Open yoshimo opened 3 years ago
That's an interesting one indeed, good catch and thanks for reporting it to us!
We don't do any parsing on our side, we simply get the android version name and version code from https://github.com/androguard/androguard
May be worth creating an issue there if we can reproduce and see what are indeed the versionCode
and versionName
in the manifest of this app!
androguard axml reports
[INFO ] androguard.axml: Styles Offset given, but styleCount is zero. This is not a problem but could indicate packers.
[WARNING ] androguard.axml: Name 'android:versionName' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010572' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010573' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:minSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:targetSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:theme' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowClearUserData' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:contentDescription' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowBackup' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_0101057a' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:taskAffinity' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:launchMode' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:screenOrientation' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:configChanges' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.apk: XML Seems to be packed, operations on the AndroidManifest.xml might fail.
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="84500" versionName="@7F0C0011" UNKNOWN_SYSTEM_ATTRIBUTE_01010572="28" UNKNOWN_SYSTEM_ATTRIBUTE_01010573="9" package="securecomputing.devices.android.controller" platformBuildVersionCode="84500" platformBuildVersionName="@7F0C0011">
<uses-sdk minSdkVersion="21" targetSdkVersion="28"/>
<uses-permission name="android.permission.INTERNET"/>
<uses-permission name="android.permission.ACCESS_WIFI_STATE"/>
<application theme="@7F0D0006" label="@7F0C00AF" android:icon="@7F070068" allowClearUserData="false" contentDescription="" allowBackup="false" UNKNOWN_SYSTEM_ATTRIBUTE_0101057a="android.support.v4.app.CoreComponentFactory">
<activity label="@7F0C00AF" android:name=".AndroidToken" taskAffinity="" launchMode="2" screenOrientation="1" configChanges="0x00000020">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="com.safenet.mpsdk.core.AUTO_ENROLL_ACTION"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
</intent-filter>
</activity>
<activity android:name="com.safenet.tests.TestActivity"/>
</application>
</manifest>
The App is protected with dexguard, lots of unreadable nonascii names used and the control flow is also messed up. No wonder why the parsing breaks
Same problem on name app https://reports.exodus-privacy.eu.org/reports/com.umouse.clear/latest @7F0 (12 reports); @7F1 (6 reports)
With Safenets Mobile Pass App (securecomputing.devices.android.controller) i think the version parsing is off It started fine with 8.4.2.24 and then you only get versions like @7F0C0011 which do not match what is installed.
The recent 8.4.5 isn't shown as "scanned" but also won't show as recent when you ask exodus for a new report. Do we have a package parsing issue here? The "number" looks more like an offset or memory location of some kind