99#include < fstream>
1010#include < iostream>
1111#include < regex>
12+ #include < vector>
1213
1314// 呐呐~这个 `ADB_CONNECT`
1415// 呀,就像是一座神奇的桥梁,它能让我们的电脑和安卓设备手牵手呢 (✿◠‿◠)
@@ -515,4 +516,68 @@ void Model::DumpSysFromSpecificPackage(std::string PACKAGE_NAME) {
515516 system ((" adb shell dumpsys package "
516517 " > Datas/SysFromSpecificPackage/" " .log"
517518 .c_str ());
519+ }
520+
521+ void Model::RunApkTool (std::string APK_FILE) {
522+ std::string line;
523+ int line_num = 0 ;
524+
525+ std::string decompiled_dir = APK_FILE.substr (0 , APK_FILE.find_last_of (" ."
526+ std::string manifest_path = decompiled_dir + " /AndroidManifest.xml"
527+ std::string strings_path = decompiled_dir + " /res/values/strings.xml"
528+ std::string output_file = APK_FILE + " _敏感数据泄漏.log"
529+
530+ std::vector<std::string> keywords = {
531+ " token" " key" " firebase" " secret" " public"
532+ " aws" " api" " tencent" " auth"
533+ };
534+
535+ std::cout << " 🏗️ 正在解包 APK..."
536+ system ((" apktool d -f " " -o " c_str ());
537+
538+ std::cout << " 🔍 正在扫描敏感关键词..."
539+
540+ std::ofstream out (output_file);
541+ if (!out.is_open ()) {
542+ std::cerr << " ❌ 无法打开输出文件: "
543+ return ;
544+ }
545+
546+ auto scan_file = [&](const std::string& path) {
547+ std::ifstream in (path);
548+ if (!in.is_open ()) {
549+ std::cerr << " ⚠️ 无法打开文件: "
550+ return ;
551+ }
552+
553+ while (std::getline (in, line)) {
554+ ++line_num;
555+ for (const auto & kw : keywords) {
556+ if (line.find (kw) != std::string::npos) {
557+ out << " [文件: " " ] 第 "
558+ << " 行包含 [" " ]: " " \n "
559+ break ;
560+ }
561+ }
562+ }
563+
564+ in.close ();
565+ };
566+
567+ scan_file (manifest_path);
568+ scan_file (strings_path);
569+
570+ out.close ();
571+
572+ std::cout << " ✅ 扫描完成,结果已写入: "
573+ }
574+
575+ bool ContainsAny (const std::string& line,
576+ const std::vector<std::string>& keywords) {
577+ for (const auto & keyword : keywords) {
578+ if (line.find (keyword) != std::string::npos) {
579+ return true ;
580+ }
581+ }
582+ return false ;
518583}
0 commit comments