search

FrenchYeti / dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Apache License 2.0
1.04k stars 127 forks source link

Error after uploading APK #56

Open olihough86 opened 3 years ago

olihough86 commented 3 years ago

Hi

I'm getting the following error after uploading an apk to analyze. I'm afraid I'm not so knowledgeable on this I'm trying to follow a blog on reversing a malware sample https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/

I'm using the same sample as in the blog, though he mentions a couple of bugs, I see they have been patched now. I also get the same error with a more recent sample from today.

Any help here would be greatly appreciated

[INFO] [INSPECTOR MANAGER] Project[test], Step[POST_PLATFORM_SCAN] deploying inspectors : <none>
[INFO] Scanning default path : /home/user/dexcaliburWS/test/apk
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in [Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Vknow type : 
)(in Vknow type : 
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
 v0, Lcom/RNFetchBlob/RNFetchBlobReq$e;
TypeError: Cannot read property '1' of null
    at Object.setclass [as parse] (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:356:20)
    at Object.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:1041:15)
    at SmaliParser.instr (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:324:23)
    at SmaliParser.method (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:629:32)
    at SmaliParser.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:751:34)
    at Analyzer.file (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:800:30)
    at /home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:839:18
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:108:21)
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Analyzer.path (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:838:12)
[ERROR] ENGINE openProject() failed

best regards

FrenchYeti commented 3 years ago

hi,

Thank you for your issue.

This error occurs when malformed/unexpected tokens are encountered while Smali parsing. Such issues require a bit investigating from my side.

olihough86 commented 3 years ago

thanks for the swift response!

Here are links to both samples I mention

my sample - https://bazaar.abuse.ch/sample/d6d2b6de7856b8cb1dc803b7ea26cc7982d4f22b4cbd890c1dfe4faf14ed319d/ sample from blog - https://bazaar.abuse.ch/sample/acb38742fddfc3dcb511e5b0b2b2a2e4cef3d67cc6188b29aeb4475a717f5f95/

best regards