dex_extractor.py

import re

METHOD_DESCRIPTION_GROUP = 'method_description'
URL_GROUP = 'url'

java_identifier_pattern = r'[_$a-zA-Z0-9][_$a-zA-Z0-9]*'
smali_object_type_pattern = 'L(?:' + java_identifier_pattern + '/)+' + java_identifier_pattern + ';'
smali_primit_type_pattern = r'[IZBSCJFD]'
smali_array_pattern = '\[+(?:' + smali_object_type_pattern + '|' + smali_primit_type_pattern + ')'
smali_args_pattern = smali_object_type_pattern + '|' + smali_primit_type_pattern + '|' + smali_array_pattern
smali_return_value_pattern = smali_args_pattern + '|V'
methode_name_pattern = '(?:'+java_identifier_pattern+'|<init>)'


method_call_pattern = r'(?P<method_description>' + smali_object_type_pattern + '->' + methode_name_pattern + ')\((?:' + smali_args_pattern + ')*\)(?:' + smali_return_value_pattern + ')'
method_call_regex = re.compile(method_call_pattern)

url_pattern = r'const-string v\d+, "(?P<url>(((https?|ftp)://)|(www\.))(\w+\.)+\w+((/\w+)*(/.*)?)?(:\d+)?)"'
url_regex = re.compile(url_pattern)


def extract_api_call(line: str) -> str:
    api_call = method_call_regex.search(line)
    if api_call:
        return api_call.group()
    return None


def extract_methode_path(line: str) -> str:
    api_call = method_call_regex.search(line)
    if api_call:
        return api_call.group(METHOD_DESCRIPTION_GROUP)


def extract_url(line: str) -> str:
    url = url_regex.search(line)
    if url:
        return url.group(URL_GROUP)
    return None