Merge pull request #137 from talsec/release/6.8.0

freeRASP 6.8.0

Author: msikyna

CHANGELOG.md

@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.8.0] - 2024-10-01
+- Android SDK version: 12.0.0
+- iOS SDK version: 6.6.3
+
+### Flutter
+
+#### Added
+- New feature: Malware detection as a new callback for enhanced app security
+
+### Android
+
+#### Changed
+- Internal refactoring of Malware detection feature
+
+#### Fixed
+- Refactoring Magisk checks in the root detection
+- Resolving IllegalArgumentException caused by unregistering not registered receiver in TalsecMonitoringReceiver
+
+### iOS
+
+#### Added
+
+- Enhanced security with **[Serotonin Jailbreak](https://github.com/SerotoninApp/Serotonin) Detection** to identify compromised devices.
+
+#### Changed
+
+- Updated SDK code signing; it will now be signed with:
+  - Team ID: PBDDS45LQS
+  - Team Name: Lynx SFT s.r.o.
+
 ## [6.7.3] - 2024-10-28
 - Android SDK version: 11.1.3
 - iOS SDK version: 6.6.1

analysis_options.yaml

@@ -1 +1,5 @@
-include: package:very_good_analysis/analysis_options.3.1.0.yaml
+include: package:very_good_analysis/analysis_options.yaml
+
+analyzer:
+  exclude:
+    - '**/*.g.dart'

android/build.gradle

@@ -3,7 +3,7 @@ version '1.0-SNAPSHOT'
 
 buildscript {
     ext.kotlin_version = '1.7.20'
-    ext.talsec_version = '11.1.3'
+    ext.talsec_version = '12.0.0'
     repositories {
         google()
         mavenCentral()

android/src/main/kotlin/com/aheaditec/freerasp/Extensions.kt

@@ -1,6 +1,12 @@
 package com.aheaditec.freerasp
 
+import android.content.Context
+import android.content.pm.PackageInfo
+import android.os.Build
+import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import io.flutter.plugin.common.MethodChannel
+import com.aheaditec.freerasp.generated.PackageInfo as FlutterPackageInfo
+import com.aheaditec.freerasp.generated.SuspiciousAppInfo as FlutterSuspiciousAppInfo
 
 /**
  * Executes the provided block of code and catches any exceptions thrown by it, returning the
@@ -17,3 +23,49 @@ internal inline fun runResultCatching(result: MethodChannel.Result, block: () ->
         result.error(err::class.java.name, err.message, null)
     }
 }
+
+/**
+ * Converts a [SuspiciousAppInfo] instance to a [com.aheaditec.freerasp.generated.SuspiciousAppInfo]
+ * instance used by Pigeon package for Flutter.
+ *
+ * @return A new [com.aheaditec.freerasp.generated.SuspiciousAppInfo] object with information from
+ * this [SuspiciousAppInfo].
+ */
+internal fun SuspiciousAppInfo.toPigeon(context: Context): FlutterSuspiciousAppInfo {
+    return FlutterSuspiciousAppInfo(this.packageInfo.toPigeon(context), this.reason)
+}
+
+/**
+ * Converts a [PackageInfo] instance to a [com.aheaditec.freerasp.generated.PackageInfo] instance
+ * used by Pigeon package for Flutter.
+ *
+ * @return A new [com.aheaditec.freerasp.generated.PackageInfo] object with information from
+ * this [PackageInfo].
+ */
+private fun PackageInfo.toPigeon(context: Context): FlutterPackageInfo {
+    return FlutterPackageInfo(
+        packageName = packageName,
+        appName = applicationInfo?.let {
+            context.packageManager.getApplicationLabel(it) as String
+        },
+        version = getVersionString(),
+        appIcon = Utils.parseIconBase64(context, packageName),
+        installationSource = Utils.getInstallerPackageName(context, packageName),
+    )
+}
+
+/**
+ * Retrieves the version string of the package.
+ *
+ * For devices running on Android P (API 28) and above, this method returns the `longVersionCode`.
+ * For older versions, it returns the `versionCode` (deprecated).
+ *
+ * @return A string representation of the version code.
+ */
+internal fun PackageInfo.getVersionString(): String {
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+        return longVersionCode.toString()
+    }
+    @Suppress("DEPRECATION")
+    return versionCode.toString()
+}

android/src/main/kotlin/com/aheaditec/freerasp/FreeraspPlugin.kt

@@ -17,6 +17,7 @@ import io.flutter.embedding.engine.plugins.lifecycle.FlutterLifecycleAdapter
 class FreeraspPlugin : FlutterPlugin, ActivityAware, LifecycleEventObserver {
     private var streamHandler: StreamHandler = StreamHandler()
     private var methodCallHandler: MethodCallHandler = MethodCallHandler()
+
     private var context: Context? = null
     private var lifecycle: Lifecycle? = null
 

android/src/main/kotlin/com/aheaditec/freerasp/Utils.kt

@@ -0,0 +1,176 @@
+package com.aheaditec.freerasp
+
+import android.content.Context
+import android.graphics.Bitmap
+import android.graphics.Canvas
+import android.graphics.drawable.BitmapDrawable
+import android.graphics.drawable.Drawable
+import android.os.Build
+import android.util.Base64
+import com.aheaditec.talsec_security.security.api.TalsecConfig
+import org.json.JSONArray
+import org.json.JSONException
+import org.json.JSONObject
+import java.io.ByteArrayOutputStream
+
+internal object Utils {
+    @Suppress("ArrayInDataClass")
+    data class MalwareConfig(
+        val blacklistedPackageNames: Array<String>,
+        val blacklistedHashes: Array<String>,
+        val suspiciousPermissions: Array<Array<String>>,
+        val whitelistedInstallationSources: Array<String>
+    )
+
+    fun toTalsecConfigThrowing(configJson: String?): TalsecConfig {
+        if (configJson == null) {
+            throw JSONException("Configuration is null")
+        }
+
+        val json = JSONObject(configJson)
+
+        val watcherMail = json.getString("watcherMail")
+        val isProd = json.getBoolean("isProd")
+        val androidConfig = json.getJSONObject("androidConfig")
+        val packageName = androidConfig.getString("packageName")
+        val certificateHashes = androidConfig.extractArray<String>("signingCertHashes")
+        val alternativeStores = androidConfig.extractArray<String>("supportedStores")
+        val malwareConfig = parseMalwareConfig(androidConfig)
+
+        return TalsecConfig.Builder(packageName, certificateHashes)
+            .watcherMail(watcherMail)
+            .supportedAlternativeStores(alternativeStores)
+            .prod(isProd)
+            .blacklistedPackageNames(malwareConfig.blacklistedPackageNames)
+            .blacklistedHashes(malwareConfig.blacklistedHashes)
+            .suspiciousPermissions(malwareConfig.suspiciousPermissions)
+            .whitelistedInstallationSources(malwareConfig.whitelistedInstallationSources)
+            .build()
+    }
+
+    private fun parseMalwareConfig(androidConfig: JSONObject): MalwareConfig {
+        if (!androidConfig.has("malwareConfig")) {
+            return MalwareConfig(emptyArray(), emptyArray(), emptyArray(), emptyArray())
+        }
+
+        val malwareConfig = androidConfig.getJSONObject("malwareConfig")
+
+        return MalwareConfig(
+            malwareConfig.extractArray("blacklistedPackageNames"),
+            malwareConfig.extractArray("blacklistedHashes"),
+            malwareConfig.extractArray<Array<String>>("suspiciousPermissions"),
+            malwareConfig.extractArray("whitelistedInstallationSources")
+        )
+    }
+
+
+    /**
+     * Retrieves the package name of the installer for a given app package.
+     *
+     * @param context The context of the application.
+     * @param packageName The package name of the app whose installer package name is to be retrieved.
+     * @return The package name of the installer if available, or `null` if not.
+     */
+    fun getInstallerPackageName(context: Context, packageName: String): String? {
+        runCatching {
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R)
+                return context.packageManager.getInstallSourceInfo(packageName).installingPackageName
+            @Suppress("DEPRECATION")
+            return context.packageManager.getInstallerPackageName(packageName)
+        }
+        return null
+    }
+
+    /**
+     * Converts the application icon of the specified package into a Base64 encoded string.
+     *
+     * @param context The context of the application.
+     * @param packageName The package name of the app whose icon is to be converted.
+     * @return A Base64 encoded string representing the app icon.
+     */
+    fun parseIconBase64(context: Context, packageName: String): String? {
+        val result = runCatching {
+            val drawable = context.packageManager.getApplicationIcon(packageName)
+            val bitmap = drawable.toBitmap()
+            bitmap.toBase64()
+        }
+
+        return result.getOrNull()
+    }
+
+    /**
+     * Creates a Bitmap from a Drawable object.
+     *
+     * @param drawable The Drawable to be converted.
+     * @return A Bitmap representing the drawable.
+     */
+    private fun createBitmapFromDrawable(drawable: Drawable): Bitmap {
+        val width = if (drawable.intrinsicWidth > 0) drawable.intrinsicWidth else 1
+        val height = if (drawable.intrinsicHeight > 0) drawable.intrinsicHeight else 1
+        val bitmap = Bitmap.createBitmap(width, height, Bitmap.Config.ARGB_8888)
+        val canvas = Canvas(bitmap)
+
+        drawable.setBounds(0, 0, canvas.width, canvas.height)
+        drawable.draw(canvas)
+
+        return bitmap
+    }
+
+    /**
+     * Converts a Drawable into a Bitmap.
+     *
+     * @receiver The Drawable to be converted.
+     * @return A Bitmap representing the drawable.
+     */
+    private fun Drawable.toBitmap(): Bitmap {
+        return when (this) {
+            is BitmapDrawable -> bitmap
+            else -> createBitmapFromDrawable(this)
+        }
+    }
+
+    /**
+     * Converts a Bitmap into a Base64 encoded string.
+     *
+     * @receiver The Bitmap to be converted.
+     * @return A Base64 encoded string representing the bitmap.
+     */
+    private fun Bitmap.toBase64(): String {
+        val byteArrayOutputStream = ByteArrayOutputStream()
+        compress(Bitmap.CompressFormat.PNG, 10, byteArrayOutputStream)
+        val byteArray = byteArrayOutputStream.toByteArray()
+        return Base64.encodeToString(byteArray, Base64.NO_WRAP)
+    }
+}
+
+private inline fun <reified T> JSONObject.extractArray(key: String): Array<T> {
+    return this.optJSONArray(key)?.let { processArray(it) } ?: emptyArray()
+}
+
+private inline fun <reified T> processArray(jsonArray: JSONArray): Array<T> {
+    val list = mutableListOf<T>()
+
+    for (i in 0 until jsonArray.length()) {
+        val element: T = when (T::class) {
+            String::class -> jsonArray.getString(i) as T
+            Int::class -> jsonArray.getInt(i) as T
+            Double::class -> jsonArray.getDouble(i) as T
+            Boolean::class -> jsonArray.getBoolean(i) as T
+            Long::class -> jsonArray.getLong(i) as T
+            Array<String>::class -> {
+                // Not universal or ideal solution, but should work for our use case
+                val nestedArray = jsonArray.getJSONArray(i)
+                val nestedList = mutableListOf<String>()
+                for (j in 0 until nestedArray.length()) {
+                    nestedList.add(nestedArray.getString(j))
+                }
+                nestedList.toTypedArray() as T
+            }
+
+            else -> throw JSONException("Unsupported type")
+        }
+        list.add(element)
+    }
+
+    return list.toTypedArray()
+}