mspreitz / mobilesandbox Goto Github PK
View Code? Open in Web Editor NEWSource code and tools of the former Mobile-Sandbox
Home Page: https://www.mobilesandbox.org
mobilesandbox's People
Contributors
Stargazers
Watchers
mobilesandbox's Issues
Bug: UnicodeEncodeError
UnicodeEncodeError at /analyzer/show/
'ascii' codec can't encode characters in position 0-3: ordinal not in range(128)
Exception Location: classifier_report_loader.py in __process_single_item, line 135
Folgende APK hat dies verursacht:
https://transfer.sh/tGcBu/encoding.apk (Löscht sich innerhalb von 14 Tagen)
Fix remaining failure reasons from the timing sample set
Reasons from fails.txt to be fixed:
-
BadZipFile: File is not a zip file4/24andBadZipFile: Bad CRC-32 for file ...5/24(TODO: Maybe differentiate between them) -
struct.error: unpack requires a string argument of length10/24 -
UnicodeDecodeError5/24
View: Display Certificate Information correctly in Report
Enhancement: Batch upload multiple APKs (e.g. in a ZIP)
Uploading multiple APKs by hand APK for APK is really annoying.
Add Monkeyrunner to Cuckoo
In order to control the app and perform some random clicks, Monkeyrunner would come in handy.
DynamicAnalyzer: Display counter to indicate how long until finished
See title. Really annoying to not be able to know when the timeout or analysis is finished.
Missing check on classes.dex causes androguard to break on analysis
If the classes.dex file is missing in the sample, the following exception is thrown in the course of the analysis:
[1446E09EBD8002F29E795456FA6DB323F16972229A7050D68A04517F8F2EDCE6] Starting Static Analyzer
Traceback (most recent call last):
File "./daemon.py", line 115, in <module>
run(apkFile, workingDir)
File "/home/o/git/MobileSandbox/StaticAnalysis/StaticAnalyzer.py", line 632, in run
d = dvm.DalvikVMFormat(a.get_dex())
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 7567, in __init__
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 7573, in _load
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 391, in __init__
struct.error: unpack requires a string argument of length 8
I looked up all samples that have thrown this exception in my timing sample set, all appear to have a missing classes.dex file. I will now add a check for the file before the analysis can start.
TypeError in daemon.py
TypeError: 'NoneType' object is not iterable in daemon.py line 36
Bug: Androguard crashes when decompiling
search for dangerous calls...
Traceback (most recent call last):
File "daemon.py", line 76, in <module>
run(sample, tmpPath)
File "StaticAnalysis/StaticAnalyzer.py", line 840, in run
dangerousCalls = parseDumpFile(workingDir,logFile,d)
File "StaticAnalysis/StaticAnalyzer.py", line 264, in parseDumpFile
dumpMethods(d, workingDir)
File "StaticAnalysis/StaticAnalyzer.py", line 254, in dumpMethods
for i in byteCode.get_instructions():
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 6500, in get_instructions
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 6399, in get_instructions
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/dvm.py", line 6336, in get_extented_instruction
androguard.core.bytecodes.dvm.InvalidInstruction: Invalid Instruction for 0xfff:'\xff\x0f\xc3\x91'
Complete check on zipfile
[FBA16537D59EDF6C392F7EA439FB6E4FD5C6DE8B6A72F8806690714647068462] Starting Static Analyzer
Traceback (most recent call last):
File "./daemon.py", line 115, in <module>
run(apkFile, workingDir)
File "/home/o/git/MobileSandbox/StaticAnalysis/StaticAnalyzer.py", line 630, in run
a = apk.APK(sampleFile)
File "build/bdist.linux-x86_64/egg/androguard/core/bytecodes/apk.py", line 193, in __init__
File "/usr/lib/python2.7/zipfile.py", line 770, in __init__
self._RealGetContents()
File "/usr/lib/python2.7/zipfile.py", line 811, in _RealGetContents
raise BadZipfile, "File is not a zip file"
zipfile.BadZipfile: File is not a zip file
Q: Custom Templatetags in analyzer
In Backend/analyzer/templatetags sind custom Filter/Tags spezifiziert (array_filter.py). Jedoch sind die Voraussetzung, dass array_filter als gültige Tag Library gefunden wird, unter anderem die folgende: In INSTALLED_APPS muss die app analyzer gesetzt und ein Ordner templatetags mit __init__.py existieren.
@mkauschi Gibt es noch eine andere Konfiguration, dass das ohne setzen von analyzer in INSTALLED_APPS bei dir funktioniert oder benutzt du eine andere Django Version? Ich habe wegen der mongoDB und der nonrel Django versions Restriktion die folgende Version:
$ django-admin.py --version
1.5.11Die neueste Version ist 1.9.
Falls man analyzer als app in INSTALLED_APPS hinzufügt gibt es noch einige andere Fehler.
Deshalb ist der folgende Commit (Im Grunde genommen ein move templatetags von mobilesandbox Ordner zu analyzer Ordner) ist dafür da, dass der custom filter/tag bei mir ebenfalls funktioniert.
Email notification for registered users
After finishing the analysis of a sample, the user should receive a notification about the status
Anonymous upload does not check for existing files
When an anonymous user submits a sample which was already submitted before, the analyzer crashes because of existing file.
Note: Slow source extraction for some APKs
Some APKs do take several seconds to extract the source files (Static Analyzer does halt for several moment at output extracting source files...)
Example APK: https://transfer.sh/KlSEI/longdecompile.apk
Bug: Report prints error while daemons aren't finished
TypeError at /analyzer/show/
coercing to Unicode: need string or buffer, NoneType found
Request Method: GET
Request URL: http://localhost:8000/analyzer/show/?report=0e83ce90626977ccbc02d323da4b13635be42c7f0449c9373f81fd1e9cd68033
Django Version: 1.8
Exception Type: TypeError
Exception Value:
coercing to Unicode: need string or buffer, NoneType found
Exception Location: Backend/analyzer/views.py in loadResults, line 313
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.