Skip to content

WIP: Implement trackers #455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

WIP: Implement trackers #455

wants to merge 3 commits into from

Conversation

AbhiTheModder
Copy link
Contributor

@AbhiTheModder AbhiTheModder commented May 29, 2025
edited
Loading

  • generated from exodus
  • via below script:
import os
import re

import requests


def gen_rule():
    """Generate YARA rules from Exodus API."""

    url = "https://reports.exodus-privacy.eu.org/api/trackers"
    response = requests.get(url)
    data = response.json()

    trackers = data.get("trackers")

    for _, info in trackers.items():
        code_signature = info.get("code_signature")
        network_signature = info.get("network_signature")
        if network_signature == "\\.facebook\\.com":
            network_signature = ""
        if info.get("name") == "Google Ads":
            network_signature = ""
            code_signature = "com.google.android.gms.ads.identifier"
        code_signature = code_signature.replace(".", "\\.").replace("/", r"\\")
        network_signature = network_signature.replace("/", r"\\")
        code_signature2 = code_signature.replace(".", "/")
        if not code_signature and not network_signature:
            continue
        rule_name = re.sub(
            r"[^a-zA-Z]", "_", info.get("name").strip().replace(" ", "_")
        ).replace("__", "_")
        if rule_name.endswith("_"):
            rule_name = rule_name[:-1]
        rule_name = rule_name.lower()

        yara_rules = {
            "dex": f"""
rule {rule_name} : tracker
{{
    meta:
        description = "{info.get("name").replace("Google", "G.").replace("Facebook", "FB.").replace("Notifications", "Notifs")}"
        author      = "Abhi"
        url         = "{info.get("website")}"
    strings:
""",
            "apk": f"""
rule {rule_name} : tracker
{{
    meta:
        description = "{info.get("name").replace("Google", "G.").replace("Facebook", "FB.").replace("Notifications", "Notifs")}"
        author      = "Abhi"
        url         = "{info.get("website")}"
    strings:
""",
            "elf": f"""
rule {rule_name} : tracker
{{
    meta:
        description = "{info.get("name").replace("Google", "G.").replace("Facebook", "FB.").replace("Notifications", "Notifs")}"
        author      = "Abhi"
        url         = "{info.get("website")}"
    strings:
""",
        }

        if code_signature:
            yara_rules["dex"] += f"        $code_signature    = /{code_signature}/"
            yara_rules["apk"] += f"        $code_signature    = /{code_signature}/"
            yara_rules["elf"] += f"        $code_signature    = /{code_signature}/"
        if network_signature:
            yara_rules["dex"] += f"\n        $network_signature = /{network_signature}/"
            yara_rules["apk"] += f"\n        $network_signature = /{network_signature}/"
            yara_rules["elf"] += f"\n        $network_signature = /{network_signature}/"
        if code_signature2:
            yara_rules["dex"] += f"\n        $code_signature2   = /{code_signature2}/"
            yara_rules["apk"] += f"\n        $code_signature2   = /{code_signature2}/"
            yara_rules["elf"] += f"\n        $code_signature2   = /{code_signature2}/"

        yara_rules["dex"] += """
    condition:
        is_dex and any of them
}
"""
        yara_rules["apk"] += """
    condition:
        is_apk and any of them
}
"""
        yara_rules["elf"] += """
    condition:
        is_elf and any of them
}
"""

        for file_type, yara_rule in yara_rules.items():
            existing_rules = ""
            if not os.path.exists(f"apkid/rules/{file_type}/trackers.yara"):
                with open(f"apkid/rules/{file_type}/trackers.yara", "w") as f:
                    f.write('include "common.yara"\n')
            if os.path.exists(f"apkid/rules/{file_type}/trackers.yara"):
                with open(f"apkid/rules/{file_type}/trackers.yara", "r") as f:
                    existing_rules = f.read()
            if rule_name not in existing_rules:
                with open(f"apkid/rules/{file_type}/trackers.yara", "a") as f:
                    f.write(yara_rule)
            else:
                print(f"\rDuplicate rule name found: {rule_name}. Skipping.", end="")


gen_rule()
print()

P.S.: just some little leftovers & cleanup remaining.

@enovella enovella changed the title Implement trackers WIP: Implement trackers May 29, 2025
@AbhiTheModder
add rule gen script & update rule
14926f2 
* exclude `google.com` & `facebook.com` main domains
@AbhiTheModder
better to include in prep-release
73aae5f
@AbhiTheModder AbhiTheModder marked this pull request as ready for review May 31, 2025 05:42
@AbhiTheModder
Copy link
Contributor Author

-6186054895967259532_121

@AbhiTheModder AbhiTheModder marked this pull request as draft May 31, 2025 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AbhiTheModder