Problem description:
====================
I tried to decompile the source code of a Malware called Trojan.AndroidOS.SMForw
MD5 of DEX is 2e2790287cdbca1b681d825c4a96dfe8
The following class yielded an error (see error report below):
Lcom/android/systemsetting/a/c;
I'm expecting to see the decompiled source code, instead I get an error that
points to DAD:
In [4]: d.CLASS_Lcom_android_systemsetting_a_c.source()
---------------------------------------------------------------------------
AttributeError Traceback (most recent call last)
/home/elias/androguard/androlyze.py in <module>()
----> 1 d.CLASS_Lcom_android_systemsetting_a_c.source()
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in source(self)
3385 :rtype: string
3386 """
-> 3387 self.__CM.decompiler_ob.display_all(self)
3388
3389 def get_source(self):
/home/elias/androguard/androguard/decompiler/decompiler.pyc in
display_all(self, _class)
494
495 def display_all(self, _class):
--> 496 result = self.get_source_class(_class)
497
498 if PYGMENTS:
/home/elias/androguard/androguard/decompiler/decompiler.pyc in
get_source_class(self, _class)
487 def get_source_class(self, _class):
488 c = decompile.DvClass(_class, self.vmx)
--> 489 c.process()
490
491 result = c.get_source()
/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in process(self)
195 klass.process()
196 for meth in self.methods:
--> 197 self.process_method(meth)
198
199 def get_source(self):
/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in
process_method(self, num)
184 method.set_instructions([i for i in method.get_instructions()])
185 meth = methods[num] = DvMethod(self.vma.get_method(method))
--> 186 meth.process()
187 method.set_instructions([])
188 else:
/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in process(self)
114
115 idoms = graph.immediate_dominators()
--> 116 identify_structures(graph, idoms)
117
118 if not __debug__:
/home/elias/androguard/androguard/decompiler/dad/control_flow.pyc in
identify_structures(graph, idoms)
356 node_map = {}
357
--> 358 short_circuit_struct(graph, idoms, node_map)
359 update_dom(idoms, node_map)
360
/home/elias/androguard/androguard/decompiler/dad/control_flow.pyc in
short_circuit_struct(graph, idom, node_map)
286 if node in (then, els):
287 continue
--> 288 if then.type.is_cond and len(graph.preds(then)) == 1:
289 if then.false is els: # node && t
290 change = True
AttributeError: 'NoneType' object has no attribute 'type'
What version of the product are you using? On what operating system?
Androguard ver.: 1.9,
================================
Androlyze ver: 2.0,
(the latest as of 23.07.2014)
=================================
PRETTY_NAME="Kali GNU/Linux 1.0"
NAME="Kali GNU/Linux"
ID=kali
VERSION="1.0"
VERSION_ID="1.0"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"
I attached the DEX sample to this ticket.
Password: "infected" (without the quotations)
Original issue reported on code.google.com by tibiel...@gmail.com on 23 Jul 2014 at 11:29
Original issue reported on code.google.com by
tibiel...@gmail.comon 23 Jul 2014 at 11:29Attachments: