Open jaykijay opened 2 years ago
Bug description
APKID not working after latest update because Yara rules seem to be incompatible
Steps to reproduce
Install apkid Run it
Actual result:
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io Traceback (most recent call last): File "/usr/bin/apkid", line 33, in <module> sys.exit(load_entry_point('apkid==2.1.1', 'console_scripts', 'apkid')()) File "/usr/lib/python3.10/site-packages/apkid/main.py", line 90, in main rules = options.rules_manager.load() File "/usr/lib/python3.10/site-packages/apkid/rules.py", line 46, in load self.rules = yara.load(self.rules_path) yara.Error: rules file "/usr/lib/python3.10/site-packages/apkid/rules/rules.yarc" is incompatible with this version of YARA
Expected result: Describe here what should happen after you run the steps above (i.e. what would be the correct behaviour) Should work? :D
Info for developers
GNU/Linux distribution: Manjaro (unstable) + Blackarch Repos Tool version: APKID 2.1.1, yara-rednaga
Link to debug log
This bug was affects to all packages that depended on, for example MobSF. And I try to build manually but can't help. Any solution?
I'm not sure, but I believe MobSF is using now a dependency called yara-python-dex
and not yara-rednaga
.
Should I try to update the MobSF PKGBUILD to use yara-python-dex
and then try and see if that, solves the issue ?
Should I try to update the MobSF PKGBUILD to use
yara-python-dex
and then try and see if that, solves the issue ?
Would be great if you could try it out. Thank you
I gave it a try, but it's unrelated, I'm not sure what's going on, MobSF is using apkid
, and apkid
is failing, thus the issue is not with MobSF directly but with apkid
, I don't know why the rules.yarc
does not get recomputed or updated, I think something changed upstream for apkid
, I'll try to open an issue and link it here.
A fix may be provided soon by APKiD's maintainers, an update could be needed on the BlackArch repos in order to take into account the fix.
I've fixed the issue with the help of an APKiD contributor, using yara-python-dex
was the proper fix, not sure what went wrong, when I tried it, but it fixed the issue I'm having about rules being not compatible, a PR needs to land in BlackArch to add the new python-yara-dex
as well as updating the apkid
PKGBUILD, I'll probably open those by next week.
logs:
[ERROR] 13/Dec/2022 13:44:01 - Error Performing Static Analysis
Traceback (most recent call last):
File "/usr/share/mobsf/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 200, in static_analyzer
apkid_results = apkid_analysis(app_dic[
File "/usr/share/mobsf/mobsf/MalwareAnalyzer/views/apkid.py", line 41, in apkid_analysis
rules = options.rules_manager.load()
File "/usr/lib/python3.10/site-packages/apkid/rules.py", line 46, in load
self.rules = yara.load(self.rules_path)
yara.Error: rules file "/usr/lib/python3.10/site-packages/apkid/rules/rules.yarc" is incompatible with this version of YARA
[ERROR] 13/Dec/2022 13:44:01 - rules file "/usr/lib/python3.10/site-packages/apkid/rules/rules.yarc" is incompatible with this version of YARA
[ERROR] 13/Dec/2022 13:44:01 - Internal Server Error: /static_analyzer/
webui:
I've fixed the issue with the help of an APKiD contributor, using
yara-python-dex
was the proper fix, not sure what went wrong, when I tried it, but it fixed the issue I'm having about rules being not compatible, a PR needs to land in BlackArch to add the newpython-yara-dex
as well as updating theapkid
PKGBUILD, I'll probably open those by next week.
Yes, as mentioned in https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1998, python-yara-dex
Bug description
APKID not working after latest update because Yara rules seem to be incompatible
Steps to reproduce
Install apkid Run it
Actual result:
Expected result: Describe here what should happen after you run the steps above (i.e. what would be the correct behaviour) Should work? :D
Info for developers
GNU/Linux distribution: Manjaro (unstable) + Blackarch Repos Tool version: APKID 2.1.1, yara-rednaga
Link to debug log