MD5 :\t" + scanInformation.getMd5());
+            System.out.println("Perma Link :\t" + scanInformation.getPermalink());
+            System.out.println("Resource :\t" + scanInformation.getResource());
+            System.out.println("Scan Date :\t" + scanInformation.getScanDate());
+            System.out.println("Scan Id :\t" + scanInformation.getScanId());
+            System.out.println("SHA1 :\t" + scanInformation.getSha1());
+            System.out.println("SHA256 :\t" + scanInformation.getSha256());
+            System.out.println("Verbose Msg :\t" + scanInformation.getVerboseMessage());
+            System.out.println("Response Code :\t" + scanInformation.getResponseCode());
+            System.out.println("done.");
+        } catch (APIKeyNotFoundException ex) {
+            System.err.println("API Key not found! " + ex.getMessage());
+        } catch (UnsupportedEncodingException ex) {
+            System.err.println("Unsupported Encoding Format!" + ex.getMessage());
+        } catch (UnauthorizedAccessException ex) {
+            System.err.println("Invalid API Key " + ex.getMessage());
+        } catch (Exception ex) {
+            System.err.println("Something Bad Happened! " + ex.getMessage());
+        }
+    }
+
+
+
+    public String getFileScanReport() {
+        try {
+            VirusTotalConfig.getConfigInstance().setVirusTotalAPIKey("APIKEY");
+            VirustotalPublicV2 virusTotalRef = new VirustotalPublicV2Impl();
+
+            String resource=(HelperUtils.getFileMD5());
+            FileScanReport report = virusTotalRef.getScanReport(resource);
+
+            System.out.println("MD5 :\t" + report.getMd5());
+            System.out.println("Perma link :\t" + report.getPermalink());
+            System.out.println("Resourve :\t" + report.getResource());
+            System.out.println("Scan Date :\t" + report.getScanDate());
+            System.out.println("Scan Id :\t" + report.getScanId());
+            System.out.println("SHA1 :\t" + report.getSha1());
+            System.out.println("SHA256 :\t" + report.getSha256());
+            System.out.println("Verbose Msg :\t" + report.getVerboseMessage());
+            System.out.println("Response Code :\t" + report.getResponseCode());
+            System.out.println("Positives :\t" + report.getPositives());
+            System.out.println("Total :\t" + report.getTotal());
+
+            HashMap<String, VirusScanInfo> scans = (HashMap<String, VirusScanInfo>) report.getScans();
+            for (String key : scans.keySet()) {
+                VirusScanInfo virusInfo = scans.get(key);
+                System.out.println("Scanner : " + key);
+                System.out.println("\t\t Result : " + virusInfo.getResult());
+                System.out.println("\t\t Update : " + virusInfo.getUpdate());
+                System.out.println("\t\t Version :" + virusInfo.getVersion());
+                result = virusInfo.getResult();
+                scanner = key;
+            }
+
+        } catch (APIKeyNotFoundException ex) {
+            System.err.println("API Key not found! " + ex.getMessage());
+        } catch (UnsupportedEncodingException ex) {
+            System.err.println("Unsupported Encoding Format!" + ex.getMessage());
+        } catch (UnauthorizedAccessException ex) {
+            System.err.println("Invalid API Key " + ex.getMessage());
+        } catch (Exception ex) {
+            System.err.println("Something Bad Happened! " + ex.getMessage());
+        }
+        return result;
+    }
+
+
+
+
+
+}