search

Exodus-Privacy / exodus

Platform to audit trackers used by Android application
https://reports.exodus-privacy.eu.org/
GNU Affero General Public License v3.0
628 stars 62 forks source link

Weird Versions with MobilePass #449

Open yoshimo opened 3 years ago

yoshimo commented 3 years ago

With Safenets Mobile Pass App (securecomputing.devices.android.controller) i think the version parsing is off It started fine with 8.4.2.24 and then you only get versions like @7F0C0011 which do not match what is installed.

The recent 8.4.5 isn't shown as "scanned" but also won't show as recent when you ask exodus for a new report. Do we have a package parsing issue here? The "number" looks more like an offset or memory location of some kind

pnu-s commented 3 years ago

That's an interesting one indeed, good catch and thanks for reporting it to us!

We don't do any parsing on our side, we simply get the android version name and version code from https://github.com/androguard/androguard

May be worth creating an issue there if we can reproduce and see what are indeed the versionCode and versionName in the manifest of this app!

yoshimo commented 3 years ago

androguard axml reports


[INFO    ] androguard.axml: Styles Offset given, but styleCount is zero. This is not a problem but could indicate packers.
[WARNING ] androguard.axml: Name 'android:versionName' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010572' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010573' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:minSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:targetSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:theme' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowClearUserData' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:contentDescription' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowBackup' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_0101057a' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:taskAffinity' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:launchMode' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:screenOrientation' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:configChanges' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.apk: XML Seems to be packed, operations on the AndroidManifest.xml might fail.
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="84500" versionName="@7F0C0011" UNKNOWN_SYSTEM_ATTRIBUTE_01010572="28" UNKNOWN_SYSTEM_ATTRIBUTE_01010573="9" package="securecomputing.devices.android.controller" platformBuildVersionCode="84500" platformBuildVersionName="@7F0C0011">
  <uses-sdk minSdkVersion="21" targetSdkVersion="28"/>
  <uses-permission name="android.permission.INTERNET"/>
  <uses-permission name="android.permission.ACCESS_WIFI_STATE"/>
  <application theme="@7F0D0006" label="@7F0C00AF" android:icon="@7F070068" allowClearUserData="false" contentDescription="" allowBackup="false" UNKNOWN_SYSTEM_ATTRIBUTE_0101057a="android.support.v4.app.CoreComponentFactory">
    <activity label="@7F0C00AF" android:name=".AndroidToken" taskAffinity="" launchMode="2" screenOrientation="1" configChanges="0x00000020">
      <intent-filter>
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
      </intent-filter>
      <intent-filter>
        <action android:name="com.safenet.mpsdk.core.AUTO_ENROLL_ACTION"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
      </intent-filter>
    </activity>
    <activity android:name="com.safenet.tests.TestActivity"/>
  </application>
</manifest>
yoshimo commented 3 years ago

The App is protected with dexguard, lots of unreadable nonascii names used and the control flow is also messed up. No wonder why the parsing breaks

Jean-BaptisteC commented 2 years ago

Same problem on name app https://reports.exodus-privacy.eu.org/reports/com.umouse.clear/latest @7F0 (12 reports); @7F1 (6 reports)